package com.tydic.nicc.im.config.filter;

import com.alibaba.fastjson.JSONObject;
import com.tydic.nicc.dc.base.bo.Rsp;
import com.tydic.nicc.dc.boot.starter.util.BaseRspUtils;
import com.tydic.nicc.im.config.FileManageConfigPropertiesBean;
import java.io.IOException;
import javax.annotation.Resource;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;

@WebFilter(filterName = "fileAccessFilter", urlPatterns = {"/im-files/*"})
@Order(1)
/* loaded from: input_file:com/tydic/nicc/im/config/filter/FileAccessFilter.class */
public class FileAccessFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(FileAccessFilter.class);

    @Resource
    private FileManageConfigPropertiesBean fileManageConfigPropertiesBean;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String remoteHost = httpServletRequest.getRemoteHost();
        log.debug("FileAccessFilter requestUri = {}", httpServletRequest.getRequestURI());
        String header = httpServletRequest.getHeader("referer");
        if (!this.fileManageConfigPropertiesBean.matchReferes(header)) {
            log.warn("Access denied : 禁止外链访问  , referer = {}", header);
            authError(httpServletResponse, "Access denied!");
        } else if (!this.fileManageConfigPropertiesBean.matchWhiteIp(remoteHost)) {
            log.warn("Access denied : ip不在白名单内  , client = {}", remoteHost);
            authError(httpServletResponse, "Access denied!");
        } else if (!this.fileManageConfigPropertiesBean.matchBlackIp(remoteHost)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            log.warn("Access denied : ip在黑名单内  , client = {}", remoteHost);
            authError(httpServletResponse, "Access denied!");
        }
    }

    private void authError(HttpServletResponse httpServletResponse, String str) {
        Rsp createErrorRsp = BaseRspUtils.createErrorRsp("9999", str);
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        try {
            httpServletResponse.getWriter().write(JSONObject.toJSONString(createErrorRsp));
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
