package kd.bos.eye.httpserver;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import kd.bos.eye.auth.EyeAuther;
import kd.bos.eye.config.EyeConfigKeys;
import kd.bos.eye.util.ApiResponse;
import kd.bos.eye.util.ExchangeVueUtils;
import kd.bos.eye.util.EyeUriQuery;
import kd.bos.thread.ThreadTruck;
import kd.bos.util.JSONUtils;

/* loaded from: input_file:kd/bos/eye/httpserver/AbstractHttpHandler.class */
public abstract class AbstractHttpHandler implements HttpHandler {
    public void handle(HttpExchange httpExchange) throws IOException {
        try {
            ThreadTruck.put(EyeConfigKeys.SESSION_DB_KEY, true);
            if (!checkAuth(httpExchange)) {
                noPermission(httpExchange);
            } else if (!checkCSRF(httpExchange)) {
                attackByCSRF(httpExchange);
            } else if (checkNewUser(httpExchange)) {
                noModifyNewUserPassword(httpExchange);
            } else {
                handle0(httpExchange);
            }
            ThreadTruck.current().close();
        } catch (Throwable th) {
            ThreadTruck.current().close();
            throw th;
        }
    }

    private void noPermission(HttpExchange httpExchange) throws IOException {
        String path = httpExchange.getRequestURI().getPath();
        if (path.endsWith("/eye/tc/") || path.endsWith("/eye/tc")) {
            ExchangeVueUtils.redirect(httpExchange, "/monitor/eye/#/login?redirect=%2Ftc");
            return;
        }
        HashMap hashMap = new HashMap(2);
        hashMap.put("code", 50009);
        hashMap.put("msg", "No permission");
        ApiResponse apiResponse = new ApiResponse();
        apiResponse.setCode(50009);
        apiResponse.setMsg("No permission");
        apiResponse.setData(hashMap);
        writeJson(JSONUtils.toString(apiResponse), httpExchange);
    }

    private void attackByCSRF(HttpExchange httpExchange) throws IOException {
        ApiResponse apiResponse = new ApiResponse();
        apiResponse.setCode(50009);
        apiResponse.setMsg("attack by CSRF!");
        apiResponse.setData(null);
        writeJson(JSONUtils.toString(apiResponse), httpExchange);
    }

    private void noModifyNewUserPassword(HttpExchange httpExchange) throws IOException {
        ApiResponse apiResponse = new ApiResponse();
        apiResponse.setCode(50009);
        apiResponse.setMsg("提示：新用户未修改密码，请修改密码后再操作!");
        apiResponse.setData(null);
        writeJson(JSONUtils.toString(apiResponse), httpExchange);
    }

    private boolean checkNewUser(HttpExchange httpExchange) {
        return EyeAuther.checkNewUser(httpExchange);
    }

    private boolean checkAuth(HttpExchange httpExchange) {
        return EyeAuther.check(httpExchange);
    }

    private boolean checkCSRF(HttpExchange httpExchange) {
        return EyeAuther.checkCSRFToken(httpExchange);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getToken(HttpExchange httpExchange) {
        return EyeAuther.getToken(httpExchange);
    }

    protected abstract void handle0(HttpExchange httpExchange) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getParams(HttpExchange httpExchange, boolean z) {
        URI requestURI = httpExchange.getRequestURI();
        Map<String, String> map = EyeUriQuery.toMap(z ? requestURI.getRawQuery() : requestURI.getQuery());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            map.put(entry.getKey(), cleanXSSParam(entry.getValue()));
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String cleanXSSParam(String str) {
        return str.replaceAll("\"", "&quot;").replaceAll("'", "&#39;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String cleanXSSResponse(String str) {
        return str.replaceAll("<script>", "&lt;script&gt;").replaceAll("</script>", "&lt;/script&gt;");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeJson(String str, HttpExchange httpExchange) throws IOException {
        byte[] bytes = str.getBytes("UTF-8");
        httpExchange.getResponseHeaders().set("Content-Type", "application/json; charset=UTF-8");
        httpExchange.sendResponseHeaders(202, bytes.length);
        httpExchange.getResponseBody().write(bytes);
        httpExchange.close();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeHtml(String str, HttpExchange httpExchange) throws IOException {
        byte[] bytes = str.getBytes("UTF-8");
        httpExchange.getResponseHeaders().set("Content-Type", "text/html; charset=UTF-8");
        httpExchange.sendResponseHeaders(202, bytes.length);
        httpExchange.getResponseBody().write(bytes);
        httpExchange.close();
    }
}
