package tech.riemann.etp.starter.monitor.filter;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
import lombok.Generated;
import org.nutz.lang.Lang;
import org.nutz.lang.Strings;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import tech.riemann.etp.Ips;

/* loaded from: input_file:tech/riemann/etp/starter/monitor/filter/ActuatorFilter.class */
public class ActuatorFilter implements Filter {
    Log logger = Logs.get();
    private final List<String> ipWhitelist;
    private final boolean allowPrivate;
    private static final String UNKNOWN = "unknown";

    public void init(FilterConfig filterConfig) throws ServletException {
        this.logger.info("ActuatorFilter filter is init.....");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String ipAddress = getIpAddress((HttpServletRequest) servletRequest);
        this.logger.infof("访问 actuator 的机器的原始IP：%s", new Object[]{ipAddress});
        if (isMatchWhiteList(ipAddress)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        servletResponse.setContentType("application/json");
        servletResponse.setCharacterEncoding("UTF-8");
        PrintWriter writer = servletResponse.getWriter();
        writer.write("{\"code\":401}");
        writer.flush();
        writer.close();
    }

    private boolean isMatchWhiteList(String str) {
        return Lang.list(new String[]{"0:0:0:0:0:0:0:1", "127.0.0.1"}).contains(str) || (this.allowPrivate && Ips.internalIp(str)) || this.ipWhitelist.stream().anyMatch(str2 -> {
            return Ips.isInRange(str, str2);
        });
    }

    private String getIpAddress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        if (header == null || header.length() == 0 || Strings.equalsIgnoreCase(UNKNOWN, header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || Strings.equalsIgnoreCase(UNKNOWN, header)) {
            header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.length() == 0 || Strings.equalsIgnoreCase(UNKNOWN, header)) {
            header = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.length() == 0 || Strings.equalsIgnoreCase(UNKNOWN, header)) {
            header = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.length() == 0 || Strings.equalsIgnoreCase(UNKNOWN, header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        return header;
    }

    public void destroy() {
        this.logger.info("ActuatorFilter filter is destroyed.....");
    }

    @Generated
    public ActuatorFilter(List<String> list, boolean z) {
        this.ipWhitelist = list;
        this.allowPrivate = z;
    }
}
