package com.cory.web.interceptor;

import com.alibaba.fastjson.JSON;
import com.cory.context.GenericResult;
import com.cory.web.config.Constant;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

@Component
@Order(130)
/* loaded from: input_file:com/cory/web/interceptor/FormTokenInterceptor.class */
public class FormTokenInterceptor implements HandlerInterceptor {
    private static final String GENERATE_FORM_TOKEN_URL = "generateFormToken";

    @Autowired
    private RequestMatcher requestMatcher;
    private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws ServletException {
        HttpSession session = httpServletRequest.getSession(false);
        try {
            if (!this.requestMatcher.matches(httpServletRequest)) {
                if (!isGenerateFormTokenUrl(httpServletRequest)) {
                    return true;
                }
                String uuid = UUID.randomUUID().toString();
                session.setAttribute(Constant.FORM_TOKEN, uuid);
                httpServletResponse.setContentType("text/html;charset=UTF-8");
                httpServletResponse.getWriter().write(JSON.toJSONString(GenericResult.success(uuid)));
                return false;
            }
            String str = (String) session.getAttribute(Constant.FORM_TOKEN);
            String parameter = httpServletRequest.getParameter(Constant.FORM_TOKEN);
            if (StringUtils.isEmpty(str) || StringUtils.isEmpty(parameter)) {
                this.accessDeniedHandler.handle(httpServletRequest, httpServletResponse, new AccessDeniedException("Missing Form Token."));
                return false;
            }
            if (StringUtils.equals(str, parameter)) {
                session.removeAttribute(Constant.FORM_TOKEN);
                return true;
            }
            this.accessDeniedHandler.handle(httpServletRequest, httpServletResponse, new AccessDeniedException("请勿重复提交."));
            return false;
        } catch (IOException e) {
            return false;
        }
    }

    private boolean isGenerateFormTokenUrl(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().endsWith(GENERATE_FORM_TOKEN_URL);
    }
}
