package top.continew.starter.security.xss.filter;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.io.IoUtil;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.EscapeUtil;
import cn.hutool.core.util.ReUtil;
import cn.hutool.http.HtmlUtil;
import cn.hutool.http.Method;
import jakarta.servlet.ReadListener;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.util.List;
import top.continew.starter.security.xss.autoconfigure.XssProperties;
import top.continew.starter.security.xss.enums.XssMode;

/* loaded from: input_file:top/continew/starter/security/xss/filter/XssServletRequestWrapper.class */
public class XssServletRequestWrapper extends HttpServletRequestWrapper {
    private final XssProperties xssProperties;
    private String body;

    public XssServletRequestWrapper(HttpServletRequest httpServletRequest, XssProperties xssProperties) throws IOException {
        super(httpServletRequest);
        this.body = "";
        this.xssProperties = xssProperties;
        if (CharSequenceUtil.equalsAnyIgnoreCase(httpServletRequest.getMethod().toUpperCase(), new CharSequence[]{Method.POST.name(), Method.PATCH.name(), Method.PUT.name()})) {
            this.body = IoUtil.getReader(httpServletRequest.getReader()).readLine();
            if (CharSequenceUtil.isBlank(this.body)) {
                return;
            }
            this.body = handleTag(this.body);
        }
    }

    public BufferedReader getReader() {
        return IoUtil.toBuffered(new StringReader(this.body));
    }

    public ServletInputStream getInputStream() {
        return getServletInputStream(this.body);
    }

    public String getQueryString() {
        return handleTag(super.getQueryString());
    }

    public String getParameter(String str) {
        return handleTag(super.getParameter(str));
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (ArrayUtil.isEmpty(parameterValues)) {
            return parameterValues;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = handleTag(parameterValues[i]);
        }
        return strArr;
    }

    private String handleTag(String str) {
        if (CharSequenceUtil.isBlank(str)) {
            return str;
        }
        if (!XssMode.ESCAPE.equals(this.xssProperties.getMode())) {
            return HtmlUtil.cleanHtmlTag(str);
        }
        List<String> findAllGroup0 = ReUtil.findAllGroup0("(<[^<]*?>)|(<[\\s]*?/[^<]*?>)|(<[^<]*?/[\\s]*?>)", str);
        if (CollUtil.isEmpty(findAllGroup0)) {
            return str;
        }
        for (String str2 : findAllGroup0) {
            str = str.replace(str2, EscapeUtil.escapeHtml4(str2).replace("\\", ""));
        }
        return str;
    }

    static ServletInputStream getServletInputStream(String str) {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        return new ServletInputStream() { // from class: top.continew.starter.security.xss.filter.XssServletRequestWrapper.1
            public int read() {
                return byteArrayInputStream.read();
            }

            public boolean isFinished() {
                return byteArrayInputStream.available() == 0;
            }

            public boolean isReady() {
                return false;
            }

            public void setReadListener(ReadListener readListener) {
            }
        };
    }
}
