package cn.hobbystocks.auc.config;

import cn.hobbystocks.auc.common.filter.AuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    private final AuthenticationFilter authenticationFilter;

    private String [] ignoreUrl={"/actuator/**","/api/local/**","/api-docs/*","/doc.html","/webjars/**","/swagger-resources/**","/v3/api-docs/**","/swagger-ui/**"};

    public SecurityConfig(AuthenticationFilter authenticationFilter) {
        this.authenticationFilter = authenticationFilter;
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .csrf(AbstractHttpConfigurer::disable)  // 禁用 CSRF
                .sessionManagement(session -> session
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) // 使用无状态会话
                .authorizeHttpRequests(auth -> auth
                        .antMatchers(ignoreUrl).permitAll()
                        .anyRequest().authenticated()  // 其他请求需要身份验证
                )
                .addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class); // 添加自定义过滤器

        return http.build();
    }
}