package com.atlassian.bitbucket.internal.mirroring.mirror.web;

import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.json.JsonRenderer;
import com.atlassian.bitbucket.mirroring.mirror.UpstreamServer;
import com.atlassian.bitbucket.mirroring.mirror.UpstreamService;
import com.atlassian.bitbucket.rest.RestErrors;
import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.bitbucket.util.DevModeUtils;
import com.atlassian.stash.internal.web.ApplicationStatusServlet;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-mirror-5.16.0.jar:com/atlassian/bitbucket/internal/mirroring/mirror/web/MirrorInterceptorFilter.class */
public class MirrorInterceptorFilter implements Filter {
    static final String PATH_PLACEHOLDER_PAGE = "/plugins/servlet/mirror-placeholder";
    static final String PATH_REST = "/rest/";
    static final String PATH_REST_MIRRORING = "/rest/mirroring/";
    static final String PATH_WEB_ATST = "/plugins/servlet/troubleshooting";
    static final String PATH_REST_ATST = "/rest/troubleshooting";
    static final String PATH_WEB_STP = "/plugins/servlet/stp";
    private final I18nService i18nService;
    private final JsonRenderer jsonRenderer;
    private final boolean devMode = DevModeUtils.isEnabled();
    private final ApplicationPropertiesService propertiesService;
    private final UpstreamService upstreamService;
    private String upstreamBaseUrl;
    static final Pattern PATH_WEB_ERROR = Pattern.compile("/error[0-9]+");
    static final String PATH_WEB_MIRROR = "/mirror";
    static final Set<String> PATH_WEB_WHITELIST = ImmutableSet.of(PATH_WEB_MIRROR, "/about", "/system/startup", "/unavailable", "/plugins/servlet/admin/mirror", ApplicationStatusServlet.URL_PATTERN, new String[0]);
    static final Pattern PATH_REST_APPLICATION_PROPERTIES = Pattern.compile("/rest/api/(?:latest|(?:[0-9]\\.)*[0-9])/application-properties");
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MirrorInterceptorFilter.class);

    public MirrorInterceptorFilter(I18nService i18nService, JsonRenderer jsonRenderer, ApplicationPropertiesService applicationPropertiesService, UpstreamService upstreamService) {
        this.i18nService = i18nService;
        this.jsonRenderer = jsonRenderer;
        this.propertiesService = applicationPropertiesService;
        this.upstreamService = upstreamService;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!this.propertiesService.isSetup()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String relativePath = getRelativePath(httpServletRequest);
        if (PATH_WEB_MIRROR.equals(relativePath)) {
            httpServletRequest.getRequestDispatcher(PATH_PLACEHOLDER_PAGE).forward(servletRequest, servletResponse);
            return;
        }
        if (!isWhiteListedPath(relativePath)) {
            log.trace("Rejected URL {}.", relativePath);
            if (relativePath.startsWith("/rest/")) {
                forbiddenJson(httpServletResponse);
                return;
            } else {
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + PATH_WEB_MIRROR);
                return;
            }
        }
        log.trace("Passed through URL {}.", relativePath);
        if (needsConnectOverride(relativePath)) {
            servletRequest.setAttribute("decorator.override", "bitbucket.internal.mirror.cloudStpPanel");
            servletRequest.setAttribute("connectHostUrl", getUpstreamBaseUrl());
        }
        if (maybeRedirectOldStpUrl(relativePath, servletRequest, servletResponse)) {
            return;
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void forbiddenJson(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setStatus(403);
        httpServletResponse.getWriter().write(this.jsonRenderer.render(new RestErrors.Builder().add(this.i18nService.getMessage("bitbucket.mirroring.rest.disabled", new Object[0])).build(), Collections.emptyMap()));
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private String getRelativePath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    private String getUpstreamBaseUrl() {
        UpstreamServer upstreamServer;
        if (this.upstreamBaseUrl == null && (upstreamServer = this.upstreamService.get()) != null) {
            this.upstreamBaseUrl = upstreamServer.getBaseUrl();
        }
        return this.upstreamBaseUrl;
    }

    private boolean isStpPathAndHasUpstream(String str) {
        return getUpstreamBaseUrl() != null && (str.startsWith(PATH_WEB_ATST) || str.startsWith(PATH_REST_ATST) || str.startsWith(PATH_WEB_STP));
    }

    private boolean isWhiteListedPath(String str) {
        return str != null && (isStaticResource(str) || str.startsWith(this.devMode ? "/rest/" : PATH_REST_MIRRORING) || PATH_REST_APPLICATION_PROPERTIES.matcher(str).matches() || str.startsWith("/rest/git-lfs/storage") || str.startsWith("/scm/") || str.startsWith("/git/") || isStpPathAndHasUpstream(str) || PATH_WEB_WHITELIST.contains(str) || PATH_WEB_ERROR.matcher(str).matches());
    }

    private boolean isStaticResource(String str) {
        return isBatchResource(str) || isUnbatchedResource(str);
    }

    private boolean isUnbatchedResource(String str) {
        return str.startsWith("/download/resources/");
    }

    private boolean isBatchResource(String str) {
        return str.startsWith("/s/") || str.startsWith("/download/contextbatch/");
    }

    private boolean maybeRedirectOldStpUrl(String str, ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        if (!str.startsWith(PATH_WEB_STP)) {
            return false;
        }
        servletRequest.getRequestDispatcher(PATH_WEB_ATST + str.substring(PATH_WEB_STP.length())).forward(servletRequest, servletResponse);
        return true;
    }

    private boolean needsConnectOverride(String str) {
        return str.startsWith(PATH_WEB_ATST) || str.startsWith(PATH_WEB_STP);
    }
}
