package com.xdja.drs.filter;

import com.xdja.agreement.config.SystemConfig;
import com.xdja.drs.util.BeanUtils;
import com.xdja.drs.util.Const;
import com.xdja.drs.util.RedisUtil;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import org.directwebremoting.AjaxFilter;
import org.directwebremoting.AjaxFilterChain;
import org.directwebremoting.WebContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/drs/filter/DwrSafeFilter.class */
public class DwrSafeFilter implements AjaxFilter {
    private static final Logger logger = LoggerFactory.getLogger(DwrSafeFilter.class);
    private static final List<String> whitelist = new ArrayList();
    private RedisUtil redisUtil;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public Object doFilter(Object obj, Method method, Object[] objArr, AjaxFilterChain ajaxFilterChain) throws Exception {
        HttpServletRequest httpServletRequest = WebContextFactory.get().getHttpServletRequest();
        if (SystemConfig.getInstance().getBoolean(Const.WAF_CSRF_SWITCH) && "POST".equalsIgnoreCase(httpServletRequest.getMethod()) && objArr != null && objArr.length > 0) {
            String header = httpServletRequest.getHeader(Const.xCsrfToken);
            this.redisUtil = (RedisUtil) BeanUtils.getBean(RedisUtil.class);
            if (!this.redisUtil.STRINGS.get(Const.xCsrfToken).equals(header) && !isIgnore(httpServletRequest.getRequestURI())) {
                logger.error("csrf拦截不通过:{}", method.getName());
                throw new ServletException("csrf校验不通过");
            }
        }
        return ajaxFilterChain.doFilter(obj, method, objArr);
    }

    public void destroy() {
    }

    public boolean isIgnore(String str) {
        Iterator<String> it = whitelist.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    static {
        whitelist.add("OutColumnCfg.");
        whitelist.add("OutTableCfg.");
    }
}
