package com.alibaba.nacos.naming.web;

import com.alibaba.nacos.naming.acl.AuthChecker;
import com.alibaba.nacos.naming.exception.NacosException;
import com.alibaba.nacos.naming.misc.SwitchDomain;
import com.alibaba.nacos.naming.misc.UtilsAndCommons;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URI;
import java.security.AccessControlException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/alibaba/nacos/naming/web/AuthFilter.class */
public class AuthFilter implements Filter {
    private static final String[] NAMESPACE_FORBIDDEN_STRINGS = {"..", "/"};

    @Autowired
    private AuthChecker authChecker;

    @Autowired
    private SwitchDomain switchDomain;

    @Autowired
    private FilterBase filterBase;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            Method method = this.filterBase.getMethod(httpServletRequest.getMethod(), new URI(httpServletRequest.getRequestURI()).getPath());
            if (method == null) {
                throw new NoSuchMethodException();
            }
            if (!method.isAnnotationPresent(NeedAuth.class) || !this.switchDomain.isEnableAuthentication()) {
            }
            String parameter = httpServletRequest.getParameter("namespaceId");
            if (StringUtils.isNotBlank(parameter) && (parameter.contains(NAMESPACE_FORBIDDEN_STRINGS[0]) || parameter.contains(NAMESPACE_FORBIDDEN_STRINGS[1]))) {
                throw new IllegalArgumentException("forbidden namespace: " + parameter);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (IllegalArgumentException e) {
            httpServletResponse.sendError(NacosException.INVALID_PARAM, UtilsAndCommons.getAllExceptionMsg(e));
        } catch (NoSuchMethodException e2) {
            httpServletResponse.sendError(501, "no such api");
        } catch (AccessControlException e3) {
            httpServletResponse.sendError(NacosException.NO_RIGHT, "access denied: " + UtilsAndCommons.getAllExceptionMsg(e3));
        } catch (Exception e4) {
            httpServletResponse.sendError(500, "Server failed," + UtilsAndCommons.getAllExceptionMsg(e4));
        }
    }

    public void destroy() {
    }
}
