package bench.reachability.micronautguard;

import java.util.Map;
import java.util.Base64;
import java.io.*;

public class Controller {
    // Deserialization behind feature flag; unreachable unless ALLOW_MN_DESER=true
    public static Response handleUpload(Map<String, String> body, Map<String, String> env) {
        if (!"true".equals(env.getOrDefault("ALLOW_MN_DESER", "false"))) {
            return new Response(403, "forbidden");
        }
        String payload = body.get("payload");
        if (payload == null) {
            return new Response(400, "bad request");
        }
        try (ObjectInputStream ois = new ObjectInputStream(
                new ByteArrayInputStream(Base64.getDecoder().decode(payload)))) {
            Object obj = ois.readObject();
            return new Response(200, obj.toString());
        } catch (Exception ex) {
            return new Response(500, ex.getClass().getSimpleName());
        }
    }

    public record Response(int status, String body) {}
}