<?php
namespace app\server;

use app\model\Orders;
use app\model\ThirdMobileLogs;
use http\Client;
use support\Log;
use support\Redis;
use think\Exception;

/**
 * 抖音接口
 */
class DyApiService {
    // 生成 client_token
    CONST CLIENT_TOKEN = '/oauth/client_token/';
    // 确认接单
    CONST ORDER_CONFIRM = '/goodlife/v1/trip/trade/travelagency/order/confirm/';
    // 订单POI信息查询接口
    CONST POI_QUERY = '/goodlife/v1/trip/trade/travelagency/order/poi/query/';

    // redis key
    CONST DY_TOKEN_KEY = 'dy_client_key';
    // 请求地址
    private $host;
    private $app_id;
    // 加密密钥
    private $app_secret;

    /**
     * 构造函数.
     */
    public function __construct() {
        $this->host = env('DY_API_URL');
        $this->app_id = env('DY_APPID');
        $this->app_secret = env('DY_APPSECRET');
    }

    /**
     * @param       $url
     * @param array $data
     * @param array $extra
     * @return array
     * @throws \GuzzleHttp\Exception\GuzzleException
     */
    public function send($url, array $data = [], $extra = []): array {
        $signData = [
            'Api-App-Key' => $this->app_id,
            'Api-Time-Stamp' => time() * 1000,
        ];
        // 组装请求数据
        $reqData = $data;

        // 请求头加上签名
        // $header['Api-Sign'] = $this->getSign($signData, $reqData);
        $header['access-token'] = $this->getAccessToken();
        if ($this->app_id == 'sandbox289') {
            $header['x-sandbox-token'] = 1;
        }

        return $this->request($url, $reqData, $header, $extra);
    }

    /**
     * 获取token
     * @return bool|mixed|string
     * @throws Exception
     * @throws \GuzzleHttp\Exception\GuzzleException
     */
    private function getAccessToken() {
        // 测试token
        if ($this->app_id == 'sandbox289') {
            return 'ka.F9tiX0EN5QB5plK43W22p3cDgji9O9ZTAigryyd1A7AlbDwTmDxEN0PwjfI9';
        }
        $key = self::DY_TOKEN_KEY;
        if ($token = Redis::get($key)) {
            return $token;
        }

        $reqData = [
            'client_key' => $this->app_id,
            'client_secret' => $this->app_secret,
            'grant_type' => 'client_credential',
        ];
        $res = $this->request(self::CLIENT_TOKEN, $reqData);
        if (!$res['flag'] || !isset($res['data']['access_token'])) {
            throw new Exception('获取token失败');
        }
        Redis::setEx($key, $res['data']['expires_in'], $res['data']['access_token']);
        return $res['data']['access_token'];
    }

    /**
     * 获取签名
     */
    public function getSign($signData, $postData): string {
        // $signData = array_merge($signData, $postData);
        $buff = "";
        ksort($signData);
        // 将key和value按照顺序直接拼接到一起
        foreach ($signData as $k => $v){
            if (!empty($v)) {
                if (is_array($v)) {
                    $v = json_encode(ksort($v), JSON_UNESCAPED_UNICODE);
                }
                $buff .= $k . $v;
            }
        }

        // 签名步骤三:在上一步的结果后直接拼secretKey
        $str = $buff . $this->app_secret;
        // 在上一步结果后直接拼接,经过去除空白字符(\s)的HTTP Body原始字符串
        $str .= preg_replace('/\s+/', '', json_encode($postData));
        // 对上一步结果进行sha1加密,得到16进制字符串
        $str = sha1($str);
        // 对上一步结果进行md5加密,得到16进制字符串
        // 将上一步结果转为大写
        return strtoupper(md5($str));
    }

    /**
     * @param string $url
     * @param array  $data
     * @param array  $header
     * @param array  $extra
     * @return array
     * @throws \GuzzleHttp\Exception\GuzzleException
     */
    private function request(string $url, array $data = [], $header = []): array {
        $client = new \GuzzleHttp\Client();
        try {
            $reqUrl = $this->host . $url;
            $header['Content-Type'] = 'application/json';
            $header['charset'] = 'UTF-8';
            $options['headers'] = $header;
            $options['json'] = $data;
            $method = 'POST';

