package com.github.kaizen4j.mybatis.plugin.secure;

import com.github.kaizen4j.util.JsonUtils;
import com.github.kaizen4j.util.PrimitiveUtils;
import com.github.kaizen4j.util.XssUtils;
import java.lang.reflect.Field;
import java.sql.Date;
import java.sql.Timestamp;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.plugin.Intercepts;
import org.apache.ibatis.plugin.Invocation;
import org.apache.ibatis.plugin.Plugin;
import org.apache.ibatis.plugin.Signature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Intercepts({@Signature(type = Executor.class, method = "update", args = {MappedStatement.class, Object.class})})
/* loaded from: input_file:com/github/kaizen4j/mybatis/plugin/secure/XssStrippingInterceptor.class */
public class XssStrippingInterceptor implements Interceptor {
    private static final Logger logger = LoggerFactory.getLogger(XssStrippingInterceptor.class);

    public Object intercept(Invocation invocation) throws Throwable {
        MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[0];
        Object obj = invocation.getArgs()[1];
        if (logger.isDebugEnabled()) {
            logger.debug("XssStrippingInterceptor intercept mapper statement id [{}]", mappedStatement.getId());
        }
        if (Objects.isNull(obj)) {
            return invocation.proceed();
        }
        if (obj instanceof Map) {
            Map map = (Map) obj;
            map.entrySet().forEach(entry -> {
                stripProperty((Map<String, Object>) map, (Map.Entry<String, Object>) entry);
            });
        } else {
            stripProperty(obj);
        }
        return invocation.proceed();
    }

    private void stripProperty(Map<String, Object> map, Map.Entry<String, Object> entry) {
        String key = entry.getKey();
        Object value = entry.getValue();
        if (Objects.isNull(value)) {
            return;
        }
        if (value instanceof String) {
            String strip = XssUtils.strip(value.toString());
            map.put(key, strip);
            if (logger.isDebugEnabled()) {
                logger.debug("Parameter map key [{}] value [{}] stripped [{}]", new Object[]{key, value, strip});
                return;
            }
            return;
        }
        if (!(value instanceof Collection)) {
            stripProperty(value);
            return;
        }
        Collection collection = (Collection) value;
        CollectionUtils.emptyIfNull(collection).forEach(this::stripProperty);
        if (logger.isDebugEnabled()) {
            logger.debug("Parameter collection [{}] values stripped [{}]", key, JsonUtils.toJson(collection));
        }
    }

    private void stripProperty(Object obj) {
        if (PrimitiveUtils.isPrimitive(obj) || (obj instanceof Date) || (obj instanceof Timestamp) || (obj instanceof Class)) {
            logger.debug("Ignored primitive type or other parameter [{}]", obj.getClass());
            return;
        }
        Field[] declaredFields = obj.getClass().getDeclaredFields();
        if (Objects.isNull(declaredFields)) {
            return;
        }
        CollectionUtils.emptyIfNull(Arrays.asList(declaredFields)).forEach(field -> {
            stripProperty(obj, field);
        });
    }

    private void stripProperty(Object obj, Field field) {
        try {
            if (field.getType().equals(String.class)) {
                String property = BeanUtils.getProperty(obj, field.getName());
                String strip = XssUtils.strip(property);
                BeanUtils.setProperty(obj, field.getName(), strip);
                if (logger.isDebugEnabled()) {
                    logger.debug("Parameter object field [{}] value [{}] stripped [{}]", new Object[]{field.getName(), property, strip});
                }
            }
        } catch (Exception e) {
            logger.error("Strip parameter object field [{}] value error", field.getName(), e);
        }
    }

    public Object plugin(Object obj) {
        return Plugin.wrap(obj, this);
    }

    public void setProperties(Properties properties) {
    }
}
