package com.zxkxc.cloud.extension.xss;

import com.zxkxc.cloud.common.dto.AjaxResult;
import com.zxkxc.cloud.common.enums.ResultCode;
import com.zxkxc.cloud.common.utils.ServletUtil;
import com.zxkxc.cloud.common.utils.StringsUtil;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/zxkxc/cloud/extension/xss/CustomXssFilter.class */
public class CustomXssFilter implements Filter {
    public List<String> excludes = new ArrayList();

    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("excludes");
        if (StringsUtil.isNotEmpty(initParameter)) {
            this.excludes.addAll(Arrays.asList(initParameter.split(",")));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (StringsUtil.matches(httpServletRequest.getServletPath(), this.excludes)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        CustomXssHttpServletRequestWrapper customXssHttpServletRequestWrapper = new CustomXssHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        if (RequestMethod.POST.toString().equalsIgnoreCase(httpServletRequest.getMethod())) {
            String bodyString = getBodyString(customXssHttpServletRequestWrapper.getReader());
            if (StringsUtil.isNotBlank(bodyString) && customXssHttpServletRequestWrapper.checkXssAndSql(bodyString)) {
                ServletUtil.renderString(httpServletResponse, JSONObject.fromObject(AjaxResult.failure(ResultCode.PARAM_ERROR, "请求中有违反安全规则元素存在，拒绝访问!")).toString());
                return;
            }
        }
        if (customXssHttpServletRequestWrapper.checkParameter()) {
            ServletUtil.renderString(httpServletResponse, JSONObject.fromObject(AjaxResult.failure(ResultCode.PARAM_ERROR, "请求中有违反安全规则元素存在，拒绝访问!")).toString());
        } else {
            filterChain.doFilter(customXssHttpServletRequestWrapper, servletResponse);
        }
    }

    private String getBodyString(BufferedReader bufferedReader) {
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            } catch (IOException e) {
                System.out.println("IOException: " + e);
            }
        }
        bufferedReader.close();
        return sb.toString();
    }

    public void destroy() {
    }
}
