package com.bokesoft.scm.cloud.yigo.frontend.interceptor;

import com.alibaba.fastjson.JSONObject;
import com.bokesoft.scm.cloud.yigo.frontend.utils.ProcessXSSUtil;
import com.bokesoft.scm.eapp.exception.CommonException;
import com.bokesoft.scm.eapp.utils.spring.SpringContext;
import com.bokesoft.scm.yigo.comm.CommUtils;
import com.bokesoft.scm.yigo.comm.NodeMatchUtils;
import com.bokesoft.scm.yigo.frontend.auth.SolutionProcess;
import java.io.File;
import java.io.IOException;
import org.apache.commons.lang3.StringUtils;

@ServiceInterceptorInfo(serviceIds = {"Base64Image"})
/* loaded from: input_file:com/bokesoft/scm/cloud/yigo/frontend/interceptor/Base64ImageInterceptor.class */
public class Base64ImageInterceptor implements ServiceInterceptor {
    public String process(String str, JSONObject jSONObject) throws CommonException {
        String jSONObject2;
        String str2 = null;
        String str3 = null;
        if (jSONObject.containsKey("formKey")) {
            str3 = jSONObject.getString("formKey");
        }
        if (jSONObject.containsKey("path")) {
            str2 = jSONObject.getString("path");
        }
        String replace = str2.replace("\\", "/");
        SolutionProcess solutionProcess = (SolutionProcess) SpringContext.getBean(SolutionProcess.class);
        String solutionsPath = solutionProcess.getSolutionsPath(jSONObject.getString("clientID"));
        File file = new File((solutionProcess.getRelativeSoluthPath(jSONObject.getString("clientID")) + File.separator + "Resource") + File.separator + replace);
        if (file.exists()) {
            try {
                if (!file.getCanonicalPath().replaceAll("\\\\", "/").contains(solutionsPath.replaceAll("\\\\", "/"))) {
                    throw new CommonException("文件读取路径非solution路径！");
                }
            } catch (IOException e) {
            }
        }
        try {
            jSONObject2 = CommUtils.getDataProcessHandler().process(StringUtils.isBlank(str3) ? CommUtils.getDefaultNodeName() : NodeMatchUtils.getFormNode(str3), jSONObject.toString());
        } catch (Exception e2) {
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("error_code", -1);
            jSONObject3.put("error_info", ProcessXSSUtil.stripXss(e2.getMessage()));
            jSONObject2 = jSONObject3.toString();
        }
        return jSONObject2;
    }
}
