package cn.com.duibaboot.ext.autoconfigure.actuate;

import cn.com.duiba.boot.utils.RequestUtils;
import cn.com.duiba.wolf.perf.timeprofile.RequestTool;
import cn.com.duibaboot.ext.autoconfigure.core.utils.HttpRequestUtils;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-ext-2.0.0-g7.jar:cn/com/duibaboot/ext/autoconfigure/actuate/CustomMvcEndpointSecurityInterceptor.class */
public class CustomMvcEndpointSecurityInterceptor extends HandlerInterceptorAdapter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CustomMvcEndpointSecurityInterceptor.class);

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        return canContinue(httpServletRequest, httpServletResponse);
    }

    public static boolean canContinue(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean isLanRequest = HttpRequestUtils.isLanRequest(httpServletRequest);
        if (!isLanRequest) {
            customSendFailureResponse(httpServletRequest, httpServletResponse);
        }
        return isLanRequest;
    }

    private static void customSendFailureResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        logUnauthorizedAttempt(httpServletRequest);
        httpServletResponse.sendError(HttpStatus.FORBIDDEN.value(), "Access is denied. ");
    }

    private static void logUnauthorizedAttempt(HttpServletRequest httpServletRequest) {
        logger.warn("Someone from internet[ip:{}] try to access actuator endpoints:[{}], Deny this request", RequestTool.getIpAddr(httpServletRequest), RequestUtils.getRequestPath(httpServletRequest));
    }
}
