package com.iscas.base.biz.util;

import com.iscas.base.biz.autoconfigure.cors.CorsProps;
import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:com/iscas/base/biz/util/CorsUtils.class */
public class CorsUtils {
    private static final Pattern ORIGIN_ERROR_PATTERN = Pattern.compile("[&<>^$!]");

    private CorsUtils() {
    }

    public static String checkOrigin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, CorsProps corsProps) throws IOException {
        String header = httpServletRequest.getHeader("Origin");
        if (header == null || "null".equals(header)) {
            header = corsProps.getOriginPattern();
        }
        if (!ORIGIN_ERROR_PATTERN.matcher(header).find()) {
            return header;
        }
        rejectRequest(httpServletResponse);
        return null;
    }

    private static void rejectRequest(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
        httpServletResponse.getOutputStream().println("Invalid CORS request");
        httpServletResponse.getOutputStream().flush();
    }
}
