package io.gitee.rocksdev.kernel.security.xss;

import io.gitee.rocksdev.kernel.security.xss.prop.XssProperties;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Iterator;
import org.dromara.hutool.core.collection.CollUtil;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:io/gitee/rocksdev/kernel/security/xss/XssFilter.class */
public class XssFilter implements Filter {
    public static final String FILTER_NAME = "ROCKS_XSS_FILTER";
    private final XssProperties xssProperties;

    public XssFilter(XssProperties xssProperties) {
        this.xssProperties = xssProperties;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        String contextPath = httpServletRequest.getContextPath();
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        if (this.xssProperties != null && CollUtil.isNotEmpty(this.xssProperties.getUrlExclusion())) {
            Iterator<String> it = this.xssProperties.getUrlExclusion().iterator();
            while (it.hasNext()) {
                if (antPathMatcher.match(contextPath + it.next(), contextPath + servletPath)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        filterChain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
    }
}
