// LoginRequired verifies that the current user is authenticated. Any routes that
// require a login should have this handler placed in the flow. If the user is not
// authenticated, they will be redirected to /login with the "next" get parameter
// set to the attempted URL.
func LoginRequired(s sessions.Session, r render.Render, user IUser, req *http.Request) {
	if user.IsAuthenticated() == false {
		s.Delete(SessionKey)
		path := fmt.Sprintf("%s?%s=%s", RedirectUrl, RedirectParam, req.URL.Path)
		r.Redirect(path, 302)
	}
}

func unmarshallToken(s sessions.Session) (t *token) {
	if s.Get(keyToken) == nil {
		return
	}
	data := s.Get(keyToken).([]byte)
	var tk token
	json.Unmarshal(data, &tk)
	return &tk
}

func loginHandle(f *Config, s sessions.Session, w http.ResponseWriter, r *http.Request) {
	next := extractPath(r.URL.Query().Get(RedirectParam))
	s.Set("_RedirectURL", next)
	//	if len(f.ClientID) > 0 && len(f.ClientSecret) > 0 {
	//		http.Redirect(w, r, f.authCodeURL(), 302)
	//	}else {
	path := fmt.Sprintf("%s?redirect_uri=%s", f.Endpoint.LoginURL, f.RedirectURL)
	http.Redirect(w, r, path, 302)
	//	}
}

func logoutHandle(f *Config, c martini.Context, s sessions.Session, w http.ResponseWriter, r *http.Request) {
	s.Delete(keyToken)
	path := fmt.Sprintf("%s?client_id=%s&client_secret=%s", f.Endpoint.LogoutURL, f.ClientID, f.ClientSecret)
	utils.HttpGetString(path)
	//	fmt.Println("oauth logout result:",string(str))
	f.ClientID = ""
	f.ClientSecret = ""
	c.Invoke(Logout)
	http.Redirect(w, r, "/", 302)
}

// UpdateUser updates the User object stored in the session. This is useful incase a change
// is made to the user model that needs to persist across requests.
func UpdateUser(s sessions.Session, user IUser) error {
	s.Set(SessionKey, user.UniqueId())
	return nil
}

// Logout will clear out the session and call the Logout() user function.
func Logout(s sessions.Session, user IUser) {
	user.Logout()
	s.Delete(SessionKey)
}

func callbackhandle(f *Config, c martini.Context, s sessions.Session, w http.ResponseWriter, r *http.Request) {
	rurl, _ := s.Get("_RedirectURL").(string)
	rurl = extractPath(rurl)
	if len(r.URL.Query().Get("code")) > 0 {
		//获取token
		tk, error := f.authTokenURL(r.URL.Query().Get("code"))

		if error == nil && tk.Valid() {
			val, _ := json.Marshal(tk)
			s.Set(keyToken, val)
			fmt.Println("登陆成功")
			s.AddFlash("登陆成功")
			c.Invoke(oAuthUserLoginCallback)
			if len(rurl) == 0 {
				rurl = "/"
			}
			fmt.Println("rul:", rurl)
			http.Redirect(w, r, rurl, 302)
			return
		} else {
			s.AddFlash("登陆失败")
			http.Redirect(w, r, PathError, 302)
			return
		}
	}
	if len(r.URL.Query().Get("client_id")) > 0 {
		f.ClientID = r.URL.Query().Get("client_id")
		f.ClientSecret = r.URL.Query().Get("client_secret")
		http.Redirect(w, r, f.authCodeURL(), 302)
		return
	}

	//	fmt.Println("call:",r)
	//	if (len(r.URL.Query().Get("code"))>0) {
	//		fmt.Println("callFUN:q token")
	//		rurl,_:=  s.Get("_RedirectURL").(string)
	//		//获取token
	//		tk, error := f.authTokenURL(r.URL.Query().Get("code"))
	//		if error==nil && tk.Valid() {
	//			val, _ := json.Marshal(tk)
	//			s.Set(keyToken, val)
	//			s.AddFlash("success","登陆成功")
	//			c.Invoke(oAuthUserLogin)
	//
	//
	//			 http.RedirectHandler(rurl, 302)
	//		 	 return
	//		}else{
	//			s.AddFlash("warning","登陆失败")
	//			http.Redirect(w, r, PathError, 302)
	//			return
	//		}
	//	}else{
	//		fmt.Println("callFUN:1111")
	//		//获取code
	//		if len(r.URL.Query().Get("client_id"))>0 {
	//			fmt.Println("callFUN:q code")
	//			f.ClientID = r.URL.Query().Get("client_id")
	//			f.ClientSecret = r.URL.Query().Get("client_secret")
	//			http.Redirect(w, r, f.authCodeURL(), 302)
	//			return
	//		}
	//		http.Redirect(w, r, "/", 302)
	//	}
	//	fmt.Println("callFUN:sppp")
}