package xyz.shodown.core.filter;

import cn.hutool.core.util.CharsetUtil;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import xyz.shodown.common.request.XssBodyRequestWrapper;
import xyz.shodown.common.request.XssHttpServletRequestWrapper;
import xyz.shodown.common.util.basic.MapUtil;
import xyz.shodown.common.util.io.HttpUtil;
import xyz.shodown.common.util.io.XssUtil;
import xyz.shodown.common.util.json.JsonUtil;

@WebFilter
@Order(-1)
/* loaded from: input_file:xyz/shodown/core/filter/CrosXssFilter.class */
public class CrosXssFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger("platform");

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setCharacterEncoding(CharsetUtil.CHARSET_UTF_8.name());
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        resetCookies(httpServletRequest, (HttpServletResponse) servletResponse);
        if (servletResponse instanceof HttpServletResponse) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
            httpServletResponse.setHeader("Access-Control-Max-Age", "86400");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
        }
        if ("GET".equals(httpServletRequest.getMethod())) {
            log.debug("CrosXssFilter-orignal url:{},ParameterMap:{}", httpServletRequest.getRequestURI(), JsonUtil.objectToJson(httpServletRequest.getParameterMap()));
            XssHttpServletRequestWrapper xssHttpServletRequestWrapper = new XssHttpServletRequestWrapper(httpServletRequest);
            filterChain.doFilter(xssHttpServletRequestWrapper, servletResponse);
            log.debug("CrosXssFilter-doFilter url:{},ParameterMap:{}", xssHttpServletRequestWrapper.getRequestURI(), JsonUtil.objectToJson(xssHttpServletRequestWrapper.getParameterMap()));
            return;
        }
        log.debug("CrosXssFilter-start url:{}", httpServletRequest.getRequestURI());
        XssBodyRequestWrapper xssBodyRequestWrapper = new XssBodyRequestWrapper(httpServletRequest);
        filterChain.doFilter(xssBodyRequestWrapper, servletResponse);
        log.debug("CrosXssFilter-end url:{}", xssBodyRequestWrapper.getRequestURI());
    }

    private Cookie[] resetCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        HashMap hashMap = new HashMap();
        if (cookies != null && cookies.length != 0) {
            for (Cookie cookie : cookies) {
                String value = cookie.getValue();
                if (value != null && XssUtil.cleanXss(value)) {
                    hashMap.put(cookie.getName(), cookie.getDomain());
                }
            }
            if (MapUtil.isNotEmpty(hashMap)) {
                for (Map.Entry entry : hashMap.entrySet()) {
                    HttpUtil.removeCookie((String) entry.getKey(), (String) entry.getValue(), httpServletRequest, httpServletResponse);
                }
            }
        }
        return cookies;
    }
}
