using ApiTools.Core;
using Furion.DataEncryption;
using Furion.DynamicApiController;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;

namespace ApiTools.Web.Entry.Controllers
{
    [Route("api/common/wxmp")]
    public class WxmpController(
            WxmpUtils utils,
            IOptions<WxmpOptions> options
        ) : ControllerBase
    {
        private readonly WxmpUtils utils = utils;
        private readonly IOptions<WxmpOptions> options = options;

        [HttpGet("subscribMessageNotify")]
        [AllowAnonymous]
        public IActionResult SubscribMessageNotify([FromQuery] WxmpSubscribMessageNotifyRequestQuery request)
        {
            var @params = new[]
            {
                options.Value.SubscribMessage.Token,
                request.Timestamp,
                request.Nonce
            }
            .OrderBy(p => p)
            .ToArray();
            var text = string.Concat(@params);
            if (SHA1Encryption.Compare(text, request.Signature, true))
            {
                return Content(request.Echostr);
            }
            else
            {
                return Unauthorized("验签失败");
            }
        }
    }
}