package restinterface;

import java.io.File;
import java.io.IOException;
import java.nio.file.Paths;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@ConditionalOnProperty(prefix = "restinterface", name = {"security.enabled"})
@Component
/* loaded from: input_file:BOOT-INF/classes/restinterface/UserAssetSecurityFilter.class */
public class UserAssetSecurityFilter extends OncePerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) UserAssetSecurityFilter.class);
    private final RequestMatcher uriMatcher = new AntPathRequestMatcher("/file/**", HttpMethod.GET.toString());

    @Value("${restinterface.working_dir}")
    private String workingDirectory;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String parameter;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof OAuth2AuthenticationToken)) {
            httpServletResponse.setStatus(403);
            return;
        }
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.startsWith("/file/serve")) {
            parameter = this.workingDirectory + servletPath.substring("/file/serve".length(), servletPath.length());
        } else {
            parameter = httpServletRequest.getParameter("path");
        }
        if (parameter == null) {
            throw new RuntimeException("Path is required to download or serve files");
        }
        int lastIndexOf = parameter.lastIndexOf("/");
        if (lastIndexOf < 0 || lastIndexOf == parameter.length()) {
            throw new RuntimeException("Bad request, invalid file path!");
        }
        String substring = parameter.substring(lastIndexOf + 1);
        String replaceAll = parameter.substring(0, lastIndexOf + 1).replaceAll("[^0-9_a-zA-Z:\\/\\-\\s]", "");
        substring.replaceAll("[^0-9_a-zA-Z\\-\\.\\s]", "");
        String str = this.workingDirectory + "/" + ((String) ((OidcUser) ((OAuth2AuthenticationToken) authentication).getPrincipal()).getIdToken().getClaim("UUID"));
        File file = new File(str);
        if (!file.exists()) {
            file.mkdir();
        }
        LOGGER.debug("Cheking if {} is ancestor of {}", str, replaceAll);
        if (FileHelper.isAncestorOf(Paths.get(str, new String[0]), Paths.get(replaceAll, new String[0]))) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setStatus(403);
        }
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) {
        return new NegatedRequestMatcher(this.uriMatcher).matches(httpServletRequest);
    }
}
