package com.appleframework.web.springmvc.interceptor;

import com.appleframework.web.util.Constants;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/appleframework/web/springmvc/interceptor/CsrfInterceptor.class */
public class CsrfInterceptor extends HandlerInterceptorAdapter {
    private static Logger logger = Logger.getLogger(CsrfInterceptor.class);
    private static final String CSRF_TOKEN = "csrfToken";

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
        logger.debug("进入防止csrf攻击拦截");
        if (Constants.GET.equals(httpServletRequest.getMethod())) {
            if (modelAndView == null || modelAndView.getViewName().contains("layout")) {
                return;
            }
            httpServletRequest.getSession().setAttribute(CSRF_TOKEN, UUID.randomUUID().toString());
            return;
        }
        String parameter = httpServletRequest.getParameter(CSRF_TOKEN);
        String str = (String) httpServletRequest.getSession().getAttribute(CSRF_TOKEN);
        if (parameter == null || parameter.length() == 0 || !parameter.equals(str)) {
            httpServletResponse.sendError(403);
        } else {
            httpServletRequest.getSession().setAttribute(CSRF_TOKEN, UUID.randomUUID().toString());
        }
    }
}
