package net.yadaframework.security;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Map;
import net.yadaframework.components.YadaUtil;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.core.YadaWebConfig;
import net.yadaframework.security.components.YadaAuthenticationFailureHandler;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.multipart.support.StandardServletMultipartResolver;

/* loaded from: input_file:net/yadaframework/security/AuditFilter.class */
public class AuditFilter extends OncePerRequestFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(AuditFilter.class);
    private static final Logger filesLog = LoggerFactory.getLogger(AuditFilter.class.getName() + ".files");
    private static final String MDC_USERNAME = "username";
    private static final String MDC_SESSION = "session";
    private static final String MDC_REMOTEIP = "remoteIp";
    private String yadaResourceUrlStart = null;
    private String resourceUrlStart = null;
    private String staticUrlStart = null;
    private String contentUrlStart = null;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (this.resourceUrlStart == null) {
            this.resourceUrlStart = httpServletRequest.getContextPath() + YadaWebConfig.getResourceFolder() + "-";
        }
        if (this.staticUrlStart == null) {
            this.staticUrlStart = httpServletRequest.getContextPath() + YadaWebConfig.getStaticFileFolder();
        }
        if (this.yadaResourceUrlStart == null) {
            this.yadaResourceUrlStart = httpServletRequest.getContextPath() + YadaWebConfig.getYadaResourceFolder();
        }
        if (this.contentUrlStart == null) {
            try {
                this.contentUrlStart = httpServletRequest.getContextPath() + ((YadaConfiguration) YadaUtil.getBean("config")).getContentUrl();
            } catch (Exception e) {
                log.debug("No YadaConfiguration found yet (ignored)");
            }
        }
        if (!filesLog.isInfoEnabled() && isFile(httpServletRequest)) {
            try {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } catch (Exception e2) {
                log.error("Error loading {}: {}", httpServletRequest.getRequestURI(), e2.getMessage());
                throw e2;
            }
        }
        boolean z = !isAsyncDispatch(httpServletRequest);
        long j = -1;
        String str = "";
        String str2 = "";
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        String str3 = StringUtils.isBlank(remoteAddr) ? "?" : remoteAddr;
        if (!StringUtils.isBlank(header)) {
            str3 = "[for " + header + "]";
        }
        String requestURI = httpServletRequest.getRequestURI();
        HttpSession session = httpServletRequest.getSession(false);
        SecurityContext securityContext = null;
        if (session != null) {
            str = StringUtils.trimToEmpty(session.getId());
            securityContext = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
        }
        if (str.length() == 0) {
            str = "req-" + Integer.toString(httpServletRequest.hashCode());
        }
        if (securityContext != null) {
            try {
                str2 = securityContext.getAuthentication().getName();
            } catch (Exception e3) {
                log.debug("No username in securityContext");
            }
        }
        MDC.put(MDC_SESSION, str);
        MDC.put("username", str2);
        MDC.put(MDC_REMOTEIP, str3);
        if (z) {
            beforeRequest(httpServletRequest);
            j = System.currentTimeMillis();
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            int status = httpServletResponse.getStatus();
            if (isFile(httpServletRequest) || isAsyncStarted(httpServletRequest)) {
                if (status > 399) {
                    log.error("{} HTTP {}", requestURI, Integer.valueOf(status));
                }
            } else if (j > -1) {
                log.info("{}: {} ms (HTTP {})", new Object[]{requestURI, Long.valueOf(System.currentTimeMillis() - j), Integer.valueOf(status)});
            }
        } finally {
            MDC.remove("username");
            MDC.remove(MDC_SESSION);
            MDC.remove(MDC_REMOTEIP);
        }
    }

    private boolean isFile(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        return (this.resourceUrlStart != null && requestURI.startsWith(this.resourceUrlStart)) || (this.yadaResourceUrlStart != null && requestURI.startsWith(this.yadaResourceUrlStart)) || ((this.staticUrlStart != null && requestURI.startsWith(this.staticUrlStart)) || (this.contentUrlStart != null && requestURI.startsWith(this.contentUrlStart)));
    }

    protected void beforeRequest(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        boolean z = (requestURI != null && requestURI.contains(";")) || (queryString != null && queryString.contains(";"));
        if (log.isInfoEnabled() || z) {
            try {
                String str = "XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With")) ? " (ajax)" : "";
                if (z) {
                    log.warn("requestUri:{}" + str, requestURI);
                    if (queryString != null) {
                        log.warn("queryString:{}", queryString);
                    }
                } else {
                    log.info("requestUri:{}" + str, requestURI);
                    if (queryString != null) {
                        log.info("queryString:{}", queryString);
                    }
                }
                if (log.isDebugEnabled()) {
                    Map parameterMap = httpServletRequest.getParameterMap();
                    for (String str2 : parameterMap.keySet()) {
                        String[] strArr = (String[]) parameterMap.get(str2);
                        StringBuffer stringBuffer = new StringBuffer();
                        for (int i = 0; i < strArr.length; i++) {
                            if (i > 0) {
                                stringBuffer.append(" & ");
                            }
                            stringBuffer.append(strArr[i]);
                        }
                        if (YadaAuthenticationFailureHandler.REQUESTATTR_PASSWORD.equals(str2) || "confirmPassword".equals(str2)) {
                            stringBuffer = new StringBuffer("[value hidden from log]");
                        }
                        log.debug("** {} = {} **", str2, stringBuffer);
                    }
                    if (parameterMap.isEmpty()) {
                        if (new StandardServletMultipartResolver().isMultipart(httpServletRequest)) {
                            log.debug("** multipart request");
                        } else if (httpServletRequest.getContentType().equals("application/json;charset=UTF-8")) {
                            log.debug("** json object");
                        }
                    }
                }
            } catch (Throwable th) {
            }
        }
    }
}
