// lib/data/datasources/remote/secure_http_client.dart
import 'dart:io';
import 'package:http/http.dart' as http;
import 'package:http/io_client.dart' as http;

class SecureHttpClient {
  static http.Client createSecureClient() {
    // 生产环境：严格的证书验证
    if (const bool.fromEnvironment('dart.vm.product')) {
      final securityContext = SecurityContext.defaultContext;
      
      // 你可以添加自定义根证书（如果需要）
      // securityContext.setTrustedCertificates('path/to/certificate.pem');
      
      final httpClient = HttpClient(context: securityContext);
      
      // 配置安全策略
      httpClient.badCertificateCallback = 
        (X509Certificate cert, String host, int port) {
          // 生产环境严格验证
          return false; // 拒绝无效证书
        };
      
      return http.IOClient(httpClient);
    } 
    // 开发环境：宽松的验证
    else {
      final httpClient = HttpClient();
      
      httpClient.badCertificateCallback = 
        (X509Certificate cert, String host, int port) {
          // 开发环境允许自签名证书
          // print('警告：使用自签名证书 - $host:$port');
          return true;
        };
      
      return http.IOClient(httpClient);
    }
  }
}