package com.vci.ubcs.common.validator;

import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;

import javax.annotation.PostConstruct;
import java.io.IOException;
import java.util.*;
import java.util.stream.Collectors;

/**
 * 文件安全验证器
 */
@Component
@Slf4j
public class ComprehensiveFileValidator {

	/**
	 * 文件白名单
	 */
	@Value("${app.upload.security.allowed-extensions:jpg,jpeg,png,pdf}")
	private String allowedExtensionsConfig;

	/**
	 * 多重扩展名文件禁止
	 */
	@Value("${app.upload.security.prevent-multiple-extensions:true}")
	private boolean preventMultipleExtensions;

	/**
	 * 限制的危险文件类型
	 */
	@Value("${app.upload.security.dangerous-primary-extensions:jsp,jspx,php,asp,aspx,war,exe,sh,bat}")
	private String dangerousExtensionsConfig;

	/**
	 * 文件内容类型是否匹配校验
	 */
	@Value("${app.upload.security.validate-content-type:true}")
	private boolean validateContentType;

	/**
	 * 文件头验证
	 */
	@Value("${app.upload.security.validate-file-header:true}")
	private boolean validateFileHeader;

	/**
	 * 严格模式
	 */
	@Value("${app.upload.security.strict-mode:false}")
	private boolean strictMode;

	/**
	 * 允许上传的后缀
	 */
	private Set<String> allowedExtensions;

	/**
	 * 危险的文件后缀
	 */
	private Set<String> dangerousPrimaryExtensions;

	@PostConstruct
	public void init() {
		// 解析逗号分隔的配置
		this.allowedExtensions = parseCommaSeparatedConfig(allowedExtensionsConfig);
		this.dangerousPrimaryExtensions = parseCommaSeparatedConfig(dangerousExtensionsConfig);

		log.info("文件上传验证器初始化完成");
		log.info("允许的扩展名: {}", allowedExtensions);
		log.info("危险扩展名: {}", dangerousPrimaryExtensions);
	}

	private Set<String> parseCommaSeparatedConfig(String config) {
		if (config == null || config.trim().isEmpty()) {
			return new HashSet<>();
		}
		return Arrays.stream(config.split(","))
			.map(String::trim)
			.map(String::toLowerCase)
			.collect(Collectors.toSet());
	}

	/**
	 * 验证单个文件
	 */
	public UploadValidationResult validateFile(MultipartFile file) {
		UploadValidationResult result = new UploadValidationResult();

		try {
			// 基础检查
			if (!basicValidation(file, result)) {
				return result;
			}

			String filename = file.getOriginalFilename();

			// 文件名安全验证
			if (!filenameSecurityValidation(filename, result)) {
				return result;
			}

			// 内容安全验证
			if (!contentSecurityValidation(file, result)) {
				return result;
			}

			result.setValid(true);
			result.setMessage("文件验证通过");

		} catch (Exception e) {
			log.error("文件验证异常", e);
			result.setValid(false);
			result.setMessage("验证过程发生异常");
		}

		return result;
	}

	/**
	 * 验证多个文件
	 * @param files 文件列表
	 * @return 多个文件的验证结果
	 */
	public MultiUploadValidationResult validateFiles(List<MultipartFile> files) {
		return validateFiles(files, false);
	}

	/**
	 * 验证多个文件
	 * @param files 文件列表
	 * @param stopOnFirstError 遇到第一个错误是否停止验证
	 * @return 多个文件的验证结果
	 */
	public MultiUploadValidationResult validateFiles(List<MultipartFile> files, boolean stopOnFirstError) {
		MultiUploadValidationResult result = new MultiUploadValidationResult();

		if (files == null || files.isEmpty()) {
			result.setValid(false);
			result.setMessage("文件列表为空");
			return result;
		}

		List<FileValidationDetail> details = new ArrayList<>();
		boolean allValid = true;

		for (int i = 0; i < files.size(); i++) {
			MultipartFile file = files.get(i);
			FileValidationDetail detail = new FileValidationDetail();
			detail.setFileName(file.getOriginalFilename());
			detail.setFileIndex(i);
			detail.setFileSize(file.getSize());

