package cn.jiangzeyin.common.request;

import cn.hutool.core.io.FileUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.core.util.URLUtil;
import cn.hutool.extra.servlet.ServletUtil;
import cn.hutool.http.HtmlUtil;
import cn.jiangzeyin.CommonPropertiesFinal;
import cn.jiangzeyin.common.DefaultSystemLog;
import cn.jiangzeyin.common.interceptor.BaseCallbackController;
import cn.jiangzeyin.common.spring.SpringUtil;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.util.http.fileupload.servlet.ServletFileUpload;
import org.springframework.core.convert.ConversionFailedException;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.multipart.MaxUploadSizeExceededException;

/* loaded from: input_file:cn/jiangzeyin/common/request/XssFilter.class */
public class XssFilter extends CharacterEncodingFilter {
    private static long request_timeout_log;
    private static boolean LOG;
    private static boolean XSS;
    private static boolean TRIMAll;
    private static boolean URL_DECODE;
    private static String[] RESOURCE_HANDLER;
    private static final ThreadLocal<Long> REQUEST_TIME = new ThreadLocal<>();
    private static final ThreadLocal<String> REQUEST_INFO = new ThreadLocal<>();
    public static String[] logFilterPar = {"pwd", "pass", "password"};

    private static void cleanThreadLocal() {
        REQUEST_INFO.remove();
        REQUEST_TIME.remove();
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest parameterXssWrapper;
        REQUEST_TIME.set(Long.valueOf(System.currentTimeMillis()));
        File file = (File) httpServletRequest.getServletContext().getAttribute("javax.servlet.context.tempdir");
        if (!file.exists() && !file.mkdirs()) {
            throw new IOException(file.getPath() + " 临时目录创建失败");
        }
        if (ServletFileUpload.isMultipartContent(httpServletRequest)) {
            try {
                parameterXssWrapper = new MultipartParameterXssWrapper(httpServletRequest);
            } catch (MaxUploadSizeExceededException e) {
                parameterXssWrapper = new ParameterXssWrapper(httpServletRequest);
            }
        } else {
            parameterXssWrapper = new ParameterXssWrapper(httpServletRequest);
        }
        requestLog(parameterXssWrapper);
        super.doFilterInternal(parameterXssWrapper, httpServletResponse, filterChain);
        responseLog(httpServletResponse);
        cleanThreadLocal();
    }

    private void requestLog(HttpServletRequest httpServletRequest) {
        if (LOG) {
            String requestURI = httpServletRequest.getRequestURI();
            if (RESOURCE_HANDLER != null) {
                String[] strArr = RESOURCE_HANDLER;
                int length = strArr.length;
                for (int i = 0; i < length; i++) {
                    String str = strArr[i];
                    if (StrUtil.endWith(str, "/**")) {
                        str = str.substring(0, str.length() - 2);
                    }
                    if (StrUtil.startWith(requestURI, FileUtil.normalize("/" + str))) {
                        return;
                    }
                }
            }
            Map<String, String> headerMapValues = BaseCallbackController.getHeaderMapValues(httpServletRequest);
            Map<String, String> paramMap = ServletUtil.getParamMap(httpServletRequest);
            String clientIP = ServletUtil.getClientIP(httpServletRequest, new String[0]);
            DefaultSystemLog.LogCallback logCallback = DefaultSystemLog.getLogCallback();
            if (logCallback != null) {
                String fastSimpleUUID = IdUtil.fastSimpleUUID();
                logCallback.logStart(httpServletRequest, fastSimpleUUID, requestURI, HttpMethod.valueOf(httpServletRequest.getMethod()), clientIP, paramMap, headerMapValues);
                REQUEST_INFO.set(fastSimpleUUID);
                return;
            }
            StringBuilder sb = new StringBuilder();
            sb.append(requestURI).append(",method:").append(httpServletRequest.getMethod()).append(",ip:").append(clientIP).append(" parameters:");
            Set<Map.Entry<String, String>> entrySet = paramMap.entrySet();
            sb.append("{");
            for (Map.Entry<String, String> entry : entrySet) {
                String key = entry.getKey();
                if (!StrUtil.containsAnyIgnoreCase(key, logFilterPar)) {
                    sb.append(key).append(":");
                    sb.append(HtmlUtil.unescape(entry.getValue()));
                    sb.append(";");
                }
            }
            sb.append("}");
            sb.append(",header:").append(headerMapValues);
            DefaultSystemLog.getLog().info(sb.toString());
            REQUEST_INFO.set(sb.toString());
        }
    }

