package service

import (
	"crypto/tls"
	"crypto/x509"
	cf "git.inspur.com/sbg-jszt/cfn/cfn-schedule/config"
	"git.inspur.com/sbg-jszt/cfn/cfn-schedule/pkg/utils"
	"github.com/minio/minio-go"
	"log"
	"net/http"
	"net/url"
	"os"
	"path/filepath"
	"time"
)

func GetPresignedUrl(bucketName, filename string, second int64) (u *url.URL, err error) {
	s3Client, err := getMinioClient()
	if err != nil {
		log.Println(err)
		return nil, err
	}
	reqParams := make(url.Values)
	reqParams.Set("response-content-disposition", "attachment; filename="+filename)
	presignedURL, err := s3Client.PresignedGetObject(bucketName, filename, time.Duration(second)*time.Second, reqParams)
	if err != nil {
		log.Println(err)
		return nil, err
	}
	return presignedURL, err
}

func PostPresignedUrl(bucketName, filename string, second int64) (formData map[string]string, err error) {
	policy := minio.NewPostPolicy()
	policy.SetBucket(bucketName)
	policy.SetKey(filename)
	policy.SetExpires(time.Now().UTC().Add(time.Duration(second) * time.Second))

	s3Client, err := getMinioClient()
	if err != nil {
		log.Println(err)
		return nil, err
	}

	presignedURL, formData, err := s3Client.PresignedPostPolicy(policy)
	if err != nil {
		log.Println(err)
		return nil, err
	}
	formData["upload-url"] = presignedURL.String()
	return formData, err
}

func PutPresignedUrl(bucketName, filename string, second int64) (data map[string]string, err error) {
	s3Client, err := getMinioClient()
	if err != nil {
		log.Println(err)
		return nil, err
	}
	presignedURL, err := s3Client.PresignedPutObject(bucketName, filename, time.Duration(second)*time.Second)
	if err != nil {
		log.Println(err)
		return nil, err
	}
	res := map[string]string{
		"bucketName":   bucketName,
		"presignedUrl": presignedURL.String(),
	}
	return res, err
}

func UploadFile(bucketName, objectName, filePath string) error {
	s3Client, err := getMinioClient()
	exists, _ := s3Client.BucketExists(bucketName)
	if !exists {
		err = s3Client.MakeBucket(bucketName, "beijing")
		if err != nil {
			log.Printf("创建存储桶 %s 失败", bucketName)
		}
	}
	n, err := s3Client.FPutObject(bucketName, objectName, filePath, minio.PutObjectOptions{ContentType: "application/zip"})
	if err != nil || n < 1 {
		log.Printf("上传文件失败 %v ", err)
		return err
	}
	return nil
}

func getMinioClient() (*minio.Client, error) {
	// 初始化证书池
	certPool := x509.NewCertPool()
	caCrt, err := os.ReadFile(filepath.Join(utils.GetRunPath(), "config/certs/minio.public.crt"))
	if err != nil {
		log.Fatalln("public.crt read error:", err)
	}
	certPool.AppendCertsFromPEM(caCrt)
	transport := &http.Transport{
		TLSClientConfig: &tls.Config{
			RootCAs: certPool, // 设置双向认证的证书
			// Certificates:       []tls.Certificate{clientCrt}, // 客户端证书，需要传递给服务端
			InsecureSkipVerify: true, // 是否验证服务端证书，True为不验证
		},
	}
	minioClient, err := minio.New(cf.Config.Minio.Endpoint, cf.Config.Minio.AccessKey, cf.Config.Minio.SecretAccessKey, true)
	if err != nil {
		log.Println(err)
		return nil, err
	}
	minioClient.SetCustomTransport(transport)
	return minioClient, nil
}