			// 验证单个文件
			UploadValidationResult singleResult = validateFile(file);
			detail.setValid(singleResult.isValid());
			detail.setMessage(singleResult.getMessage());
			detail.setDetectedType(singleResult.getDetectedType());

			details.add(detail);

			if (!singleResult.isValid()) {
				allValid = false;
				if (stopOnFirstError) {
					// 遇到错误且设置为快速失败，立即返回
					result.setValid(false);
					result.setMessage("第" + (i + 1) + "个文件验证失败: " + file.getOriginalFilename());
					result.setDetails(details);
					result.setFailedIndex(i);
					return result;
				}
			}
		}

		result.setValid(allValid);
		result.setMessage(allValid ? "所有文件验证通过" : "部分文件验证失败");
		result.setDetails(details);
		result.setTotalFiles(files.size());
		result.setValidFiles((int) details.stream().filter(FileValidationDetail::isValid).count());
		result.setInvalidFiles((int) details.stream().filter(d -> !d.isValid()).count());

		return result;
	}

	/**
	 * 验证多个文件（数组版本）
	 */
	public MultiUploadValidationResult validateFiles(MultipartFile[] files) {
		return validateFiles(Arrays.asList(files));
	}

	/**
	 * 验证多个文件（数组版本，可设置是否快速失败）
	 */
	public MultiUploadValidationResult validateFiles(MultipartFile[] files, boolean stopOnFirstError) {
		return validateFiles(Arrays.asList(files), stopOnFirstError);
	}

	/**
	 * 批量验证文件并返回有效的文件列表
	 */
	public List<MultipartFile> getValidFiles(List<MultipartFile> files) {
		MultiUploadValidationResult result = validateFiles(files);
		List<MultipartFile> validFiles = new ArrayList<>();

		for (int i = 0; i < files.size(); i++) {
			if (result.getDetails().get(i).isValid()) {
				validFiles.add(files.get(i));
			}
		}

		return validFiles;
	}

	/**
	 * 检查是否所有文件都有效
	 */
	public boolean areAllFilesValid(List<MultipartFile> files) {
		MultiUploadValidationResult result = validateFiles(files);
		return result.isValid();
	}

	// 原有的私有方法保持不变
	private boolean basicValidation(MultipartFile file, UploadValidationResult result) {
		if (file == null || file.isEmpty()) {
			result.setMessage("文件为空");
			return false;
		}

		String filename = file.getOriginalFilename();
		if (filename == null || filename.trim().isEmpty()) {
			result.setMessage("文件名为空");
			return false;
		}

		return true;
	}

	private boolean filenameSecurityValidation(String filename, UploadValidationResult result) {
		// 路径遍历检查
		if (filename.contains("..") || filename.contains("/") || filename.contains("\\")) {
			result.setMessage("文件名包含危险字符");
			return false;
		}

		// 扩展名检查
		String finalExtension = getFinalExtension(filename);
		if (finalExtension.isEmpty() || !allowedExtensions.contains(finalExtension.toLowerCase())) {
			result.setMessage("不支持的文件类型: " + finalExtension);
			return false;
		}

		// 多重扩展名检查
		if (preventMultipleExtensions && hasMultipleExtensions(filename)) {
			if (strictMode) {
				// 严格模式：拦截所有多重扩展名
				result.setMessage("多重扩展名文件被禁止");
				return false;
			} else {
				// 普通模式：只拦截包含危险扩展名的多重扩展名
				if (containsDangerousExtension(filename)) {
					result.setMessage("检测到伪装Webshell文件: " + filename);
					return false;
				}
			}
		}

		return true;
	}

	private boolean contentSecurityValidation(MultipartFile file, UploadValidationResult result) {
		// 内容类型验证
		if (validateContentType && !validateContentType(file)) {
			result.setMessage("文件内容类型不匹配");
			return false;
		}

		// 文件头验证
		if (validateFileHeader && !validateFileHeader(file)) {
			result.setMessage("文件头验证失败");
			return false;
		}

		return true;
	}

	private boolean hasMultipleExtensions(String filename) {
		String name = getFileNameWithoutPath(filename);
		return name.chars().filter(ch -> ch == '.').count() > 1;
	}

	private boolean containsDangerousExtension(String filename) {
		String name = getFileNameWithoutPath(filename);
		String[] parts = name.split("\\.");

		// 检查除最后一个扩展名之外的所有部分
		for (int i = 0; i < parts.length - 1; i++) {
			String part = parts[i].toLowerCase();
			if (dangerousPrimaryExtensions.contains(part)) {
				return true;
			}
		}
		return false;
	}

	private boolean validateContentType(MultipartFile file) {
		try {
			String declaredType = file.getContentType();
			if (declaredType == null) {
				return true; // 没有声明类型，放过
			}

			// 简单的类型匹配检查
			String finalExtension = getFinalExtension(file.getOriginalFilename()).toLowerCase();
			return isContentTypeConsistent(declaredType, finalExtension);
		} catch (Exception e) {
			log.error("内容类型验证失败", e);
			return false;
		}
	}

