// Test-only mirror of the malware list. Injects known-safe packages as malicious
// to simulate blocking behavior in e2e tests without affecting real data.

import * as http from "node:http";

const lists = await downloadLists();
const server = http.createServer(handleRequest);
server.listen(5555, "127.0.0.1");
console.log("listening on http://127.0.0.1:5555");

function handleRequest(req, res) {
    if (req.method !== "GET" || !req.url) {
        res.writeHead(404);
        res.end();
        return;
    }

    if (req.url.startsWith("/ready")) {
        res.writeHead(200);
        res.end();
        return;
    }

    for (const list of lists) {
        if (req.url.startsWith(list.path)) {
            res.writeHead(200, { "Content-Type": "application/json" });
            res.end(JSON.stringify(list.data));
            return;
        }
    }

    res.writeHead(404);
    res.end();
}

async function downloadLists() {
    const lists = [
        {
            "path": "/malware_predictions.json",
            "patchFunc": (data) => data,
        },
        {
            "path": "/malware_pypi.json",
            "patchFunc": patchPypi,
        },
        {
            "path": "/releases/npm.json",
            "patchFunc": (data) => data,
        },
        {
            "path": "/releases/pypi.json",
            "patchFunc": (data) => data,
        },
    ]

    for (const list of lists) {
        list.data = list.patchFunc(await downloadList(list.path));
    }

    return lists;
}

async function downloadList(path) {
    const baseUrl = "https://malware-list.aikido.dev";
    const url = `${baseUrl}${path}`;
    const response = await fetch(url);
    return await response.json();
}

function patchPypi(data) {

    data.push({
        "package_name": "numpy",
        "version": "2.4.4",
        "reason": "MALWARE"
    });

    return data;
}