fj-dc/.svn/pristine/e0/e0bc82e37628f828de04c77fcef4a7be7dd72e68.svn-base

package cn.com.goldenwater.dcproj.utils;

import cn.com.goldenwater.dcproj.constValue.CommonLabel;
import cn.com.goldenwater.dcproj.filter.XssFilter;
import cn.com.goldenwater.dcproj.filter.XssHttpServletRequestWrapper;
import net.sf.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.HandlerMapping;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;

public class RequestUtils {
    private static final Logger logger = LoggerFactory.getLogger(XssFilter.class);

    /**
     * 获取参数里面的用户id
     */
    public static String getPersId(HttpServletRequest request, HttpServletResponse response) {
        Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
        String persId = "";
        if (pathVariables != null) {
            persId = pathVariables.get(CommonLabel.PERSID) != null ? (String) pathVariables.get(CommonLabel.PERSID) : (String) pathVariables.get("persid");
            if (StringUtils.isBlank(persId)) {//persid
                persId = (String) pathVariables.get("presId");
            }
        }
        if (StringUtils.isBlank(persId)) {
            persId = request.getParameter(CommonLabel.PERSID) != null ? request.getParameter(CommonLabel.PERSID) : request.getParameter("persid");
        }
        if (StringUtils.isBlank(persId)) {//persid
            persId = request.getParameter("userId") != null ? request.getParameter("userId") : request.getParameter("userid");

        }
        //

        if (StringUtils.isBlank(persId)) {
            String str = new XssHttpServletRequestWrapper(request, response).getBodyString(request);
            if (StringUtils.isNotBlank(str)) {
                if (str.startsWith("{")) {
                    JSONObject jsonObject = JSONObject.fromObject(str);
                    Map<String, Object> map = (Map<String, Object>) JSONObject.toBean(jsonObject, Map.class);
                    for (String key : map.keySet()) {
                        if (key.equals(CommonLabel.PERSID) || "curUserId".equals(key) || "persid".equals(key)
                                || "presId".equals(key) || "recPers".equals(key) || "userId".equals(key) || "guid".equals(key)) {
                            persId = map.get(key).toString();
                            if (StringUtils.isNotBlank(persId)) {
                                break;
                            }
                        }
                    }
                }
            }
            //请求用户
        }
        return persId;
    }

    /**
     * 根据名字获取系统中的参数
     */
    public static String getParamInReq(HttpServletRequest request, HttpServletResponse response, String param) {
        String paramValue = request.getParameter(param);
        if (StringUtils.isBlank(paramValue)) {
            paramValue = request.getHeader(param);
            if (StringUtils.isBlank(paramValue)) {
                Map pathVariables = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
                paramValue = (String) pathVariables.get(param);
                if (StringUtils.isBlank(paramValue)) {
                    paramValue = (String) request.getAttribute(param);
                    if (StringUtils.isBlank(paramValue)) {
                        String str = new XssHttpServletRequestWrapper(request, response).getBodyString(request);
                        if (StringUtils.isNotBlank(str)) {
                            if (str.startsWith("{")) {
                                JSONObject jsonObject = JSONObject.fromObject(str);
                                Map<String, Object> map = (Map<String, Object>) JSONObject.toBean(jsonObject, Map.class);
                                for (String key : map.keySet()) {
                                    if (key.equals(param)) {
                                        paramValue = map.get(key).toString();
                                        if (StringUtils.isNotBlank(paramValue)) {
                                            break;
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        return paramValue;
    }

    public static String cleanScript(String input) {
       /* if (
                (input.contains(" ' ") && input.contains(" + "))
                || (input.contains(" ' ") && input.contains(" and "))//多重条件
                || (input.contains("window") && input.contains("location"))
                *//*|| (input.contains("'") && input.contains("or"))*//*
        )
        {
            logger.info("lanjie==error-333:xss   =====================" + input + "=====================error-333:xss");
            return "error-333:xss";
        }
        //单个条件
        if (
//                input.toLowerCase().contains("script")||
                 input.toLowerCase().contains("iframe")
                || input.contains("onkey")
                || input.contains("onclick")
                *//*|| input.toLowerCase().contains("javascript") *//*
                || input.toLowerCase().contains("alert")
                || input.contains(".jsp")
                *//*|| input.contains("';")*//*
                || input.contains("eval")
                || input.contains("cookie")
                || input.contains("onload")
             *//*   || input.contains("''")
                || input.contains(" + ")*//*
                || input.contains(".js")
                || input.contains(".css")
                || input.toLowerCase().contains("expression")
                || input.contains("onmouse")) {
            logger.info("lanjie===error-333:======================" + input + "=====================error-333");
            return "error-333:";
        }*/
        return input;
    }
}