	/**
	 * 验证文件的内容类型（Content-Type）是否与文件扩展名一致
	 * @param contentType
	 * @param extension
	 * @return
	 */
	private boolean isContentTypeConsistent(String contentType, String extension) {
		// 扩展更全面的类型映射
		Map<String, String> expectedTypes = new HashMap<>();

		// 图片类型
		expectedTypes.put("jpg", "image/jpeg");
		expectedTypes.put("jpeg", "image/jpeg");
		expectedTypes.put("png", "image/png");
		expectedTypes.put("gif", "image/gif");
		expectedTypes.put("bmp", "image/bmp");
		expectedTypes.put("webp", "image/webp");
		expectedTypes.put("svg", "image/svg+xml");

		// 文档类型
		expectedTypes.put("pdf", "application/pdf");
		expectedTypes.put("doc", "application/msword");
		expectedTypes.put("docx", "application/vnd.openxmlformats-officedocument.wordprocessingml.document");
		expectedTypes.put("xls", "application/vnd.ms-excel");
		expectedTypes.put("xlsx", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
		expectedTypes.put("ppt", "application/vnd.ms-powerpoint");
		expectedTypes.put("pptx", "application/vnd.openxmlformats-officedocument.presentationml.presentation");
		expectedTypes.put("txt", "text/plain");

		// 压缩文件
		expectedTypes.put("zip", "application/zip");
		expectedTypes.put("rar", "application/x-rar-compressed");
		expectedTypes.put("7z", "application/x-7z-compressed");

		String expectedType = expectedTypes.get(extension);
		return expectedType == null || expectedType.equalsIgnoreCase(contentType);
	}

	private boolean validateFileHeader(MultipartFile file) {
		try {
			byte[] header = new byte[8];
			int bytesRead = file.getInputStream().read(header);

			if (bytesRead < 4) {
				return false;
			}

			String finalExtension = getFinalExtension(file.getOriginalFilename()).toLowerCase();

			// 基础的文件头验证
			switch (finalExtension) {
				case "jpg":
				case "jpeg":
					return isJpeg(header);
				case "png":
					return isPng(header);
				case "pdf":
					return isPdf(header);
				case "gif":
					return isGif(header);
				default:
					return true; // 其他类型不验证文件头
			}
		} catch (IOException e) {
			log.error("文件头验证失败", e);
			return false;
		}
	}

	/**
	 * 文件头验证方法
	 * @param header
	 * @return
	 */
	private boolean isJpeg(byte[] header) {
		return (header[0] & 0xFF) == 0xFF && (header[1] & 0xFF) == 0xD8;
	}

	private boolean isPng(byte[] header) {
		return header[0] == (byte) 0x89 && header[1] == 0x50 &&
			header[2] == 0x4E && header[3] == 0x47;
	}

	private boolean isPdf(byte[] header) {
		return header[0] == 0x25 && header[1] == 0x50 &&
			header[2] == 0x44 && header[3] == 0x46;
	}

	private boolean isGif(byte[] header) {
		return header[0] == 'G' && header[1] == 'I' &&
			header[2] == 'F' && header[3] == '8';
	}

	// 辅助方法
	private String getFinalExtension(String filename) {
		if (filename == null || !filename.contains(".")) return "";
		String[] parts = filename.split("\\.");
		return parts[parts.length - 1];
	}

	private String getFileNameWithoutPath(String filename) {
		if (filename == null) return "";
		filename = filename.replace('\\', '/');
		int lastSlash = filename.lastIndexOf('/');
		return lastSlash >= 0 ? filename.substring(lastSlash + 1) : filename;
	}

	@Data
	public static class UploadValidationResult {
		private boolean valid;
		private String message;
		private String detectedType;

		public UploadValidationResult() {
			this.valid = false;
			this.message = "";
		}
	}

	/**
	 * 多文件验证结果
	 */
	@Data
	public static class MultiUploadValidationResult {
		private boolean valid;
		private String message;
		private int totalFiles;
		private int validFiles;
		private int invalidFiles;
		private int failedIndex = -1; // 第一个失败的文件索引
		private List<FileValidationDetail> details;

		public MultiUploadValidationResult() {
			this.valid = false;
			this.message = "";
			this.details = new ArrayList<>();
		}
	}

	/**
	 * 单个文件验证详情
	 */
	@Data
	public static class FileValidationDetail {
		private String fileName;
		private int fileIndex;
		private long fileSize;
		private boolean valid;
		private String message;
		private String detectedType;
	}
}