package io.uhndata.cards.utils.internal;

import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.SlingPostProcessor;
import org.osgi.service.component.annotations.Component;

@Component
/* loaded from: input_file:io/uhndata/cards/utils/internal/DenyScriptsSlingPostProcessor.class */
public class DenyScriptsSlingPostProcessor implements SlingPostProcessor {
    public void process(SlingHttpServletRequest slingHttpServletRequest, List<Modification> list) throws Exception {
        String contentType;
        if ("admin".equalsIgnoreCase(slingHttpServletRequest.getRemoteUser())) {
            return;
        }
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Iterator<Modification> it = list.iterator();
        while (it.hasNext()) {
            Resource resource = resourceResolver.getResource(it.next().getSource());
            if (resource != null && resource.getResourceMetadata() != null && (contentType = resource.getResourceMetadata().getContentType()) != null) {
                if (contentType.toLowerCase(Locale.ROOT).contains("script")) {
                    throw new Exception("Script files are not allowed");
                }
                if (contentType.toLowerCase(Locale.ROOT).contains("html")) {
                    throw new Exception("HTML files are not allowed");
                }
            }
        }
    }
}
