import logging
#zwz: Create your views here.
from urllib.parse import urlparse

#zwz: 导入Django核心模块、工具及项目内模块
from django.conf import settings
from django.contrib.auth import get_user_model, login
from django.core.exceptions import ObjectDoesNotExist
from django.db import transaction
from django.http import HttpResponseForbidden, HttpResponseRedirect
from django.shortcuts import get_object_or_404, render
from django.urls import reverse
from django.utils import timezone
from django.utils.translation import gettext_lazy as _
from django.views.generic import FormView

from djangoblog.blog_signals import oauth_user_login_signal
from djangoblog.utils import get_current_site, send_email, get_sha256
from oauth.forms import RequireEmailForm
from .models import OAuthUser
from .oauthmanager import get_manager_by_type, OAuthAccessTokenException

logger = logging.getLogger(__name__)  # 初始化日志记录器


#zwz: 处理重定向URL：过滤非法地址，返回安全的跳转路径
def get_redirecturl(request):
    nexturl = request.GET.get('next_url', None)
    #zwz: 无URL或为登录页时，默认跳首页
    if not nexturl or nexturl in ('/login/', '/login'):
        return '/'
    #zwz: 校验URL是否为本站地址，防止跨站跳转
    p = urlparse(nexturl)
    if p.netloc:
        site = get_current_site().domain
        if p.netloc.replace('www.', '') != site.replace('www.', ''):
            logger.info('非法url:' + nexturl)
            return "/"
    return nexturl


#zwz: 第三方登录入口：根据平台类型获取授权链接
def oauthlogin(request):
    type = request.GET.get('type', None)
    if not type:
        return HttpResponseRedirect('/')
    manager = get_manager_by_type(type)  # 获取对应平台的授权管理器
    if not manager:
        return HttpResponseRedirect('/')
    nexturl = get_redirecturl(request)
    authorizeurl = manager.get_authorization_url(nexturl)  # 生成授权链接
    return HttpResponseRedirect(authorizeurl)


#zwz: 授权回调处理：获取用户信息并绑定本地账号
def authorize(request):
    type = request.GET.get('type', None)
    if not type:
        return HttpResponseRedirect('/')
    manager = get_manager_by_type(type)
    if not manager:
        return HttpResponseRedirect('/')
    code = request.GET.get('code', None)
    #zwz: 通过授权码获取access_token
    try:
        rsp = manager.get_access_token_by_code(code)
    except OAuthAccessTokenException as e:
        logger.warning("OAuthAccessTokenException:" + str(e))
        return HttpResponseRedirect('/')
    except Exception as e:
        logger.error(e)
        rsp = None
    nexturl = get_redirecturl(request)
    if not rsp:
        return HttpResponseRedirect(manager.get_authorization_url(nexturl))
    #zwz: 获取第三方用户信息
    user = manager.get_oauth_userinfo()
    if user:
        #zwz: 补全默认昵称（防止空值）
        if not user.nickname or not user.nickname.strip():
            user.nickname = "djangoblog" + timezone.now().strftime('%y%m%d%I%M%S')
        #zwz: 存在旧记录则更新，否则创建新记录
        try:
            temp = OAuthUser.objects.get(type=type, openid=user.openid)
            temp.picture = user.picture
            temp.metadata = user.metadata
            temp.nickname = user.nickname
            user = temp
        except ObjectDoesNotExist:
            pass
        #zwz: Facebook的token过长，这里清空
        if type == 'facebook':
            user.token = ''
        #zwz: 有邮箱则直接绑定本地用户
        if user.email:
            with transaction.atomic():  # 事务保证数据一致性
                author = None
                try:
                    author = get_user_model().objects.get(id=user.author_id)
                except ObjectDoesNotExist:
                    pass
                if not author:
                    #zwz: 邮箱不存在则创建新用户
                    result = get_user_model().objects.get_or_create(email=user.email)
                    author = result[0]
                    if result[1]:
                        #zwz: 处理昵称重复
                        try:
                            get_user_model().objects.get(username=user.nickname)
                        except ObjectDoesNotExist:
                            author.username = user.nickname
                        else:
                            author.username = "djangoblog" + timezone.now().strftime('%y%m%d%I%M%S')
                        author.source = 'authorize'
                        author.save()
                #zwz: 关联用户并登录
                user.author = author
                user.save()
                oauth_user_login_signal.send(sender=authorize.__class__, id=user.id)
                login(request, author)
                return HttpResponseRedirect(nexturl)
        #zwz: 无邮箱则跳转到邮箱绑定页
        else:
            user.save()
            url = reverse('oauth:require_email', kwargs={'oauthid': user.id})
            return HttpResponseRedirect(url)
    else:
        return HttpResponseRedirect(nexturl)


