package cn.xphsc.web.boot.sqlInjection.filter;

import cn.xphsc.web.boot.sqlInjection.SqlInjectionRequestWrapper;
import cn.xphsc.web.boot.sqlInjection.exception.SqlInjectionException;
import cn.xphsc.web.common.enums.ExceptionEnum;
import cn.xphsc.web.common.response.ResultMapper;
import cn.xphsc.web.utils.JacksonUtils;
import cn.xphsc.web.utils.StringUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:cn/xphsc/web/boot/sqlInjection/filter/SqlInjectionFilter.class */
public class SqlInjectionFilter implements Filter {
    private boolean parameterEabled;
    public List<String> excludes = new ArrayList(10);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (handleExcludeURL((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        SqlInjectionRequestWrapper sqlInjectionRequestWrapper = new SqlInjectionRequestWrapper((HttpServletRequest) servletRequest, this.parameterEabled);
        if (sqlInjectionRequestWrapper.getMethod().equalsIgnoreCase("post") && sqlInjectionRequestWrapper.getHeader("Content-Type").contains("multipart/form-data")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            filterChain.doFilter(sqlInjectionRequestWrapper, servletResponse);
        } catch (Exception e) {
            servletRequest.setCharacterEncoding("UTF-8");
            servletResponse.setContentType("application/json; charset=utf-8");
            PrintWriter writer = servletResponse.getWriter();
            ResultMapper resultMapper = null;
            if (e.getMessage().contains(SqlInjectionException.class.getName())) {
                resultMapper = ResultMapper.builder().mapping("code", Integer.valueOf(ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getCode())).mapping("message", ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getName()).build();
            } else if (e.getMessage().contains(String.valueOf(ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getCode()))) {
                resultMapper = ResultMapper.builder().mapping("code", Integer.valueOf(ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getCode())).mapping("message", ExceptionEnum.SQL_KEYWORDS_EXCEPTION.getName()).build();
            }
            writer.append((CharSequence) JacksonUtils.toJSONString(resultMapper));
            writer.close();
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("excludes");
        this.parameterEabled = Boolean.parseBoolean(filterConfig.getInitParameter("parameterEabled"));
        if (initParameter != null) {
            String[] split = initParameter.split(StringUtils.COMMA);
            for (int i = 0; split != null && i < split.length; i++) {
                this.excludes.add(split[i]);
            }
        }
    }

    public void destroy() {
    }

    private boolean handleExcludeURL(HttpServletRequest httpServletRequest) {
        if (this.excludes == null || this.excludes.isEmpty()) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = this.excludes.iterator();
        while (it.hasNext()) {
            if (Pattern.compile("^" + it.next()).matcher(requestURI).find()) {
                return true;
            }
        }
        return false;
    }
}
