import pickle
import base64
import os
from flask import Flask, request, session, render_template, redirect, jsonify, send_from_directory

app = Flask(__name__)
app.secret_key = 'payment_platform_secret_key_2024'
app.config['UPLOAD_FOLDER'] = '/tmp'

users_db = {'test': 'test'}
orders_db = {}
order_counter = 1

@app.route('/')
def index():
    if 'user_id' not in session:
        return redirect('/login')
    return render_template('index.html', username=session['user_id'])

@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'GET':
        return render_template('login.html')
    
    username = request.form.get('username')
    password = request.form.get('password')
    
    if username in users_db and users_db[username] == password:
        session['user_id'] = username
        return redirect('/')
    
    return render_template('login.html', error='用户名或密码错误')

@app.route('/logout')
def logout():
    session.pop('user_id', None)
    return redirect('/login')

@app.route('/create_order', methods=['GET', 'POST'])
def create_order():
    if 'user_id' not in session:
        return redirect('/login')
    
    if request.method == 'GET':
        return render_template('create_order.html')
    
    order_data = request.form.get('order_data')
    if not order_data:
        return '订单数据不能为空', 400
    
    try:
        order_obj = pickle.loads(base64.b64decode(order_data))
    except:
        return '订单数据格式错误，请使用正确的序列化格式', 400
    
    global order_counter
    order_id = order_counter
    order_counter += 1
    
    orders_db[order_id] = {
        'id': order_id,
        'user': session['user_id'],
        'data': order_obj,
        'status': 'pending'
    }
    
    return jsonify({
        'success': True,
        'order_id': order_id,
        'message': '订单创建成功'
    })

@app.route('/view_order/<int:order_id>')
def view_order(order_id):
    if 'user_id' not in session:
        return redirect('/login')
    
    if order_id not in orders_db:
        return '订单不存在', 404
    
    order_info = orders_db[order_id]
    if order_info['user'] != session['user_id']:
        return '无权查看此订单', 403
    
    order_obj = order_info['data']
    
    try:
        order_str = str(order_obj)
    except:
        order_str = '订单数据无法显示'
    
    return render_template('view_order.html', 
                         order_id=order_id,
                         order_data=order_str,
                         status=order_info['status'])

@app.route('/static/<path:filename>')
def static_files(filename):
    return send_from_directory('/tmp', filename)

@app.route('/flag')
def get_flag():
    flag = os.environ.get('DASFLAG', 'DASCTF{test_flag}')
    return flag

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000, debug=False)