package top.ibase4j.core.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import top.ibase4j.core.Constants;
import top.ibase4j.core.support.HttpCode;

/* loaded from: input_file:top/ibase4j/core/interceptor/MaliciousRequestInterceptor.class */
public class MaliciousRequestInterceptor extends BaseInterceptor {
    private Boolean allRequest = false;
    private Long minRequestIntervalTime = 500L;
    private Integer maxMaliciousTimes = 0;

    @Override // top.ibase4j.core.interceptor.BaseInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET,PUT,OPTIONS,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,Access-Control-Allow-Origin,EX-SysAuthToken,EX-JSESSIONID");
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.endsWith("/unauthorized") || servletPath.endsWith("/forbidden")) {
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        }
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(Constants.PREREQUEST);
        Long l = (Long) session.getAttribute(Constants.PREREQUEST_TIME);
        if (l != null && str != null) {
            if ((servletPath.equals(str) || this.allRequest.booleanValue()) && System.currentTimeMillis() - l.longValue() < this.minRequestIntervalTime.longValue()) {
                Integer num = (Integer) session.getAttribute(Constants.MALICIOUS_REQUEST_TIMES);
                Integer valueOf = num == null ? 1 : Integer.valueOf(num.intValue() + 1);
                session.setAttribute(Constants.MALICIOUS_REQUEST_TIMES, valueOf);
                if (valueOf.intValue() > this.maxMaliciousTimes.intValue()) {
                    httpServletResponse.setStatus(HttpCode.MULTI_STATUS.value().intValue());
                    logger.warn("To intercept a malicious request : {}", servletPath);
                    return false;
                }
            } else {
                session.setAttribute(Constants.MALICIOUS_REQUEST_TIMES, 0);
            }
        }
        session.setAttribute(Constants.PREREQUEST, servletPath);
        session.setAttribute(Constants.PREREQUEST_TIME, Long.valueOf(System.currentTimeMillis()));
        return super.preHandle(httpServletRequest, httpServletResponse, obj);
    }

    public void setAllRequest(Boolean bool) {
        this.allRequest = bool;
    }

    public void setMinRequestIntervalTime(Long l) {
        this.minRequestIntervalTime = l;
    }

    public void setMaxMaliciousTimes(Integer num) {
        this.maxMaliciousTimes = num;
    }
}
