package Email::SpoofingDemo::API::Attacker;
use Dancer2;

our $VERSION = '0.1';

my $SCRIPT = '/home/attaquant/scripts/send_email.py';

sub run_script {
    open(my $fh, '-|', $SCRIPT, '--non-interactive', @_)
        or die "$SCRIPT: $!";

    my $json;
    {
        local $/ = undef;
        $json = <$fh>;
    }

    close($fh);

    if (($? >> 8) != 0) {
        die $json;
    }
    return from_json($json);
}

get '/' => sub { return "Welcome"; };

get '/config' => sub {
    return run_script('--get-config');
};

post '/spoof' => sub {
    my $helo = body_parameters->{'helo'};
    my $scenario = body_parameters->{'scenario'};

    if (not defined $scenario) {
        status 400;
        return "Need a scenario name";
    }

    my @args = ('--template', $scenario);
    if (defined $helo) {
        push @args, ('--helo', $helo);
    }
    if (body_parameters->{'replace_mail_from'}) {
        push @args, ('--replace-rfc5321-mail-from');
    }

    return run_script(@args);
};

any qr{.*} => sub { status 'not_found'; return "Invalid route" };

dance;

true;