package main

import (
	"fmt"
	"strings"

	"github.com/aliyun/aliyun-oss-go-sdk/oss"
	"github.com/aliyun/credentials-go/credentials"
	"github.com/joho/godotenv"
	"github.com/topfans/backend/gateway/config"
)

func main() {
	_ = godotenv.Load("../../.env", "../.env", ".env")
	cfg := config.Load()

	fmt.Println("=== OSS 分步诊断 ===")
	fmt.Printf("Bucket: %s  Region: %s\n", cfg.OSS.BucketName, cfg.OSS.Region)
	fmt.Printf("AK: %s  Role: %s\n", mask(cfg.OSS.AccessKeyID), cfg.OSS.RoleArn)

	fmt.Println("\n[1] STS AssumeRole")
	stsAK, stsSK, stsToken, stsErr := trySTS(cfg)
	if stsErr != nil {
		fmt.Printf("  FAIL: %v\n", stsErr)
	} else {
		fmt.Printf("  OK 临时 AK: %s\n", mask(stsAK))
		fmt.Printf("  PutObject via STS: %s\n", tryPut(stsAK, stsSK, stsToken, cfg))
	}

	fmt.Println("\n[2] AK/SK 直连")
	fmt.Printf("  PutObject via AK: %s\n", tryPut(cfg.OSS.AccessKeyID, cfg.OSS.AccessKeySecret, "", cfg))
}

func trySTS(cfg *config.Config) (string, string, string, error) {
	credConfig := new(credentials.Config).
		SetType("ram_role_arn").
		SetAccessKeyId(cfg.OSS.AccessKeyID).
		SetAccessKeySecret(cfg.OSS.AccessKeySecret).
		SetRoleArn(cfg.OSS.RoleArn).
		SetRoleSessionName("diag").
		SetPolicy("").
		SetRoleSessionExpiration(3600)
	provider, err := credentials.NewCredential(credConfig)
	if err != nil {
		return "", "", "", err
	}
	cred, err := provider.GetCredential()
	if err != nil {
		return "", "", "", err
	}
	return *cred.AccessKeyId, *cred.AccessKeySecret, *cred.SecurityToken, nil
}

func tryPut(ak, sk, token string, cfg *config.Config) string {
	endpoint := fmt.Sprintf("https://oss-%s.aliyuncs.com", cfg.OSS.Region)
	var client *oss.Client
	var err error
	if token != "" {
		client, err = oss.New(endpoint, ak, sk, oss.SecurityToken(token))
	} else {
		client, err = oss.New(endpoint, ak, sk)
	}
	if err != nil {
		return "client FAIL: " + err.Error()
	}
	bucket, err := client.Bucket(cfg.OSS.BucketName)
	if err != nil {
		return "bucket FAIL: " + err.Error()
	}
	key := "laser-card-segment/tmp/0/0/diag_step.jpg"
	err = bucket.PutObject(key, strings.NewReader("diag"), oss.ContentType("image/jpeg"))
	if err != nil {
		return "PutObject FAIL: " + err.Error()
	}
	return "OK"
}

func mask(s string) string {
	s = strings.TrimSpace(s)
	if len(s) <= 8 {
		return "***"
	}
	return s[:4] + "****" + s[len(s)-4:]
}