package org.hotpotmaterial.anywhere.common.security.shiro;

import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.web.servlet.OncePerRequestFilter;
import org.apache.shiro.web.util.WebUtils;
import org.hotpotmaterial.anywhere.common.security.csrf.CsrfToken;
import org.hotpotmaterial.anywhere.common.security.csrf.CsrfTokenRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:org/hotpotmaterial/anywhere/common/security/shiro/CsrfFilter.class */
public class CsrfFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(CsrfFilter.class);
    private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
    private String loginUrl;
    private CsrfTokenRepository csrfTokenRepository;

    public CsrfFilter(String str, CsrfTokenRepository csrfTokenRepository) {
        Assert.notNull(str, "loginUrl cannot be null");
        Assert.notNull(csrfTokenRepository, "csrfTokenRepository cannot be null");
        this.loginUrl = str;
        this.csrfTokenRepository = csrfTokenRepository;
    }

    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        Session session = SecurityUtils.getSubject().getSession(true);
        CsrfToken loadToken = this.csrfTokenRepository.loadToken(session);
        boolean z = loadToken == null;
        if (z) {
            loadToken = this.csrfTokenRepository.generateToken(session);
            log.debug("Session id: {} generate token: {}", session.getId(), loadToken.getToken());
        }
        servletRequest.setAttribute(CsrfToken.class.getName(), loadToken);
        servletRequest.setAttribute(loadToken.getParameterName(), loadToken);
        if (!methodMatch(http)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = http.getHeader(loadToken.getHeaderName());
        if (header == null) {
            header = servletRequest.getParameter(loadToken.getParameterName());
        }
        if (loadToken.getToken().equals(header)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (WebUtils.getPathWithinApplication(WebUtils.toHttp(http)).equals(this.loginUrl)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.loginUrl);
            return;
        }
        log.debug("Invalid CSRF token found for {}", WebUtils.getRequestUri(http));
        if (z) {
            http2.sendError(403, "Expected CSRF token not found. Has your session expired?");
        } else {
            http2.sendError(403, "Invalid CSRF Token '" + header + "' was found on the request parameter '" + loadToken.getParameterName() + "' or header '" + loadToken.getHeaderName() + "'.");
        }
    }

    private boolean methodMatch(HttpServletRequest httpServletRequest) {
        return !this.allowedMethods.matcher(httpServletRequest.getMethod()).matches();
    }

    public String getLoginUrl() {
        return this.loginUrl;
    }

    public void setLoginUrl(String str) {
        this.loginUrl = str;
    }
}
