package me.yukitale.cryptoexchange.exchange.security.xss;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

@Component
@Order(Integer.MIN_VALUE)
/* loaded from: input_file:BOOT-INF/classes/me/yukitale/cryptoexchange/exchange/security/xss/XSSFilter.class */
public class XSSFilter implements Filter {
    private static final List<String> EXCLUSION_FILTERS = Arrays.asList("/api/admin-panel/settings/email", "/api/admin-panel/settings/presets", "/api/admin-panel/settings/legals", "/api/admin-panel/settings/errors", "/api/admin-panel/user-edit/errors", "/api/admin-panel/user-edit/alert", "/api/worker-panel/settings/legals", "/api/worker-panel/settings/presets", "/api/worker-panel/settings/errors", "/api/worker-panel/user-edit/errors", "/api/worker-panel/user-edit/alert");

    private static boolean isExclusionUrl(String str) {
        return EXCLUSION_FILTERS.contains(str.toLowerCase().split("\\?")[0]);
    }

    @Override // jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isExclusionUrl(((HttpServletRequest) servletRequest).getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String contentType = servletRequest.getContentType();
        if (StringUtils.isNotBlank(contentType) && contentType.toLowerCase().contains("multipart/form-data")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        XSSRequestWrapper xSSRequestWrapper = new XSSRequestWrapper((HttpServletRequest) servletRequest);
        String iOUtils = IOUtils.toString(xSSRequestWrapper.getReader());
        if (!iOUtils.isBlank()) {
            xSSRequestWrapper.resetInputStream(XSSUtils.stripXSS(iOUtils).getBytes());
        }
        filterChain.doFilter(xSSRequestWrapper, servletResponse);
    }
}
