package com.dotmarketing.servlets;

import com.dotcms.repackage.org.directwebremoting.Container;
import com.dotcms.repackage.org.directwebremoting.servlet.DwrServlet;
import com.dotcms.rest.annotation.HeaderFilter;
import com.dotmarketing.business.web.WebAPILocator;
import com.dotmarketing.exception.DotSecurityException;
import com.dotmarketing.util.SecurityLogger;
import com.liferay.portal.PortalException;
import com.liferay.portal.SystemException;
import com.liferay.portal.model.User;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/dotmarketing/servlets/DwrWrapperServlet.class */
public class DwrWrapperServlet extends DwrServlet {
    private static final long serialVersionUID = 1;

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.startsWith("/dwr/engine") && !requestURI.startsWith("/dwr/util")) {
            try {
                validateUser(httpServletRequest);
            } catch (DotSecurityException | PortalException | SystemException e) {
                httpServletResponse.setHeader("Cache-Control", HeaderFilter.NO_CACHE);
                return;
            }
        }
        super.doGet(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.startsWith("/dwr/engine") && !requestURI.startsWith("/dwr/util")) {
            try {
                validateUser(httpServletRequest);
            } catch (DotSecurityException | PortalException | SystemException e) {
                httpServletResponse.setHeader("Cache-Control", HeaderFilter.NO_CACHE);
                return;
            }
        }
        super.doPost(httpServletRequest, httpServletResponse);
    }

    private void validateUser(HttpServletRequest httpServletRequest) throws PortalException, SystemException, DotSecurityException {
        User loggedInUser = WebAPILocator.getUserWebAPI().getLoggedInUser(httpServletRequest);
        String remoteHost = httpServletRequest.getRemoteHost();
        String str = "[not logged in]";
        if (loggedInUser != null && loggedInUser.getUserId() != null) {
            str = loggedInUser.getUserId();
        }
        if (loggedInUser == null) {
            String header = httpServletRequest.getHeader("Referer");
            if (header == null || !header.contains("login.jsp")) {
                SecurityLogger.logInfo(getClass(), "unauthorized attempt to call to DWR by user " + str + " from page " + header + " from ip" + remoteHost);
            }
            throw new DotSecurityException("not authorized");
        }
    }

    protected void configureContainer(Container container, ServletConfig servletConfig) throws ServletException, IOException {
        super.configureContainer(container, servletConfig);
    }

    protected Container createContainer(ServletConfig servletConfig) throws ServletException {
        return super.createContainer(servletConfig);
    }

    public void destroy() {
        super.destroy();
    }

    public Container getContainer() {
        return super.getContainer();
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
    }
}
