package org.publiccms.common.interceptor;

import com.publiccms.common.base.BaseInterceptor;
import com.publiccms.common.tools.RequestUtils;
import java.util.Date;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.publiccms.common.base.AbstractController;
import org.publiccms.common.constants.CmsVersion;
import org.publiccms.common.constants.CommonConstants;
import org.publiccms.entities.sys.SysUser;
import org.publiccms.entities.sys.SysUserToken;
import org.publiccms.logic.service.sys.SysUserService;
import org.publiccms.logic.service.sys.SysUserTokenService;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/publiccms/common/interceptor/WebContextInterceptor.class */
public class WebContextInterceptor extends BaseInterceptor {

    @Autowired
    private SysUserService sysUserService;

    @Autowired
    private SysUserTokenService sysUserTokenService;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        String value;
        String value2;
        SysUser entity;
        httpServletResponse.addHeader(CommonConstants.getXPowered(), CmsVersion.getVersion());
        httpServletResponse.addHeader("Content-Security-Policy", "default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'none'");
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        HttpSession session = httpServletRequest.getSession();
        String contextPath = httpServletRequest.getContextPath();
        SysUser userFromSession = AbstractController.getUserFromSession(session);
        if (null != userFromSession) {
            Date userTimeFromSession = AbstractController.getUserTimeFromSession(session);
            if (null != userTimeFromSession && !userTimeFromSession.before(DateUtils.addSeconds(new Date(), -30))) {
                return true;
            }
            SysUser entity2 = this.sysUserService.getEntity(userFromSession.getId());
            if (null != entity2 && !entity2.isDisabled()) {
                userFromSession.setName(entity2.getName());
                userFromSession.setNickName(entity2.getNickName());
                userFromSession.setEmail(entity2.getEmail());
                userFromSession.setEmailChecked(entity2.isEmailChecked());
                userFromSession.setSuperuserAccess(entity2.isSuperuserAccess());
                AbstractController.setUserToSession(session, userFromSession);
                return true;
            }
            Cookie cookie = RequestUtils.getCookie(httpServletRequest.getCookies(), CommonConstants.getCookiesUser());
            cookie.setSecure(true);
            if (null != cookie && StringUtils.isNotBlank(cookie.getValue()) && null != (value = cookie.getValue())) {
                String[] split = value.split(CommonConstants.getCookiesUserSplit());
                if (split.length > 1) {
                    this.sysUserTokenService.delete(split[1]);
                }
            }
            AbstractController.clearUserToSession(contextPath, session, httpServletResponse);
            return true;
        }
        Cookie cookie2 = RequestUtils.getCookie(httpServletRequest.getCookies(), CommonConstants.getCookiesUser());
        cookie2.setSecure(true);
        if (null == cookie2 || !StringUtils.isNotBlank(cookie2.getValue()) || null == (value2 = cookie2.getValue())) {
            return true;
        }
        String[] split2 = value2.split(CommonConstants.getCookiesUserSplit());
        if (split2.length <= 1) {
            RequestUtils.cancleCookie(contextPath, httpServletResponse, CommonConstants.getCookiesUser(), null);
            return true;
        }
        try {
            Long valueOf = Long.valueOf(Long.parseLong(split2[0]));
            SysUserToken entity3 = this.sysUserTokenService.getEntity(split2[1]);
            if (null == entity3 || valueOf.longValue() != entity3.getUserId() || !"web".equals(entity3.getChannel()) || null == (entity = this.sysUserService.getEntity(valueOf)) || entity.isDisabled()) {
                if (null != entity3) {
                    this.sysUserTokenService.delete(entity3.getAuthToken());
                }
                RequestUtils.cancleCookie(contextPath, httpServletResponse, CommonConstants.getCookiesUser(), null);
            } else {
                entity.setPassword(null);
                AbstractController.setUserToSession(session, entity);
            }
            return true;
        } catch (NumberFormatException e) {
            RequestUtils.cancleCookie(contextPath, httpServletResponse, CommonConstants.getCookiesUser(), null);
            return true;
        }
    }
}