    public static String getReqId() {
        return REQUEST_INFO.get();
    }

    private void responseLog(HttpServletResponse httpServletResponse) {
        String reqId;
        if (LOG && (reqId = getReqId()) != null) {
            int status = httpServletResponse.getStatus();
            DefaultSystemLog.LogCallback logCallback = DefaultSystemLog.getLogCallback();
            if (status >= HttpStatus.BAD_REQUEST.value()) {
                if (logCallback != null) {
                    logCallback.logError(reqId, status);
                    return;
                } else {
                    DefaultSystemLog.getLog().error("status:" + status + ",url:" + reqId);
                    return;
                }
            }
            long currentTimeMillis = System.currentTimeMillis() - REQUEST_TIME.get().longValue();
            if (request_timeout_log <= 0 || currentTimeMillis <= request_timeout_log) {
                return;
            }
            if (logCallback != null) {
                logCallback.logTimeOut(reqId, currentTimeMillis);
            } else {
                DefaultSystemLog.getLog().error("time:" + currentTimeMillis + ",url:" + reqId);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, String[]> doXss(Map<String, String[]> map, Charset charset) {
        if (null == map) {
            return null;
        }
        HashMap hashMap = new HashMap(map.size());
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            String key = entry.getKey();
            String[] doXss = doXss(entry.getValue(), charset);
            if (doXss != null) {
                hashMap.put(key, doXss);
            }
        }
        return hashMap;
    }

    private static String[] doXss(String[] strArr, Charset charset) {
        if (strArr == null) {
            return null;
        }
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            if (null != strArr[i]) {
                strArr[i] = autoToUtf8(strArr[i], charset);
                if (XSS) {
                    strArr[i] = xss(strArr[i]);
                }
                if (TRIMAll) {
                    strArr[i] = strArr[i].trim();
                }
                if (URL_DECODE) {
                    strArr[i] = URLUtil.decode(strArr[i]);
                }
            }
        }
        return strArr;
    }

    public static String xss(String str) {
        if (str == null) {
            return null;
        }
        return HtmlUtil.escape(str).replace("&quot;", "\"");
    }

    private static String autoToUtf8(String str, Charset charset) {
        return charset == CharsetUtil.CHARSET_UTF_8 ? str : CharsetUtil.convert(str, charset, StandardCharsets.UTF_8);
    }

    public static boolean isXSS() {
        return XSS;
    }

    static {
        request_timeout_log = 3000L;
        try {
            LOG = ((Boolean) SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.REQUEST_LOG, Boolean.class, true)).booleanValue();
        } catch (ConversionFailedException e) {
            LOG = false;
        }
        try {
            XSS = ((Boolean) SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.REQUEST_PARAMETER_XSS, Boolean.class, true)).booleanValue();
        } catch (ConversionFailedException e2) {
            XSS = true;
        }
        try {
            TRIMAll = ((Boolean) SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.REQUEST_PARAMETER_TRIM_ALL, Boolean.class, false)).booleanValue();
        } catch (ConversionFailedException e3) {
            TRIMAll = false;
        }
        try {
            URL_DECODE = ((Boolean) SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.REQUEST_PARAMETER_URL_DECODE, Boolean.class, false)).booleanValue();
        } catch (ConversionFailedException e4) {
            URL_DECODE = false;
        }
        try {
            request_timeout_log = ((Long) SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.REQUEST_TIME_OUT, Long.class, Long.valueOf(request_timeout_log))).longValue();
        } catch (ConversionFailedException e5) {
        }
        String property = SpringUtil.getEnvironment().getProperty(CommonPropertiesFinal.INTERCEPTOR_RESOURCE_HANDLER);
        if (StrUtil.isNotEmpty(property)) {
            RESOURCE_HANDLER = StrUtil.splitToArray(property, ",");
        }
    }
}
