package com.jxdinfo.hussar.support.secure.riskprotect.filter;

import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/filter/ReferCorsFilter.class */
public class ReferCorsFilter implements Filter {
    private final Logger logger = LoggerFactory.getLogger(ReferCorsFilter.class);
    private List<String> allowedOrigins;
    private List<String> allowedMethods;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Referer");
        Boolean bool = false;
        if (HussarUtils.isNotEmpty(header)) {
            try {
                String method = httpServletRequest.getMethod();
                if (HussarUtils.isNotEmpty(this.allowedMethods) && HussarUtils.isNotEmpty(method) && !this.allowedMethods.contains("*")) {
                    bool = Boolean.valueOf(!this.allowedMethods.stream().filter(str -> {
                        return str.equalsIgnoreCase(method);
                    }).findFirst().isPresent());
                }
                if (!bool.booleanValue() && HussarUtils.isNotEmpty(this.allowedOrigins)) {
                    UriComponents build = UriComponentsBuilder.fromOriginHeader(header).build();
                    String uriString = HussarUtils.isNotBlank(build.toUriString()) ? build.toUriString() : header;
                    if (!this.allowedOrigins.contains("*")) {
                        bool = Boolean.valueOf(!this.allowedOrigins.stream().filter(str2 -> {
                            return str2.equals(uriString);
                        }).findFirst().isPresent());
                    }
                }
            } catch (Exception e) {
                this.logger.error("通过请求头refer判断是否跨域失败, refer = {}", header, e);
            }
        }
        if (!bool.booleanValue()) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            httpServletResponse.setStatus(403);
            httpServletResponse.getOutputStream().write("Request header refer not valid, Invalid CORS request".getBytes("utf-8"));
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public List<String> getAllowedOrigins() {
        return this.allowedOrigins;
    }

    public void setAllowedOrigins(List<String> list) {
        this.allowedOrigins = list;
    }

    public List<String> getAllowedMethods() {
        return this.allowedMethods;
    }

    public void setAllowedMethods(List<String> list) {
        this.allowedMethods = list;
    }
}
