package com.raqsoft.center.console;

import com.raqsoft.center.Center;
import com.raqsoft.center.Config;
import com.raqsoft.center.entity.User;
import com.raqsoft.common.Logger;
import com.raqsoft.guide.web.DQLTableFilter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/raqsoft/center/console/LoginFilter.class */
public class LoginFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String[] strArr;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Iterator it = servletRequest.getParameterMap().values().iterator();
        if (it.hasNext() && (strArr = (String[]) it.next()) != null && !isValidParam(strArr)) {
            Logger.debug("请求参数中含有非法字符");
            return;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        HttpSession session = httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter("action");
        if (!"74".equals(parameter) && !"75".equals(parameter) && !"81".equals(parameter) && !"82".equals(parameter)) {
            if ("80".equals(parameter) || "3".equals(parameter) || "52".equals(parameter) || stringBuffer.indexOf("center/wxcode.html") >= 0 || stringBuffer.indexOf("center/wxlogin.jsp") >= 0 || stringBuffer.indexOf("/wxlogin") >= 0 || stringBuffer.indexOf("center/images") >= 0 || stringBuffer.indexOf("login.jsp") >= 0 || stringBuffer.indexOf("layui") >= 0 || stringBuffer.indexOf("center/mobile") >= 0) {
                if (stringBuffer.indexOf("login.jsp") >= 0 && stringBuffer.indexOf("center/wxlogin.jsp") == -1) {
                    if (checkCookie((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse)) {
                        httpServletRequest.getRequestDispatcher("/raqsoft/center/centerIndex.jsp").forward(servletRequest, servletResponse);
                        return;
                    }
                    servletRequest.setAttribute("passEncode", Boolean.valueOf(Center.getConfig().passEncode()));
                }
            } else if (servletRequest instanceof HttpServletRequest) {
                if (session.getAttribute("userObj") == null) {
                    if (checkCookie((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                    session.setAttribute("rqv5_login_userId", (Object) null);
                    session.setAttribute("rqv5_manager_login", (Object) null);
                    session.invalidate();
                    servletResponse.setContentType("text/html;charset=UTF-8");
                    servletResponse.getWriter().print("<script language='javascript' type='text/javascript'>top.window.location='" + httpServletRequest.getServletContext().getContextPath() + "/raqsoft/center/login.jsp';</script>");
                    return;
                }
                if (parameter != null && !checkActionAuth(parameter, (User) session.getAttribute("userObj"))) {
                    servletResponse.setContentType("text/html;charset=UTF-8");
                    servletResponse.getWriter().print("<script language='javascript' type='text/javascript'>top.window.location='" + httpServletRequest.getServletContext().getContextPath() + "/raqsoft/center/login.jsp';</script>");
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean checkActionAuth(String str, User user) {
        int parseInt = Integer.parseInt(str);
        int parseInt2 = Integer.parseInt(user.getRoleId());
        switch (parseInt) {
            case 16:
            case 34:
            case 39:
            case 62:
                return parseInt2 == 1 || parseInt2 == 0;
            case 31:
                return parseInt2 >= 0;
            case 61:
                return parseInt2 >= 0;
            default:
                return true;
        }
    }

    private boolean isValidParam(String[] strArr) {
        for (String str : strArr) {
            if (str != null && str.indexOf(60) >= 0) {
                return false;
            }
            if (str != null && str.indexOf(62) >= 0) {
                return false;
            }
            if (str != null && str.indexOf(39) >= 0) {
                return false;
            }
            if (str != null && str.indexOf(34) >= 0) {
                return false;
            }
            if (str != null && str.indexOf(59) >= 0) {
                return false;
            }
            if (str != null && str.indexOf(92) >= 0) {
                return false;
            }
        }
        return true;
    }

    private boolean relogin(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession();
        Object attribute = session.getServletContext().getAttribute("onlineuser");
        if (attribute == null) {
            return false;
        }
        Iterator it = ((Set) ((OnLineUser) attribute).getUsers()).iterator();
        while (it.hasNext()) {
            if (str.equals((String) it.next())) {
                Config config = Center.getConfig(httpServletRequest);
                User[] users = config.getUsers();
                if (users == null || users.length == 0) {
                    return false;
                }
                for (User user : users) {
                    if (user.getUserName().equals(str)) {
                        session.setAttribute("userObj", user);
                        String roleId = user.getRoleId();
                        String userId = user.getUserId();
                        if ("1".equals(roleId)) {
                            session.setAttribute("rqv5_manager_login", "yes");
                            session.setAttribute("rqv5_login_userId", userId);
                            session.setAttribute("loginType", "normalManager");
                            return true;
                        }
                        if ("-1".equals(roleId)) {
                            session.setAttribute("rqv5_login_userId", userId);
                            session.setAttribute("loginType", "visitor");
                            setSessionAttr(config, user, session);
                            return true;
                        }
                        session.setAttribute("rqv5_login_userId", userId);
                        session.setAttribute("loginType", "user");
                        setSessionAttr(config, user, session);
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private boolean checkCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return false;
        }
        for (Cookie cookie : cookies) {
            if (cookie != null) {
                try {
                    if ("loginedUserName".equals(cookie.getName())) {
                        return relogin(httpServletRequest, URLDecoder.decode(cookie.getValue(), "utf-8"));
                    }
                } catch (UnsupportedEncodingException e) {
                    e.printStackTrace();
                    return false;
                }
            }
        }
        return false;
    }

    private void setSessionAttr(Config config, User user, HttpSession httpSession) {
        List<DQLTableFilter> userDQLTableFilters = config.getUserDQLTableFilters(user.getUserId());
        String dqlMacro = user.getDqlMacro();
        httpSession.setAttribute("_raqsoft_filters_", userDQLTableFilters);
        httpSession.setAttribute("_raqsoft_outerConditionId_", dqlMacro);
        List<Map<String, String>> userReportMacros = config.getUserReportMacros(user.getUserId());
        String reportMacro = user.getReportMacro();
        if (reportMacro == null || reportMacro.length() <= 0) {
            return;
        }
        for (Map<String, String> map : userReportMacros) {
            if (reportMacro.equals(map.get("_raqsoft_macroName_"))) {
                httpSession.setAttribute("_raqsoft_reportmacro_", map);
                return;
            }
        }
    }
}
