package com.ohaotian.plugin.security.filter;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:com/ohaotian/plugin/security/filter/CSRFilter.class */
public class CSRFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(CSRFilter.class);
    private String[] verifyReferer = null;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletResponse;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Referer");
        boolean z = false;
        for (String str : this.verifyReferer) {
            if (header == null || header.trim().startsWith(str)) {
                z = true;
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                break;
            }
        }
        if (!z) {
            log.info("疑似CSRF攻击，referer:" + header);
        }
        String method = httpServletRequest.getMethod();
        if ("GET".equals(method.toUpperCase()) || "POST".equals(method.toUpperCase()) || "HEAD".equals(method.toUpperCase())) {
            return;
        }
        log.error("The request with Method[" + method + "] was forbidden by server!");
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setStatus(403);
        httpServletResponse.getWriter().print("<font size=6 color=red>对不起，您的请求非法，系统拒绝响应!</font>");
    }
}
