package com.bcxin.ins.filter;

import com.alibaba.fastjson.JSONObject;
import com.bcxin.ins.dto.oauth.AccessToken;
import com.bcxin.ins.service.oauth.OAuthService;
import com.bcxin.ins.spring.util.SpringContextHolder;
import com.bcxin.ins.util.GlobalResources;
import com.bcxin.ins.util.http.ParameterRequestWrapper;
import com.bcxin.ins.util.toolbox.StrUtil;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/bcxin/ins/filter/AccessControlFilter.class */
public class AccessControlFilter implements Filter {
    protected final Logger logger = LoggerFactory.getLogger(AccessControlFilter.class);

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        OAuthService oAuthService;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String servletPath = httpServletRequest.getServletPath();
        String str = httpServletRequest.getRequestURL().toString().split("\\?")[0];
        if (servletPath.startsWith("/static") || servletPath.startsWith("/user/login") || servletPath.startsWith("/servlet/validateCodeServlet") || servletPath.startsWith("/admin") || servletPath.startsWith("/resources") || servletPath.startsWith("/weixin") || str.endsWith(".css") || str.endsWith(".js") || str.endsWith(".png") || str.endsWith(".jpg") || str.endsWith(".pdf") || str.endsWith(".gif") || str.endsWith(".woff2") || str.endsWith(".ico")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        this.logger.error("request url:" + httpServletRequest.getRequestURL().toString());
        this.logger.error("request Params:" + JSONObject.toJSONString(httpServletRequest.getParameterMap()));
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "x-requested-with,content-type,Content-type,authorization,x-csrf-token,access_token");
        httpServletResponse.setHeader("Content-type", "application/x-www-form-urlencoded; charset=UTF-8");
        String parameter = httpServletRequest.getParameter("ACCESS_TOKEN");
        if (StringUtils.isEmpty(parameter)) {
            String header = httpServletRequest.getHeader("Referer");
            if (StringUtils.isNotEmpty(header) && header.contains("ACCESS_TOKEN=") && !header.endsWith("ACCESS_TOKEN=")) {
                String str2 = header.split("ACCESS_TOKEN=")[1];
                if (str2.length() == 32) {
                    parameter = str2;
                } else if (str2.length() > 32) {
                    if (str2.contains("&")) {
                        str2 = str2.split("&")[0];
                    }
                    if (str2.length() > 0) {
                        parameter = str2;
                    }
                }
            }
        }
        this.logger.error("request access_token:" + parameter);
        if (StringUtils.isNotEmpty(parameter) && (oAuthService = (OAuthService) SpringContextHolder.getBean(OAuthService.class)) != null) {
            AccessToken accessToken = oAuthService.getAccessToken(parameter);
            if (accessToken != null) {
                httpServletRequest.setAttribute("create_by", accessToken.getUserId());
                httpServletRequest.setAttribute("update_by", accessToken.getUserId());
                httpServletRequest.setAttribute("webId", accessToken.getWebId());
                HashMap hashMap = new HashMap();
                if (StrUtil.isEmpty(httpServletRequest.getParameter("webId"))) {
                    hashMap.put("webId", accessToken.getWebId());
                }
                hashMap.put("create_by", accessToken.getUserId());
                hashMap.put("update_by", accessToken.getUserId());
                hashMap.put("ACCESS_TOKEN", parameter);
                filterChain.doFilter(new ParameterRequestWrapper(httpServletRequest, hashMap), httpServletResponse);
                return;
            }
            if (!httpServletRequest.getServletPath().startsWith("/api/thr") && !httpServletRequest.getServletPath().startsWith("/api/preservation") && !httpServletRequest.getServletPath().startsWith("/app/report")) {
                httpServletResponse.sendRedirect(GlobalResources.BASE_URL + "/user/login");
                return;
            }
        }
        if (decide(httpServletRequest.getServletPath())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendRedirect(GlobalResources.BASE_URL + "/user/login");
        }
    }

    private boolean decide(String str) {
        String[] strArr = {"/test", "/synopsis", "/admin", "/api", "/base64", "/dwz", "/file", "/getResource", "/static", "/inform", "/infoNews", "/news", "/CA-API", "/QH-API", "/TB-API", "/user/login", "/PAC-API", "/RB-API", "/ZH-API", "/HT-API", "/TBAPI/GYX/syntony-service", "/insurance/gzzrx/transaction/syntony-service", "/insurance/gyx/transaction/syntony-service", "/insurance/gzx/transaction/syntony-service", "/transaction", "/insurance/tyx/transaction/syntony-service", "/insurance/zzx/transaction/syntony-service", "/insurance/build/product", "/insurance/gyx/product", "/insurance/gzx/product", "/insurance/gzzrx/product", "/insurance/lawsuit/product", "/insurance/gmr/product", "/insurance/customs/product", "/insurance/lote/product", "/insurance/gzzrx/policy/natureChange", "/weixin", "/insuranceService", "/policies_1", "/policies_2", "/policies_3", "/policies_4", "/footer_partners", "/footer_blogroll", "/config", "/getIframeUrl", "/user", "/app", "/resources", "/favicon.ico", "/pc/order/exportDetailByOrderID", "/insurance/product"};
        if (str.equals("/")) {
            return true;
        }
        for (String str2 : strArr) {
            if (str.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
    }
}
