package com.gccloud.starter.common.filter;

import com.gccloud.starter.common.config.GlobalConfig;
import com.gccloud.starter.common.config.bean.Csrf;
import com.gccloud.starter.common.constant.GlobalConst;
import com.gccloud.starter.common.vo.R;
import com.google.gson.Gson;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(prefix = "gc.starter.component", name = {"CsrfSecureFilter"}, havingValue = "CsrfSecureFilter", matchIfMissing = true)
@Order(1)
@Component
/* loaded from: input_file:com/gccloud/starter/common/filter/CsrfSecureFilter.class */
public class CsrfSecureFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(CsrfSecureFilter.class);

    @Resource
    private GlobalConfig globalConfig;

    @PostConstruct
    public void init() {
        log.info(GlobalConst.Console.LINE);
        log.info("启动Csrf验证Referer拦截器");
        log.info(GlobalConst.Console.LINE);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Csrf csrf = this.globalConfig.getCsrf();
        Thread.getAllStackTraces();
        String header = httpServletRequest.getHeader("Referer");
        if (!csrf.getAllowedEmpty().booleanValue() && StringUtils.isBlank(header)) {
            log.error("禁止 Referer 为空的访问");
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
            httpServletResponse.setStatus(GlobalConst.Response.Code.SERVER_ERROR);
            httpServletResponse.getWriter().print(new Gson().toJson(R.error(Integer.valueOf(GlobalConst.Response.Code.SERVER_ERROR), "非法访问")));
            return;
        }
        if (StringUtils.isBlank(header)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        List<String> allowedReferers = csrf.getAllowedReferers();
        if (allowedReferers.size() == 0) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        boolean z = false;
        Iterator<String> it = allowedReferers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (header.startsWith(it.next())) {
                z = true;
                break;
            }
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        log.error("禁止 Referer = {} 的访问", header);
        HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
        httpServletResponse2.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse2.setContentType("application/json;charset=UTF-8");
        httpServletResponse2.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse2.setStatus(GlobalConst.Response.Code.SERVER_ERROR);
        httpServletResponse2.getWriter().print(new Gson().toJson(R.error(Integer.valueOf(GlobalConst.Response.Code.SERVER_ERROR), "非法访问")));
    }
}
