package com.hccake.ballcat.autoconfigure.web.servlet;

import cn.hutool.core.util.StrUtil;
import com.hccake.ballcat.common.core.exception.SqlCheckedException;
import com.hccake.ballcat.common.model.domain.PageParam;
import com.hccake.ballcat.common.model.result.BaseResultCode;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

/* loaded from: input_file:com/hccake/ballcat/autoconfigure/web/servlet/PageParamArgumentResolver.class */
public class PageParamArgumentResolver implements HandlerMethodArgumentResolver {
    private static final Logger log = LoggerFactory.getLogger(PageParamArgumentResolver.class);
    private static final String[] KEYWORDS = {"master", "truncate", "insert", "select", "delete", "update", "declare", "alter", "drop", "sleep"};
    private static final String FILED_NAME_REGEX = "[A-Za-z0-9_]+";
    private static final String ASC = "asc";

    public boolean supportsParameter(MethodParameter methodParameter) {
        return PageParam.class.isAssignableFrom(methodParameter.getParameterType());
    }

    public Object resolveArgument(MethodParameter methodParameter, ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, WebDataBinderFactory webDataBinderFactory) {
        PageParam pageParam;
        HttpServletRequest httpServletRequest = (HttpServletRequest) nativeWebRequest.getNativeRequest(HttpServletRequest.class);
        String parameter = httpServletRequest.getParameter("current");
        String parameter2 = httpServletRequest.getParameter("size");
        String parameter3 = httpServletRequest.getParameter("sortFields");
        String parameter4 = httpServletRequest.getParameter("sortOrders");
        try {
            pageParam = (PageParam) methodParameter.getParameterType().newInstance();
        } catch (IllegalAccessException | InstantiationException e) {
            pageParam = new PageParam();
        }
        if (StrUtil.isNotBlank(parameter)) {
            pageParam.setCurrent(Long.parseLong(parameter));
        }
        if (StrUtil.isNotBlank(parameter2)) {
            pageParam.setSize(Long.parseLong(parameter2));
        }
        pageParam.setSorts(getOrderItems(parameter3, parameter4));
        return pageParam;
    }

    protected List<PageParam.Sort> getOrderItems(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        if (StrUtil.isBlank(str) || StrUtil.isBlank(str2)) {
            return arrayList;
        }
        String[] split = str.split(",");
        String[] split2 = str2.split(",");
        if (split.length != split2.length) {
            return arrayList;
        }
        for (int i = 0; i < split.length; i++) {
            String str3 = split[i];
            String str4 = split2[i];
            if (validFieldName(str3)) {
                PageParam.Sort sort = new PageParam.Sort();
                sort.setAsc(ASC.equalsIgnoreCase(str4));
                sort.setField(StrUtil.toUnderlineCase(str3));
                arrayList.add(sort);
            }
        }
        return arrayList;
    }

    public static boolean validFieldName(String str) {
        return StrUtil.isNotBlank(str) && str.matches(FILED_NAME_REGEX);
    }

    public static void sqlInject(String str) {
        if (StrUtil.isEmpty(str)) {
            return;
        }
        String lowerCase = str.toLowerCase();
        for (String str2 : KEYWORDS) {
            if (lowerCase.contains(str2)) {
                log.error("查询包含非法字符 {}", str2);
                throw new SqlCheckedException(BaseResultCode.MALICIOUS_REQUEST.getCode().intValue(), "恶意请求参数：" + str2);
            }
        }
    }
}
