package com.apache.ius.controller;

import com.alibaba.fastjson.JSON;
import com.apache.api.vo.ParamsVo;
import com.apache.api.vo.ResultEntity;
import com.apache.api.vo.ResultMsg;
import com.apache.cache.service.impl.LoadCacheFactory;
import com.apache.ius.common.CommonUtils;
import com.apache.ius.common.annotion.BeanFactory;
import com.apache.ius.common.connectors.InterceptorAdapter;
import com.apache.ius.common.connectors.impl.AdapterFactory;
import com.apache.tools.ConfigUtil;
import com.apache.tools.MD5Utils;
import com.apache.tools.RequestIpUtil;
import com.apache.tools.RequestTools;
import com.apache.tools.StrUtil;
import com.apache.uct.common.ToolsUtil;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

/* loaded from: input_file:com/apache/ius/controller/SuperApiAction.class */
public class SuperApiAction extends BaseAction {
    @RequestMapping(value = {"/info/", "/list/"}, method = {RequestMethod.GET, RequestMethod.POST})
    @ResponseBody
    public void doGetInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!validUserKey(httpServletRequest)) {
            gotoErrorPage(httpServletRequest, httpServletResponse, "服务端userKeys身份验证失败");
            return;
        }
        if (StrUtil.isEmpty(httpServletRequest.getAttribute("requestParams")) && "post".equalsIgnoreCase(httpServletRequest.getMethod())) {
            String iOUtils = IOUtils.toString(httpServletRequest.getInputStream(), "UTF-8");
            if (StrUtil.isNotNull(iOUtils)) {
                HashMap hashMap = new HashMap();
                hashMap.putAll(JSONObject.fromObject(iOUtils));
                httpServletRequest.setAttribute("requestParams", hashMap);
            }
        }
        Method doInvoke = doInvoke(getClass(), httpServletRequest, httpServletResponse, httpServletRequest.getRequestURI().replaceAll(httpServletRequest.getContextPath(), ""), StrUtil.doNull(httpServletRequest.getParameter("doCode"), "dymicSql"));
        try {
            if (null != doInvoke) {
                this.log.info("doInvoke method-->" + doInvoke.getName());
                Object invoke = doInvoke.invoke(this, httpServletRequest, httpServletResponse);
                if (!ToolsUtil.isEmpty(invoke)) {
                    JSONObject fromObject = JSONObject.fromObject(invoke);
                    httpServletRequest.setAttribute(BeanFactory.RETURN_MSG_KEY, fromObject.toString());
                    outputJson(fromObject.toString(), httpServletResponse, "");
                }
            } else {
                gotoErrorPage(httpServletRequest, httpServletResponse, "请求的Action地址未定义");
            }
        } catch (Exception e) {
            this.log.error("执行失败(doInvoke)：", e);
            gotoErrorPage(httpServletRequest, httpServletResponse, "执行失败，请重试：" + e.getMessage());
        }
    }

    @RequestMapping(value = {"/submit/"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @ResponseBody
    public void doPostInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody Map<String, Object> map) throws Exception {
        if (!validUserKey(httpServletRequest)) {
            gotoErrorPage(httpServletRequest, httpServletResponse, "服务端userKeys身份验证失败");
            return;
        }
        Map<String, String> parameterMapByJson = getParameterMapByJson(httpServletRequest, map);
        this.log.info("client request params-->" + parameterMapByJson);
        parameterMapByJson.remove("userKeys");
        String parameter = httpServletRequest.getParameter("pageName");
        String parameter2 = httpServletRequest.getParameter("formName");
        if (StrUtil.isNull(parameterMapByJson.get("pageName"))) {
            parameterMapByJson.put("pageName", parameter);
        }
        if (StrUtil.isNull(parameterMapByJson.get("formName"))) {
            parameterMapByJson.put("formName", parameter2);
        }
        if (!interfaceChecking(httpServletRequest, parameterMapByJson.get("pageName"), parameterMapByJson.get("formName"))) {
            gotoErrorPage(httpServletRequest, httpServletResponse, "身份验证失败");
            return;
        }
        try {
            parameterMapByJson.put("resultType", "processSql");
            new HashMap();
            Map reqParamForBefor = AdapterFactory.getInstance().getReqParamForBefor("setReqParam,createInfo", parameterMapByJson, httpServletRequest, httpServletResponse);
            String valueOf = String.valueOf(reqParamForBefor.get("execptionMsg"));
            if (StrUtil.isNotNull(valueOf)) {
                outputJson(JSONObject.fromObject(new ResultMsg("F", valueOf)).toString(), httpServletResponse, "");
                return;
            }
            ParamsVo paramsVo = new ParamsVo();
            paramsVo.setParams(reqParamForBefor);
            paramsVo.setMethodKey("dymicSql");
            Map<String, Object> resultEntityData = super.getResultEntityData(doIusService(paramsVo));
            if (!ToolsUtil.isEmpty(resultEntityData)) {
                outputJson(JSONObject.fromObject(resultEntityData).toString(), httpServletResponse, "");
            }
        } catch (Exception e) {
            this.log.error("执行失败(doInvoke)：", e);
            gotoErrorPage(httpServletRequest, httpServletResponse, "执行失败，请重试：" + e.getMessage());
        }
    }

