package net.prizowo.filejs.security;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import net.minecraftforge.fml.loading.FMLPaths;
import net.prizowo.filejs.Filesjs;

/* loaded from: input_file:net/prizowo/filejs/security/FileAccessManager.class */
public class FileAccessManager {
    private static final Set<String> ALLOWED_SUBDIRS = new HashSet(Arrays.asList("config", "saves", "logs", "mods", "resourcepacks", "kubejs", "scripts", "defaultconfigs", "schematics", "crash-reports", "screenshots"));
    private static final Set<String> ALLOWED_EXTENSIONS = new HashSet(Arrays.asList(".js", ".mjs", ".cjs", ".jsx", ".py", ".pyw", ".pyi", ".java", ".class", ".jar", ".html", ".htm", ".css", ".scss", ".less", ".vue", ".json", ".json5", ".yaml", ".yml", ".toml", ".xml", ".csv", ".tsv", ".properties", ".conf", ".config", ".cfg", ".ini", ".lua", ".rb", ".php", ".pl", ".sh", ".bat", ".ps1", ".zs", ".groovy", ".gradle", ".kt", ".kts", ".nbt", ".mcfunction", ".mcmeta", ".lang", ".dat", ".txt", ".md", ".log", ".template", ".list", ".sql", ".r", ".c", ".cpp", ".h", ".hpp", ".cs", ".go", ".rs", ".ts", ".tsx", ".backup", ".bak"));
    private static final long MAX_FILE_SIZE = 10485760;

    private static Path getMinecraftDir() {
        return FMLPaths.GAMEDIR.get();
    }

    public static void validateFileAccess(String str) throws SecurityException {
        if (str.startsWith("kubejs/backups/")) {
            return;
        }
        Path minecraftDir = getMinecraftDir();
        Path normalize = Paths.get(str, new String[0]).normalize();
        Path resolve = normalize.isAbsolute() ? normalize : minecraftDir.resolve(normalize);
        if (!resolve.startsWith(minecraftDir)) {
            throw new SecurityException("Access denied: Cannot access files outside Minecraft instance directory: " + str);
        }
        String replace = minecraftDir.relativize(resolve).toString().replace('\\', '/');
        if (replace.contains("..")) {
            throw new SecurityException("Access denied: Parent directory traversal not allowed");
        }
        if (!ALLOWED_SUBDIRS.stream().anyMatch(str2 -> {
            return replace.startsWith(str2 + "/") || replace.equals(str2);
        })) {
            throw new SecurityException("Access denied: Directory not allowed: " + str + "\nAllowed directories: " + String.join(", ", ALLOWED_SUBDIRS));
        }
        if (!replace.startsWith("kubejs/backups/") && !ALLOWED_EXTENSIONS.stream().anyMatch(str3 -> {
            return replace.toLowerCase().endsWith(str3);
        }) && !Files.isDirectory(resolve, new LinkOption[0])) {
            throw new SecurityException("Access denied: File type not allowed: " + str + "\nAllowed extensions: " + String.join(", ", ALLOWED_EXTENSIONS));
        }
    }

    public static void validateFileSize(Path path) throws SecurityException, IOException {
        if (Files.exists(path, new LinkOption[0]) && !Files.isDirectory(path, new LinkOption[0]) && Files.size(path) > MAX_FILE_SIZE) {
            throw new SecurityException(String.format("File size exceeds limit (max %.2fMB): %s", Double.valueOf(10.0d), path));
        }
    }

    public static void validateContentSize(String str) throws SecurityException {
        if (str != null && str.length() > MAX_FILE_SIZE) {
            throw new SecurityException(String.format("Content size exceeds limit (max %.2fMB)", Double.valueOf(10.0d)));
        }
    }

    public static boolean isScriptThread() {
        return Arrays.stream(Thread.currentThread().getStackTrace()).anyMatch(stackTraceElement -> {
            return stackTraceElement.getClassName().contains("rhino") || stackTraceElement.getClassName().contains("script");
        });
    }

    public static void logSecurityViolation(String str, String str2) {
        Filesjs.LOGGER.warn("Security violation: {} (Path: {})", str, str2);
        if (isScriptThread()) {
            Filesjs.LOGGER.warn("Violation from script execution");
        }
    }
}
