package com.blade.security.web.xss;

import com.blade.kit.StringKit;
import com.blade.mvc.RouteContext;
import com.blade.mvc.hook.WebHook;
import com.blade.mvc.http.StringBody;
import com.blade.security.web.filter.HTMLFilter;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

/* loaded from: input_file:com/blade/security/web/xss/XssMiddleware.class */
public class XssMiddleware implements WebHook {
    private static final HTMLFilter HTML_FILTER = new HTMLFilter();
    private XssOption xssOption;

    public XssMiddleware(XssOption xssOption) {
        this.xssOption = XssOption.builder().build();
        this.xssOption = xssOption;
    }

    @Override // com.blade.mvc.hook.WebHook
    public boolean before(RouteContext routeContext) {
        if (this.xssOption.isExclusion(routeContext.uri())) {
            return true;
        }
        filterHeaders(routeContext.headers());
        filterParameters(routeContext.parameters());
        if (!routeContext.contentType().toLowerCase().contains("json")) {
            return true;
        }
        String bodyToString = routeContext.bodyToString();
        if (!StringKit.isNotEmpty(bodyToString)) {
            return true;
        }
        routeContext.body(new StringBody(stripXSS(bodyToString)));
        return true;
    }

    protected void filterHeaders(Map<String, String> map) {
        map.forEach((str, str2) -> {
        });
    }

    protected void filterParameters(Map<String, List<String>> map) {
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            map.put(entry.getKey(), (List) entry.getValue().stream().map(this::stripXSS).collect(Collectors.toList()));
        }
    }

    protected String stripXSS(String str) {
        return HTML_FILTER.filter(str);
    }

    public XssMiddleware() {
        this.xssOption = XssOption.builder().build();
    }
}
