package com.lenovo.cloud.framework.custom.security.filter;

import com.lenovo.cloud.framework.custom.security.config.properties.IpBlacklistProperties;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:com/lenovo/cloud/framework/custom/security/filter/IpBlacklistFilter.class */
public class IpBlacklistFilter extends OncePerRequestFilter {
    private final RedisTemplate<String, Object> redisTemplate;
    private final IpBlacklistProperties ipBlacklistProperties;

    public IpBlacklistFilter(RedisTemplate<String, Object> redisTemplate, IpBlacklistProperties ipBlacklistProperties) {
        this.redisTemplate = redisTemplate;
        this.ipBlacklistProperties = ipBlacklistProperties;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.ipBlacklistProperties.isEnabled()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String clientIp = getClientIp(httpServletRequest);
        if (isIpWhitelisted(clientIp)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (!isIpBlacklisted(clientIp)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
            httpServletResponse.getWriter().write("IP is blacklisted");
        }
    }

    private String getClientIp(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header == null || header.isEmpty() || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (header == null || header.isEmpty() || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (header == null || header.isEmpty() || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (header == null || header.isEmpty() || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (header == null || header.isEmpty() || "unknown".equalsIgnoreCase(header)) {
            header = httpServletRequest.getRemoteAddr();
        }
        return header;
    }

    private boolean isIpWhitelisted(String str) {
        return this.ipBlacklistProperties.getIpWhitelist().contains(str);
    }

    private boolean isIpBlacklisted(String str) {
        if (this.ipBlacklistProperties.getStaticBlacklist().contains(str)) {
            return true;
        }
        return Boolean.TRUE.equals(this.redisTemplate.hasKey("ip_blacklist:" + str));
    }
}