    protected boolean validUserKey(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("userKeys");
        String configVal = CommonUtils.getConfigVal("client_to_pass");
        this.log.info("-");
        this.log.info("client request url -->" + httpServletRequest.getRequestURI());
        this.log.info("client request parameter [userKeys]-->" + parameter);
        this.log.info("server config [client_to_pass]-->" + configVal);
        boolean z = StrUtil.doNull(configVal, "ius").equalsIgnoreCase(parameter);
        this.log.info("server validation [userKeys] results-->" + z);
        return z;
    }

    @RequestMapping(value = {"/api/info/dymicSql"}, method = {RequestMethod.GET})
    @ResponseBody
    public Object infoDymicSql(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Map<String, String> parameterMap = getParameterMap(httpServletRequest);
        if (!interfaceChecking(httpServletRequest, parameterMap.get("pageName"), parameterMap.get("formName"))) {
            HashMap hashMap = new HashMap();
            hashMap.put("flag", "F");
            hashMap.put("msg", "身份验证失败");
            return hashMap;
        }
        if (parameterMap.isEmpty() || parameterMap.size() <= 2) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("flag", "F");
            hashMap2.put("msg", "缺少方法请求参数");
            return hashMap2;
        }
        this.log.info("client request params-->" + parameterMap);
        parameterMap.remove("userKeys");
        parameterMap.put("ifDataAct", "F");
        parameterMap.put("resultType", StrUtil.doNull(httpServletRequest.getParameter("resultType"), "objInfo"));
        parameterMap.put("resultObjType", "obj");
        Map reqParamForBefor = AdapterFactory.getInstance().getReqParamForBefor("cacheReqParam,setReqParam", parameterMap, httpServletRequest, httpServletResponse);
        String valueOf = String.valueOf(reqParamForBefor.get("execptionMsg"));
        if (StrUtil.isNotNull(valueOf)) {
            return JSONObject.fromObject(new ResultMsg("F", valueOf));
        }
        if (reqParamForBefor.containsKey(InterceptorAdapter.CUST_IUS_KEY)) {
            return reqParamForBefor.get(InterceptorAdapter.CUST_IUS_KEY);
        }
        ParamsVo paramsVo = new ParamsVo();
        paramsVo.setParams(reqParamForBefor);
        paramsVo.setMethodKey("dymicSql");
        return getResultEntityData(doIusService(paramsVo));
    }

