package com.jte.cloud.platform.common.sql.filter;

import com.alibaba.druid.sql.SQLUtils;
import com.alibaba.druid.sql.ast.SQLStatement;
import com.alibaba.druid.sql.dialect.mysql.visitor.MySqlSchemaStatVisitor;
import com.jte.cloud.platform.common.sql.SqlKeyWords;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/jte/cloud/platform/common/sql/filter/NoQueryAllFilter.class */
public class NoQueryAllFilter implements BadSqlFilter {
    private static final Logger log = LoggerFactory.getLogger(NoQueryAllFilter.class);
    private List<String> canSelectAllTableNameList;

    public NoQueryAllFilter(String str) {
        this.canSelectAllTableNameList = new ArrayList();
        if (StringUtils.isNoneBlank(new CharSequence[]{str})) {
            this.canSelectAllTableNameList = (List) Arrays.asList(str.toUpperCase().split(",")).stream().map(str2 -> {
                return str2.trim();
            }).collect(Collectors.toList());
        }
    }

    @Override // com.jte.cloud.platform.common.sql.filter.BadSqlFilter
    public void doFilter(String str) throws Throwable {
        if (!StringUtils.startsWith(str.toUpperCase(), SqlKeyWords.SELECT) || str.contains(SqlKeyWords.LAST_INSERT_ID) || str.contains(SqlKeyWords.LIMIT) || str.indexOf(SqlKeyWords.COUNT) != -1) {
            return;
        }
        List parseStatements = SQLUtils.parseStatements(str, "mysql");
        for (int i = 0; i < parseStatements.size(); i++) {
            SQLStatement sQLStatement = (SQLStatement) parseStatements.get(i);
            MySqlSchemaStatVisitor mySqlSchemaStatVisitor = new MySqlSchemaStatVisitor();
            sQLStatement.accept(mySqlSchemaStatVisitor);
            if (!(mySqlSchemaStatVisitor.getTables().keySet().stream().filter(name -> {
                return this.canSelectAllTableNameList.indexOf(name.getName().toUpperCase()) != -1;
            }).count() > 0) && mySqlSchemaStatVisitor.getConditions().size() == 0) {
                log.error("表 {} 被设置禁止全表扫描，拒绝执行，SQL: ", mySqlSchemaStatVisitor.getTables(), str);
                throw new IllegalAccessException(String.format("表 %s 被设置禁止全表扫描，拒绝执行，SQL: %s", mySqlSchemaStatVisitor.getTables(), str));
            }
        }
    }
}
