package top.ibase4j.core.interceptor;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.serializer.SerializerFeature;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.ui.ModelMap;
import top.ibase4j.core.Constants;
import top.ibase4j.core.support.HttpCode;
import top.ibase4j.core.util.CacheUtil;
import top.ibase4j.core.util.FileUtil;
import top.ibase4j.core.util.WebUtil;

/* loaded from: input_file:top/ibase4j/core/interceptor/MaliciousRequestInterceptor.class */
public class MaliciousRequestInterceptor extends BaseInterceptor {
    private boolean allRequest = false;
    private boolean containsParamter = true;
    private int minRequestIntervalTime = 500;
    private int maxMaliciousTimes = 0;
    private List<String> whiteUrls = FileUtil.readFile(MaliciousRequestInterceptor.class.getResource("/").getFile() + "white/mrqWhite.txt");
    private int _size;

    public MaliciousRequestInterceptor() {
        this._size = 0;
        this._size = null == this.whiteUrls ? 0 : this.whiteUrls.size();
    }

    @Override // top.ibase4j.core.interceptor.BaseInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,Access-Control-Allow-Origin,EX-SysAuthToken,EX-JSESSIONID");
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.endsWith("/unauthorized") || servletPath.endsWith("/forbidden") || isWhiteReq(servletPath)) {
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        }
        if (this.containsParamter) {
            servletPath = servletPath + JSON.toJSONString(WebUtil.getParameterMap(httpServletRequest));
        }
        Object currentUser = WebUtil.getCurrentUser(httpServletRequest);
        String obj2 = currentUser != null ? currentUser.toString() : WebUtil.getHost(httpServletRequest) + httpServletRequest.getHeader(Constants.USER_AGENT);
        String str = (String) CacheUtil.getCache().getFire(Constants.PREREQUEST + obj2);
        Long l = (Long) CacheUtil.getCache().getFire(Constants.PREREQUEST_TIME + obj2);
        int i = this.minRequestIntervalTime / 500;
        if (l != null && str != null) {
            if ((servletPath.equals(str) || this.allRequest) && System.currentTimeMillis() - l.longValue() < this.minRequestIntervalTime) {
                Integer num = (Integer) CacheUtil.getCache().getFire(Constants.MALICIOUS_REQUEST_TIMES + obj2);
                Integer valueOf = num == null ? 1 : Integer.valueOf(num.intValue() + 1);
                CacheUtil.getCache().set(Constants.MALICIOUS_REQUEST_TIMES + obj2, valueOf, i);
                if (valueOf.intValue() > this.maxMaliciousTimes) {
                    CacheUtil.getCache().set(Constants.MALICIOUS_REQUEST_TIMES + obj2, 0, i);
                    logger.warn("To intercept a malicious request : {}", servletPath);
                    ModelMap modelMap = new ModelMap();
                    modelMap.put("code", HttpCode.MULTI_STATUS.value().toString());
                    modelMap.put("msg", HttpCode.MULTI_STATUS.msg());
                    modelMap.put("timestamp", Long.valueOf(System.currentTimeMillis()));
                    logger.info("RESPONSE : " + JSON.toJSON(modelMap));
                    httpServletResponse.getOutputStream().write(JSON.toJSONBytes(modelMap, new SerializerFeature[]{SerializerFeature.DisableCircularReferenceDetect}));
                    return false;
                }
            } else {
                CacheUtil.getCache().set(Constants.MALICIOUS_REQUEST_TIMES + obj2, 0, i);
            }
        }
        CacheUtil.getCache().set(Constants.PREREQUEST + obj2, servletPath, i);
        CacheUtil.getCache().set(Constants.PREREQUEST_TIME + obj2, Long.valueOf(System.currentTimeMillis()), i);
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    private boolean isWhiteReq(String str) {
        if (this._size == 0) {
            return false;
        }
        Iterator<String> it = this.whiteUrls.iterator();
        while (it.hasNext()) {
            if (str.indexOf(it.next().toLowerCase()) > -1) {
                return true;
            }
        }
        return false;
    }

    public void setAllRequest(boolean z) {
        this.allRequest = z;
    }

    public void setContainsParamter(boolean z) {
        this.containsParamter = z;
    }

    public void setMinRequestIntervalTime(int i) {
        this.minRequestIntervalTime = i;
    }

    public void setMaxMaliciousTimes(int i) {
        this.maxMaliciousTimes = i;
    }
}