    @RequestMapping(value = {"/api/list/dymicSql"}, method = {RequestMethod.GET})
    @ResponseBody
    public Object listDymicSql(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Map<String, String> parameterMap = getParameterMap(httpServletRequest);
        if (!interfaceChecking(httpServletRequest, parameterMap.get("pageName"), parameterMap.get("formName"))) {
            HashMap hashMap = new HashMap();
            hashMap.put("flag", "F");
            hashMap.put("msg", "身份验证失败");
            return hashMap;
        }
        parameterMap.remove("userKeys");
        parameterMap.put("ifDataAct", "F");
        parameterMap.get("modelTypes");
        parameterMap.put("resultType", StrUtil.doNull(httpServletRequest.getParameter("resultType"), "objInfo"));
        parameterMap.put("resultObjType", "list");
        Map reqParamForBefor = AdapterFactory.getInstance().getReqParamForBefor("setReqParam", parameterMap, httpServletRequest, httpServletResponse);
        String doNull = StrUtil.doNull(String.valueOf(reqParamForBefor.get("rows")), "");
        if (StrUtil.isNull(doNull) || "all".equals(doNull)) {
            reqParamForBefor.put("rows", "all".equals(doNull) ? "" : "1000");
            this.log.info("rows-->" + ("all".equals(doNull) ? "" : "1000"));
        }
        String valueOf = String.valueOf(reqParamForBefor.get("execptionMsg"));
        if (StrUtil.isNotNull(valueOf)) {
            return JSONObject.fromObject(new ResultMsg("F", valueOf));
        }
        ParamsVo paramsVo = new ParamsVo();
        paramsVo.setParams(reqParamForBefor);
        paramsVo.setMethodKey("dymicSql");
        ResultEntity doIusService = doIusService(paramsVo);
        HashMap hashMap2 = new HashMap();
        if (null == doIusService.getEntity()) {
            this.log.error("获取失败：" + doIusService.getMessage());
        } else {
            if ("RelationByProId".equals(httpServletRequest.getParameter("sqlKeyId"))) {
                hashMap2.put("dealFlag", "T");
            }
            getListData(doIusService, hashMap2);
        }
        return hashMap2;
    }

    @RequestMapping(value = {"/setPwd"}, method = {RequestMethod.POST}, consumes = {"application/json"})
    @ResponseBody
    public void editUserPwd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestBody Map<String, String> map) throws Exception {
        String str = map.get("uctUser.w_userEname");
        String str2 = map.get("uctUser.userReqKey");
        String str3 = map.get("uctUser.w_mobile");
        String str4 = map.get("code");
        HashMap hashMap = new HashMap() { // from class: com.apache.ius.controller.SuperApiAction.1
            {
                put("flag", "F");
                put("msg", "操作失败");
            }
        };
        if (StrUtil.isNull(str) || StrUtil.isNull(str2) || StrUtil.isNull(str4)) {
            hashMap.put("msg", "缺少参数，请核实数据");
            outputJson(JSON.toJSONString(hashMap), httpServletResponse, "");
        }
        String str5 = map.get("uctUser.userEname");
        if (StrUtil.isNotNull(str5) && !str.equals(str5)) {
            hashMap.put("msg", "系统检测到数据被篡改");
            outputJson(JSON.toJSONString(hashMap), httpServletResponse, "");
        }
        if (!str4.equals(String.valueOf(CommonUtils.getCache("mobile_obj_" + str3)))) {
            hashMap.put("msg", "手机验证码验证失败");
            outputJson(JSON.toJSONString(hashMap), httpServletResponse, "");
        }
        if (!MD5Utils.MD5(str + str3 + map.get("uctUser.w_sysEname")).equals(str2)) {
            hashMap.put("msg", "系统检测到数据被篡改");
            outputJson(JSON.toJSONString(hashMap), httpServletResponse, "");
        }
        if (str.endsWith("_admin") && !str.equals(str3)) {
            map.put("uctUser.userEname", str);
        }
        map.put("Client-IP", RequestTools.getIp(httpServletRequest));
        map.put("sysPass", ConfigUtil.getInstance().interfacePass());
        this.log.info("client request params-->" + map);
        map.remove("userKeys");
        String parameter = httpServletRequest.getParameter("pageName");
        String parameter2 = httpServletRequest.getParameter("formName");
        if (StrUtil.isNull(map.get("pageName"))) {
            map.put("pageName", parameter);
        }
        if (StrUtil.isNull(map.get("formName"))) {
            map.put("formName", parameter2);
        }
        try {
            map.put("resultType", "processSql");
            Map reqParamForBefor = AdapterFactory.getInstance().getReqParamForBefor("setReqParam,createInfo", map, httpServletRequest, httpServletResponse);
            String valueOf = String.valueOf(reqParamForBefor.get("execptionMsg"));
            if (StrUtil.isNotNull(valueOf)) {
                hashMap.put("msg", valueOf);
                outputJson(JSON.toJSONString(hashMap), httpServletResponse, "");
            }
            ParamsVo paramsVo = new ParamsVo();
            paramsVo.setParams(reqParamForBefor);
            paramsVo.setMethodKey("dymicSql");
            Map<String, Object> resultEntityData = super.getResultEntityData(doIusService(paramsVo));
            if (!ToolsUtil.isEmpty(resultEntityData)) {
                if ("T".equals(resultEntityData.get("flag"))) {
                    CommonUtils.removeCache("mobile_obj_" + str3);
                }
                outputJson(JSON.toJSONString(resultEntityData), httpServletResponse, "");
            }
        } catch (Exception e) {
            this.log.error("执行失败(doInvoke)：", e);
            gotoErrorPage(httpServletRequest, httpServletResponse, "执行失败，请重试：" + e.getMessage());
        }
    }