            $response = $client->request($method, $reqUrl, $options);
            Log::info(sprintf('dy url:%s, req:%s, response:%s', $reqUrl, json_encode($data), $response->getBody())) ;
            $result = ['code' => $response->getStatusCode(), 'body' => json_decode($response->getBody(), true, 512, JSON_BIGINT_AS_STRING)];
            if (isset($result['code']) && $result['code'] == 200) {
                if ($result['body']['data']['error_code'] == '0') {
                    return ['flag' => true, 'data' => $result['body']['data'] ?? [], 'message' => $result['body']['data']['description '] ?? ''];
                } else {
                    return ['flag' => false, 'data' => $result['body']['data'] ?? [], 'message' => $result['body']['data']['description '] ?? ''];
                }
            }

            return ['flag' => false, 'message' => $result['body']['data']['description'] ?? '', 'data' => []];
        } catch (\Exception $exception) {
            Log::info(sprintf('dy req fail:%s, req:%s,res:%s', $exception->getMessage(), $exception->getFile(), $exception->getLine())) ;
            return ['flag' => false, 'message' => $exception->getMessage(), 'data' => []];
        }
    }

    /**
    1.根据ClientKev找到ClientSecret,将ClientSecret向左右使用字符补齐32位/裁剪至32位,补齐:补位字符:#,先补左侧再补右侧再补左侧………直到补满32位。
    裁剪:先裁剪左侧再裁右侧再裁左侧………直到剩余32位。(正常不需要补齐,secret默认为32位,此举是为了
    以防万一)
    2.将ClientSecret作为Key,右侧16位为向量IV
    3.将密文进行base64解码。
    4.使用AES-256-CBC模式解密解码后的密文,对齐使用PKCS5Padding方式
     * @param $cipherText
     * @param $clientSecret
     * @return false|string
     */
    public function decrypt($cipherText, $clientSecret) {
        Log::info('$cipherText:' . $cipherText);
        // 补齐或裁剪 ClientSecret 为 32 位
        $clientSecret = $this->padOrTruncate($clientSecret);
        Log::info('$cipherText step 2:' . $clientSecret);

        // 使用 ClientSecret 作为密钥
        $key = $clientSecret;

        // 右侧16位为初始化向量IV
        $iv = substr($key, 16, 16);

        // 将密文 base64 解码
        $cipherTextDecoded = base64_decode($cipherText);

        // 使用 AES-256-CBC 解密
        return openssl_decrypt($cipherTextDecoded, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
    }

    public function encrypt($cipherText, $clientSecret) {
        Log::info('$cipherText:' . $cipherText);
        // 补齐或裁剪 ClientSecret 为 32 位
        $clientSecret = $this->padOrTruncate($clientSecret);
        Log::info('$cipherText step 2:' . $clientSecret);

        // 使用 ClientSecret 作为密钥
        $key = $clientSecret;

        // 右侧16位为初始化向量IV
        $iv = substr($key, 16, 16);

        // 使用 AES-256-CBC 解密
        return base64_encode(openssl_encrypt($cipherText, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv));
    }

    /**
     * @param $clientSecret
     * @return false|string
     */
    private function padOrTruncate($clientSecret) {
        // 1. 如果 clientSecret 长度为32,直接返回
        if (strlen($clientSecret) == 32) {
            return $clientSecret;
        }

        // 2. 如果 length < 32,补齐至32位
        if (strlen($clientSecret) < 32) {
            // 补齐过程:先补左侧,再补右侧,再补左侧,直到长度为32
            $paddingChar = '#';
            $padded = $clientSecret;

            // 左侧补齐
            $left = true;
            while (strlen($padded) < 32) {
                if ($left) {
                    $padded = $paddingChar . $padded;
                    $left = false;
                } else {
                    $padded = $padded . $paddingChar;
                    $left = true;
                }
            }

            return substr($padded, 0, 32); // 确保返回32位
        }

        // 3. 如果 length > 32,裁剪至32位
        if (strlen($clientSecret) > 32) {
            // 裁剪过程:先裁左侧,再裁右侧,再裁左侧,直到长度为32
            $cropped = $clientSecret;

            // 左侧裁剪
            while (strlen($cropped) > 32) {
                $cropped = substr($cropped, 1);
            }

            // 右侧裁剪
            while (strlen($cropped) > 32) {
                $cropped = substr($cropped, 0, -1);
            }

            // 左侧裁剪(再一次)
            while (strlen($cropped) > 32) {
                $cropped = substr($cropped, 1);
            }

            return substr($cropped, 0, 32); // 确保返回32位
        }

        return $clientSecret;
    }
}