#zwz: 邮箱验证：确认邮箱并完成绑定
def emailconfirm(request, id, sign):
    #zwz: 校验签名是否合法
    if not sign or get_sha256(settings.SECRET_KEY + str(id) + settings.SECRET_KEY).upper() != sign.upper():
        return HttpResponseForbidden()
    oauthuser = get_object_or_404(OAuthUser, pk=id)
    with transaction.atomic():
        #zwz: 关联或创建本地用户
        if oauthuser.author:
            author = get_user_model().objects.get(pk=oauthuser.author_id)
        else:
            result = get_user_model().objects.get_or_create(email=oauthuser.email)
            author = result[0]
            if result[1]:
                author.source = 'emailconfirm'
                author.username = oauthuser.nickname.strip() or "djangoblog" + timezone.now().strftime('%y%m%d%I%M%S')
                author.save()
        oauthuser.author = author
        oauthuser.save()
    #zwz: 发送登录信号并完成登录
    oauth_user_login_signal.send(sender=emailconfirm.__class__, id=oauthuser.id)
    login(request, author)
    #zwz: 发送绑定成功邮件
    site = 'http://' + get_current_site().domain
    content = _('''<p>恭喜您成功绑定邮箱，可直接用%(oauthuser_type)s登录本站。</p >
        欢迎关注本站：<a href=" ">%(site)s</a >''') % {'oauthuser_type': oauthuser.type, 'site': site}
    send_email(emailto=[oauthuser.email, ], title=_('绑定成功！'), content=content)
    return HttpResponseRedirect(reverse('oauth:bindsuccess', kwargs={'oauthid': id}) + '?type=success')


#zwz: 邮箱绑定表单页：处理无邮箱用户的邮箱填写
class RequireEmailView(FormView):
    form_class = RequireEmailForm
    template_name = 'oauth/require_email.html'

    def get(self, request, *args, **kwargs):
        oauthid = self.kwargs['oauthid']
        get_object_or_404(OAuthUser, pk=oauthid)
        return super().get(request, *args, **kwargs)

    def get_initial(self):
        #zwz: 初始化表单默认值
        return {'email': '', 'oauthid': self.kwargs['oauthid']}

    def get_context_data(self, **kwargs):
        #zwz: 传递用户头像到模板
        oauthuser = get_object_or_404(OAuthUser, pk=self.kwargs['oauthid'])
        if oauthuser.picture:
            kwargs['picture'] = oauthuser.picture
        return super().get_context_data(**kwargs)

    def form_valid(self, form):
        #zwz: 提交邮箱后发送验证邮件
        email = form.cleaned_data['email']
        oauthid = form.cleaned_data['oauthid']
        oauthuser = get_object_or_404(OAuthUser, pk=oauthid)
        oauthuser.email = email
        oauthuser.save()
        #zwz: 生成验证签名
        sign = get_sha256(settings.SECRET_KEY + str(oauthuser.id) + settings.SECRET_KEY)
        site = get_current_site().domain if not settings.DEBUG else '127.0.0.1:8000'
        path = reverse('oauth:email_confirm', kwargs={'id': oauthid, 'sign': sign})
        url = f"http://{site}{path}"
        #zwz: 发送验证邮件
        content = _(f'<p>请点击链接绑定邮箱：<a href="{url}">{url}</a ></p >')
        send_email(emailto=[email, ], title=_('绑定邮箱'), content=content)
        return HttpResponseRedirect(reverse('oauth:bindsuccess', kwargs={'oauthid': oauthid}) + '?type=email')


#zwz: 绑定结果页：显示成功提示
def bindsuccess(request, oauthid):
    type = request.GET.get('type', None)
    oauthuser = get_object_or_404(OAuthUser, pk=oauthid)
    #zwz: 根据类型返回不同提示内容
    if type == 'email':
        title = _('绑定邮箱')
        content = _('请登录邮箱完成最后一步绑定')
    else:
        title = _('绑定成功')
        content = _(f"已用{oauthuser.type}绑定账号，可直接登录")
    return render(request, 'oauth/bindsuccess.html', {'title': title, 'content': content})