package org.jahia.modules.directivefilter;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Component;

@Component(service = {Filter.class}, property = {"pattern=/graphql"}, immediate = true)
/* loaded from: input_file:org/jahia/modules/directivefilter/QueryFilter.class */
public class QueryFilter implements Filter {
    private Pattern regex = Pattern.compile("(@[^ @]+[ ]*){10}");
    private Pattern deep = Pattern.compile("\\{");

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletResponse instanceof HttpServletResponse) || !(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        MultiReadRequestWrapper multiReadRequestWrapper = new MultiReadRequestWrapper((HttpServletRequest) servletRequest);
        String str = (String) multiReadRequestWrapper.getReader().lines().collect(Collectors.joining(" "));
        if (this.regex.matcher(str).find()) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setContentType("application/json");
            httpServletResponse.setStatus(400);
            httpServletResponse.getWriter().println("{\"message\": \"You can only use up to 10 consecutive directives\"}");
            httpServletResponse.getWriter().flush();
            return;
        }
        Matcher matcher = this.deep.matcher(str);
        int i = 0;
        while (matcher.find()) {
            i++;
            if (i > 250) {
                break;
            }
        }
        if (i <= 250) {
            filterChain.doFilter(multiReadRequestWrapper, servletResponse);
            return;
        }
        HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
        httpServletResponse2.setContentType("application/json");
        httpServletResponse2.setStatus(400);
        httpServletResponse2.getWriter().println("{\"message\": \"You can only use up to 250 depths\"}");
        httpServletResponse2.getWriter().flush();
    }

    public void destroy() {
    }
}
