package org.jeecgframework.web.cgform.util;

import java.io.UnsupportedEncodingException;
import java.text.SimpleDateFormat;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.jeecgframework.core.common.hibernate.dialect.DialectFactoryBean;
import org.jeecgframework.core.util.DBTypeUtil;
import org.jeecgframework.core.util.StringUtil;
import org.jeecgframework.web.cgform.entity.config.CgFormFieldEntity;

/* loaded from: input_file:org/jeecgframework/web/cgform/util/QueryParamUtil.class */
public class QueryParamUtil {
    public static void loadQueryParams(HttpServletRequest httpServletRequest, CgFormFieldEntity cgFormFieldEntity, Map map) {
        if ("single".equals(cgFormFieldEntity.getQueryMode())) {
            String parameter = httpServletRequest.getParameter(cgFormFieldEntity.getFieldName());
            try {
                if (StringUtil.isEmpty(parameter)) {
                    return;
                }
                if (httpServletRequest.getQueryString().contains(String.valueOf(cgFormFieldEntity.getFieldName()) + "=")) {
                    parameter = new String(parameter.getBytes("ISO-8859-1"), "UTF-8");
                }
                sql_inj_throw(parameter);
                String applyType = applyType(cgFormFieldEntity.getType(), parameter);
                if (StringUtil.isEmpty(applyType)) {
                    return;
                }
                if (!applyType.contains("*")) {
                    map.put(cgFormFieldEntity.getFieldName(), " = " + applyType);
                    return;
                } else {
                    map.put(cgFormFieldEntity.getFieldName(), " LIKE " + applyType.replaceAll("\\*", "%"));
                    return;
                }
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
                return;
            }
        }
        if ("group".equals(cgFormFieldEntity.getQueryMode())) {
            String parameter2 = httpServletRequest.getParameter(String.valueOf(cgFormFieldEntity.getFieldName()) + "_begin");
            sql_inj_throw(parameter2);
            String applyType2 = applyType(cgFormFieldEntity.getType(), parameter2);
            String parameter3 = httpServletRequest.getParameter(String.valueOf(cgFormFieldEntity.getFieldName()) + "_end");
            sql_inj_throw(parameter3);
            String applyType3 = applyType(cgFormFieldEntity.getType(), parameter3);
            if (StringUtil.isEmpty(applyType2)) {
                if (StringUtil.isEmpty(applyType3)) {
                    return;
                }
                map.put(cgFormFieldEntity.getFieldName(), " <= " + applyType3);
                return;
            }
            String str = " >= " + applyType2;
            if (!StringUtil.isEmpty(applyType3)) {
                str = String.valueOf(str) + " AND " + cgFormFieldEntity.getFieldName() + " <= " + applyType3;
            }
            map.put(cgFormFieldEntity.getFieldName(), str);
        }
    }

    public static String applyType(String str, String str2) {
        if (StringUtil.isEmpty(str2)) {
            return "";
        }
        return "String".equalsIgnoreCase(str) ? "'" + str2 + "'" : "Date".equalsIgnoreCase(str) ? getDateFunction(str2, "yyyy-MM-dd") : "Double".equalsIgnoreCase(str) ? str2 : "Integer".equalsIgnoreCase(str) ? str2 : str2;
    }

    public static boolean sql_inj(String str) {
        if (StringUtil.isEmpty(str)) {
            return false;
        }
        for (String str2 : "'|and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|;|or|+|,".split("\\|")) {
            if (str.indexOf(" " + str2 + " ") >= 0) {
                return true;
            }
        }
        return false;
    }

    public static void sql_inj_throw(String str) {
        if (sql_inj(str)) {
            throw new RuntimeException("请注意,填入的参数可能存在SQL注入!");
        }
    }

    public static String getDBType() {
        return DBTypeUtil.getDBType();
    }

    public static String getDateFunction(String str, String str2) {
        String dBType = getDBType();
        return "mysql".equalsIgnoreCase(dBType) ? "'" + str + "'" : "oracle".equalsIgnoreCase(dBType) ? "TO_DATE('" + str + "','" + str2 + "')" : "sqlserver".equalsIgnoreCase(dBType) ? "(CONVERT(VARCHAR,'" + str + "') as DATETIME)" : DialectFactoryBean.POSTGRES.equalsIgnoreCase(dBType) ? "'" + str + "'::date " : str;
    }

    public static String getJson(List<Map<String, Object>> list, Long l) {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        jSONObject.put("total", l);
        for (Map<String, Object> map : list) {
            JSONObject jSONObject2 = new JSONObject();
            for (String str : map.keySet()) {
                String valueOf = String.valueOf(map.get(str));
                String lowerCase = str.toLowerCase();
                if (lowerCase.contains("time") || lowerCase.contains("date")) {
                    valueOf = datatimeFormat(valueOf);
                }
                jSONObject2.put(lowerCase, valueOf);
            }
            jSONArray.add(jSONObject2);
        }
        jSONObject.put("rows", jSONArray);
        return jSONObject.toString();
    }

    public static String datatimeFormat(String str) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.S");
        try {
            return new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(simpleDateFormat.parse(str));
        } catch (Exception e) {
            return str;
        }
    }
}
