<?php
namespace app\Repositories\Eloquent;

use App\Repositories\Eloquent\BaseRepository;
use App\Repositories\Contracts\ApiSignInterface;
use Illuminate\Support\Facades\Redis;

/**
 *
 * @author lilin
 *        
 */
class ApiSignFacadeRepository extends BaseRepository implements  ApiSignInterface
{
    public function auth($encryptedStr, $random, $timesTamp)
    {
        //api请求最大时间差
        $apiMaxTime = config('console.apiMaxTime');
        
        $logArr = [
            'encryptedStr'  => $encryptedStr,
            'random'        => $random,
            'timesTamp'     => $timesTamp
        ];
        
        if (!$encryptedStr || !$random || strlen($timesTamp) > 10){
            $this->setLog('api请求验证, 验证参数不正确', $this->startTime(), $logArr);
            $this->error()->authenticationFailed();
        }
        
        if (time() - $timesTamp > $apiMaxTime) {
            $this->setLog('api请求验证, 请求时间差大于配制时间', $this->startTime, $logArr);
            $this->error()->authenticationFailed();
        }
        
        $pemPath    = public_path('rsa/api_rsa_private_key.pem');
        $privateKey = file_get_contents($pemPath);
        $piKey      = openssl_pkey_get_private($privateKey);
        $decrypted  = '';
        openssl_private_decrypt(base64_decode($encryptedStr), $decrypted, $piKey, OPENSSL_PKCS1_PADDING);
        
        $data = json_decode($decrypted, true);

        if (!$decrypted){
            $this->setLog('api请求验证,签名解密失败', $this->startTime, $logArr);
            $this->error()->authenticationFailed();
        }
        
        //从redis里找有没有用过
        $key = config('console.redis_key.api_auth').$random;
        $exists = Redis::EXISTS($key);
        if ($exists){
            $this->setLog('api请求验证,使用了重复的签名', $this->startTime, $logArr);
            $this->error()->authenticationFailed();
        }
        
        if (!isset($data['appid']) || $data['appid'] != config('console.apiAppid')){
            $this->setLog('api请求验证,appid错误', $this->startTime, $logArr);
            $this->error()->authenticationFailed();
        }
        
        if (!isset($data['random']) || !isset($data['timestamp']) ||  $data['random'] != $random || $data['timestamp'] != $timesTamp) {
            $this->setLog('api请求验证,random和timestamp不一致', $this->startTime, $logArr);
            $this->error()->authenticationFailed();
        }
        
        //验证通过加入reids,过期时间为最大时间差
        Redis::SET($key, $encryptedStr);
        Redis::EXPIRE($key, $apiMaxTime);
        
        return $this->response();
    }

}