package com.zxkxc.cloud.extension.xss.filter;

import com.alibaba.fastjson2.JSONObject;
import com.alibaba.fastjson2.JSONWriter;
import com.zxkxc.cloud.common.enums.ResultCode;
import com.zxkxc.cloud.common.model.ReqResult;
import com.zxkxc.cloud.common.utils.ServletUtil;
import com.zxkxc.cloud.common.utils.StringsUtil;
import com.zxkxc.cloud.extension.xss.wrapper.XssHttpServletRequestWrapper;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/zxkxc/cloud/extension/xss/filter/XssFilter.class */
public class XssFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(XssFilter.class);
    private final List<String> excludes = new ArrayList();

    public void init(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("excludes");
        if (StringsUtil.isNotEmpty(initParameter)) {
            this.excludes.addAll(Arrays.asList(initParameter.split(",")));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (StringsUtil.matches(httpServletRequest.getServletPath(), this.excludes)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        XssHttpServletRequestWrapper xssHttpServletRequestWrapper = new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        if (RequestMethod.POST.toString().equalsIgnoreCase(httpServletRequest.getMethod())) {
            String bodyString = getBodyString(xssHttpServletRequestWrapper.getReader());
            if (StringUtils.isNotBlank(bodyString) && xssHttpServletRequestWrapper.checkXssAndSql(bodyString)) {
                ServletUtil.renderString(httpServletResponse, JSONObject.toJSONString(ReqResult.failure(ResultCode.PARAM_ERROR, "请求中有违反安全规则元素存在，拒绝访问!"), new JSONWriter.Feature[0]));
                return;
            }
        }
        if (xssHttpServletRequestWrapper.checkParameter()) {
            ServletUtil.renderString(httpServletResponse, JSONObject.toJSONString(ReqResult.failure(ResultCode.PARAM_ERROR, "请求中有违反安全规则元素存在，拒绝访问!"), new JSONWriter.Feature[0]));
        } else {
            filterChain.doFilter(xssHttpServletRequestWrapper, servletResponse);
        }
    }

    private String getBodyString(BufferedReader bufferedReader) {
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        bufferedReader.close();
        return sb.toString();
    }
}