    public Map<String, String> getParameterMapByJson(HttpServletRequest httpServletRequest, Map<String, Object> map) throws IOException {
        this.log.info("request body data transform before--> " + map);
        if (map == null || map.isEmpty()) {
            return getParameterMap(httpServletRequest);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("Client-IP", RequestTools.getIp(httpServletRequest));
        hashMap.put("sysPass", ConfigUtil.getInstance().interfacePass());
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String valueOf = String.valueOf(entry.getKey());
            Object value = entry.getValue();
            if (value instanceof List) {
                List list = (List) value;
                for (int i = 0; i < list.size(); i++) {
                    for (Map.Entry entry2 : ((Map) list.get(i)).entrySet()) {
                        String valueOf2 = String.valueOf(entry2.getKey());
                        Object value2 = entry2.getValue();
                        String str = valueOf + "." + valueOf2;
                        String str2 = "";
                        if (hashMap.containsKey(str)) {
                            str2 = ((String) hashMap.get(str)) + "-#-";
                        }
                        hashMap.put(str, str2 + String.valueOf(value2));
                    }
                }
            } else if (value instanceof Map) {
                for (Map.Entry entry3 : ((Map) value).entrySet()) {
                    hashMap.put(valueOf + "." + String.valueOf(entry3.getKey()), String.valueOf(entry3.getValue()));
                }
            } else {
                String valueOf3 = String.valueOf(value);
                if (StrUtil.isNotNull(valueOf3)) {
                    String str3 = new String(valueOf3.getBytes("iso8859-1"), "iso8859-1");
                    if (valueOf3.equals(str3)) {
                        valueOf3 = str3;
                    }
                    hashMap.put(valueOf, valueOf3);
                } else if (valueOf.indexOf("s_") != -1) {
                    hashMap.put(valueOf, "is null");
                }
            }
        }
        this.log.info("request body data transform after--> " + hashMap);
        return hashMap;
    }

    protected boolean interfaceChecking(HttpServletRequest httpServletRequest, String str, String str2) {
        if (!"T".equals(StrUtil.doNull(ConfigUtil.getInstance().getValueByKey("api_security_enable"), "F"))) {
            return true;
        }
        String header = httpServletRequest.getHeader("Anchor-String");
        String header2 = httpServletRequest.getHeader("Anchor-Type");
        String ip = RequestTools.getIp(httpServletRequest);
        Properties properties = (Properties) LoadCacheFactory.getInstance().getCacheManager("").getCacheObjectByKey("api-white-list.properties");
        if (properties != null) {
            this.log.info("reqIp=========>" + ip);
            String property = properties.getProperty("blackIps");
            if (StrUtil.isNotNull(property) && RequestIpUtil.checkReqIp(ip, Arrays.asList(property.trim().split(",")))) {
                return false;
            }
            String property2 = properties.getProperty("whiteIps");
            if (StrUtil.isNotNull(property2) && RequestIpUtil.checkReqIp(ip, Arrays.asList(property2.trim().split(",")))) {
                return true;
            }
        }
        Properties properties2 = (Properties) LoadCacheFactory.getInstance().getCacheManager("").getCacheObjectByKey("api-sign.properties");
        if (properties2 == null) {
            return true;
        }
        String property3 = properties2.getProperty(header2);
        if (StrUtil.isNull(property3)) {
            return false;
        }
        return MD5Utils.MD5(new StringBuilder().append(str).append(property3).append(str2).append(StrUtil.doNull(httpServletRequest.getHeader("Accept-Time"), "")).toString()).equals(header);
    }
}
