package org.hy.microservice.common;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hy.common.Date;
import org.hy.common.Help;
import org.hy.common.StringHelp;
import org.hy.common.app.Param;
import org.hy.common.xml.XJava;
import org.hy.common.xml.log.Logger;
import org.hy.microservice.common.user.UserSSO;
import org.hy.microservice.common.user.UserService;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

@Component
/* loaded from: input_file:org/hy/microservice/common/CommonInterceptor.class */
public class CommonInterceptor implements HandlerInterceptor {
    private static final Logger $Logger = new Logger(CommonInterceptor.class);

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!attackJSCheck(httpServletRequest, httpServletResponse)) {
            return false;
        }
        if (!Help.isNull(httpServletRequest.getCookies())) {
            int length = httpServletRequest.getCookies().length;
            for (int i = 0; i < length; i++) {
                try {
                    httpServletRequest.getCookies()[i].setHttpOnly(true);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
        corsCheck(httpServletRequest, httpServletResponse);
        return true;
    }

    private boolean attackJSCheck(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (Help.isNull(httpServletRequest.getParameterMap())) {
            return true;
        }
        for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
            if (StringHelp.isContains((String) entry.getKey(), new String[]{"<", ">", "script", "alert", "console"})) {
                attackJSSendAlarm(httpServletRequest, StringHelp.replaceAll((String) entry.getKey(), new String[]{"<", ">"}, new String[]{"@"}));
                return false;
            }
            if (!Help.isNull((String[]) entry.getValue())) {
                for (String str : (String[]) entry.getValue()) {
                    if (StringHelp.isContains(str, new String[]{"<", ">", "script", "alert", "console"})) {
                        attackJSSendAlarm(httpServletRequest, StringHelp.replaceAll(str, new String[]{"<", ">"}, new String[]{"@"}));
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private void attackJSSendAlarm(HttpServletRequest httpServletRequest, String str) {
        UserSSO sessionGetUser = ((UserService) XJava.getObject("UserService")).sessionGetUser(httpServletRequest.getSession());
        String str2 = "匿名用户";
        String str3 = "未登录";
        if (sessionGetUser != null) {
            str2 = Help.NVL(sessionGetUser.getUserName());
            str3 = Help.NVL(sessionGetUser.getUserCode());
        }
        $Logger.warn(String.valueOf(XJava.getParam("MS_Common_ServiceName").getValue()) + "：注入攻击：" + (String.valueOf(str2) + "(" + str3 + ") 请求页面：" + httpServletRequest.getRequestURL().toString() + ":" + Help.NVL(httpServletRequest.getQueryString()) + ":" + str + "。" + Date.getNowTime().getFull()));
    }

    private void corsSendAlarm(HttpServletRequest httpServletRequest, String str) {
        UserSSO sessionGetUser = ((UserService) XJava.getObject("UserService")).sessionGetUser(httpServletRequest.getSession());
        String str2 = "匿名用户";
        String str3 = "未登录";
        if (sessionGetUser != null) {
            str2 = sessionGetUser.getUserName();
            str3 = sessionGetUser.getUserCode();
        }
        $Logger.warn(String.valueOf(XJava.getParam("MS_Common_ServiceName").getValue()) + "：非法跨域：" + (String.valueOf(str2) + "(" + str3 + ") 请求页面：" + httpServletRequest.getRequestURL().toString() + ":" + Help.NVL(httpServletRequest.getQueryString()) + ":" + str + "。" + Date.getNowTime().getFull()));
    }

    private void corsCheck(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String header = httpServletRequest.getHeader("Origin");
            if (!Help.isNull(header)) {
                String replaceAll = StringHelp.replaceAll(header.toLowerCase().trim(), new String[]{"https://", "http://"}, StringHelp.$ReplaceNil);
                if (corsIsAllowDNS(replaceAll) || corsIsAllowIP(replaceAll)) {
                    httpServletResponse.setHeader("Access-Control-Allow-Origin", header);
                    httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                    httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization,Origin, X-Requested-With, Content-Type, Accept,Access-Token");
                } else {
                    corsSendAlarm(httpServletRequest, header);
                }
            }
        } catch (Exception e) {
            $Logger.error(e);
        }
    }

    private boolean corsIsAllowDNS(String str) {
        Map map = (Map) XJava.getObject("MS_Common_DNSConfigs");
        if (Help.isNull(map)) {
            return true;
        }
        return map.containsKey(str);
    }

    private boolean corsIsAllowIP(String str) {
        List list = (List) XJava.getObject("MS_Common_DNSIPConfigs");
        if (Help.isNull(list)) {
            return true;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (str.startsWith(((Param) it.next()).getName())) {
                return true;
            }
        }
        return false;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }
}
