'use strict';

function makeApp() {
  const routes = {};
  return {
    post(path, handler) {
      routes[`POST ${path}`] = handler;
    },
    handle(method, path, req) {
      const key = `${method} ${path}`;
      if (routes[key]) return routes[key](req);
      return { status: 404, body: 'not found' };
    }
  };
}

function createServer() {
  const app = makeApp();
  app.post('/api/admin/exec', (req) => {
    if (req?.env?.ALLOW_EXEC !== 'true') {
      return { status: 403, body: 'forbidden' };
    }
    if (typeof req?.body?.code !== 'string') {
      return { status: 400, body: 'bad request' };
    }
    // eslint-disable-next-line no-eval
    const result = eval(req.body.code);
    return { status: 200, body: String(result) };
  });
  return app;
}

module.exports = { createServer };