package org.treeleafj.xmax.boot.handler;

import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.treeleafj.xmax.boot.basic.IgnoreInject;
import org.treeleafj.xmax.boot.utils.RequestUtils;
import org.treeleafj.xmax.json.Jsoner;
import org.treeleafj.xmax.safe.SqlUtils;

/* loaded from: input_file:org/treeleafj/xmax/boot/handler/SqlInjectInterceptor.class */
public class SqlInjectInterceptor implements HandlerInterceptor {
    private Logger log = LoggerFactory.getLogger(SqlInjectInterceptor.class);

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(IgnoreInject.class) && ((IgnoreInject) handlerMethod.getMethodAnnotation(IgnoreInject.class)).sql()) {
            return true;
        }
        while (parameterNames.hasMoreElements()) {
            for (String str : httpServletRequest.getParameterValues((String) parameterNames.nextElement())) {
                if (SqlUtils.isSqlInject(str)) {
                    this.log.warn("用户端{}传入的参数{}为sql注入, 全部参数为:{}", new Object[]{RequestUtils.getIp(httpServletRequest), str, Jsoner.toJson(httpServletRequest.getParameterMap())});
                    return false;
                }
            }
        }
        return true;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }
}
