package org.tinygroup.weblayer.webcontext.form.impl;

import javax.servlet.http.HttpServletRequest;
import org.tinygroup.logger.LogLevel;
import org.tinygroup.logger.Logger;
import org.tinygroup.logger.LoggerFactory;
import org.tinygroup.weblayer.webcontext.form.Form;
import org.tinygroup.weblayer.webcontext.form.FormCheckStrategy;
import org.tinygroup.weblayer.webcontext.form.FormManager;
import org.tinygroup.weblayer.webcontext.form.exception.DuplicateFormSubmitException;
import org.tinygroup.weblayer.webcontext.form.exception.FormDataJuggledException;

/* loaded from: input_file:WEB-INF/lib/org.tinygroup.weblayerbase-3.4.9.jar:org/tinygroup/weblayer/webcontext/form/impl/AbstractFormCheckStrategy.class */
public abstract class AbstractFormCheckStrategy implements FormCheckStrategy {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractFormCheckStrategy.class);
    private FormManager formManager;

    @Override // org.tinygroup.weblayer.webcontext.form.FormCheckStrategy
    public void apply(HttpServletRequest httpServletRequest, boolean z) {
        String formToken = getFormToken(httpServletRequest);
        if (applyIfTokenValue(formToken)) {
            if (!this.formManager.hasForm(httpServletRequest, formToken)) {
                throw new DuplicateFormSubmitException("表单重复提交，令牌[" + formToken + "]");
            }
            if (z && !httpServletRequest.getRequestURI().toString().equalsIgnoreCase(this.formManager.getForm(httpServletRequest, formToken).getUrl())) {
                throw new DuplicateFormSubmitException("关键属性被篡改，令牌[" + formToken + "]");
            }
            if (this.formManager.isModified(httpServletRequest, formToken)) {
                LOGGER.logMessage(LogLevel.WARN, "表单:[{0}]的数据被篡改了，本次请求参数：{1}", this.formManager.dumpForm(httpServletRequest, formToken), httpServletRequest.getQueryString());
                throw new FormDataJuggledException("表单数据被篡改了");
            }
        }
    }

    protected String getFormToken(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(Form.FORM_TOKEN_FIELD_NAME);
        if (parameter == null) {
            parameter = (String) httpServletRequest.getAttribute(Form.FORM_TOKEN_FIELD_NAME);
        }
        return parameter;
    }

    protected abstract boolean applyIfTokenValue(String str);

    public void setFormManager(FormManager formManager) {
        this.formManager = formManager;
    }
}
