package org.jeecg.modules.jmreport.common.interceptor;

import com.alibaba.fastjson.JSON;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jeecg.modules.jmreport.common.annotation.JimuLoginRequired;
import org.jeecg.modules.jmreport.common.b.g;
import org.jeecg.modules.jmreport.common.constant.c;
import org.jeecg.modules.jmreport.common.constant.d;
import org.jeecg.modules.jmreport.common.vo.Result;
import org.jeecg.modules.jmreport.config.JmReportBaseConfig;
import org.jeecg.modules.jmreport.config.client.JmReportTokenClient;
import org.jeecg.modules.jmreport.desreport.util.m;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:org/jeecg/modules/jmreport/common/interceptor/JimuReportInterceptor.class */
public class JimuReportInterceptor implements HandlerInterceptor {

    @Autowired
    private JmReportTokenClient jimuTokenClient;

    @Autowired
    private JmReportBaseConfig jmBaseConfig;
    private static final Logger log = LoggerFactory.getLogger(JimuReportInterceptor.class);
    public static final String[] XSS_KEYWORD = {m.q, "%3C", m.o, "%3E", "\\(", "%28", "\\)", "%29", "'", "eval\\((.*)\\)"};

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        String filterUrl = filterUrl(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
        log.debug("JimuReportInterceptor check requestPath = " + filterUrl);
        if (hasXssKeyWord(filterUrl)) {
            log.error("请注意，请求地址有xss攻击风险！" + filterUrl);
            backError(httpServletResponse, "请求地址有xss攻击风险!");
            return false;
        }
        String customPrePath = this.jmBaseConfig.getCustomPrePath();
        log.debug("customPrePath: {}", customPrePath);
        if (g.d((Object) customPrePath) && !customPrePath.startsWith("/")) {
            customPrePath = "/" + customPrePath;
        }
        httpServletRequest.setAttribute("customPrePath", customPrePath);
        JimuLoginRequired jimuLoginRequired = (JimuLoginRequired) ((HandlerMethod) obj).getMethod().getAnnotation(JimuLoginRequired.class);
        if (!g.d(jimuLoginRequired) || !jimuLoginRequired.required() || verifyToken(httpServletRequest)) {
            return true;
        }
        log.error("Token校验失败！请求无权限(" + httpServletRequest.getMethod() + ")：" + filterUrl);
        backError(httpServletResponse, "Token校验失败，无权限访问！");
        return false;
    }

    private boolean hasXssKeyWord(String str) {
        for (String str2 : XSS_KEYWORD) {
            if (Pattern.compile(str2).matcher(str).find()) {
                return true;
            }
        }
        return false;
    }

    private boolean verifyToken(HttpServletRequest httpServletRequest) {
        return this.jimuTokenClient.verifyToken(httpServletRequest).booleanValue();
    }

    private String filterUrl(String str) {
        String str2 = "";
        if (g.d((Object) str)) {
            str2 = str.replace(c.p, "/").replace(d.dy, "/");
            if (str2.indexOf(d.dy) >= 0) {
                str2 = filterUrl(str2);
            }
        }
        return str2;
    }

    private void backError(HttpServletResponse httpServletResponse, String str) {
        PrintWriter printWriter = null;
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json; charset=utf-8");
        httpServletResponse.setHeader("auth", "fail");
        try {
            try {
                printWriter = httpServletResponse.getWriter();
                printWriter.print(JSON.toJSON(Result.error(str)));
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                log.error(e.getMessage());
                if (printWriter != null) {
                    printWriter.close();
                }
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }
}
