const UPSTREAM_HOST = 'chatgpt.com';
const UPSTREAM_PROTOCOL = 'https:';

export default {
  async fetch(request) {
    const url = new URL(request.url);

    const targetUrl = new URL(`${UPSTREAM_PROTOCOL}//${UPSTREAM_HOST}${url.pathname}${url.search}`);

    const newRequest = new Request(targetUrl, request);

    // Mimic real browser headers (critical for bypassing some checks)
    newRequest.headers.set('Host', UPSTREAM_HOST);
    newRequest.headers.set('User-Agent', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36');
    newRequest.headers.set('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8');
    newRequest.headers.set('Accept-Language', 'en-US,en;q=0.9');
    newRequest.headers.set('Accept-Encoding', 'gzip, deflate, br');
    newRequest.headers.set('Upgrade-Insecure-Requests', '1');
    newRequest.headers.set('Sec-Fetch-Dest', 'document');
    newRequest.headers.set('Sec-Fetch-Mode', 'navigate');
    newRequest.headers.set('Sec-Fetch-Site', 'none');
    newRequest.headers.set('Sec-Fetch-User', '?1');
    newRequest.headers.set('Priority', 'u=0, i');

    // Keep Origin/Referer as proxy (or comment out if issues)
    newRequest.headers.set('Origin', url.origin);
    newRequest.headers.set('Referer', url.origin + '/');

    let response = await fetch(newRequest);

    const newHeaders = new Headers(response.headers);

    // Rewrite Location for redirects
    const location = newHeaders.get('Location');
    if (location) {
      newHeaders.set('Location', location.replace(`${UPSTREAM_PROTOCOL}//${UPSTREAM_HOST}`, url.origin));
    }

    // Rewrite Set-Cookie domains
    const setCookies = response.headers.getAll('set-cookie');
    if (setCookies.length > 0) {
      newHeaders.delete('set-cookie');
      for (const cookie of setCookies) {
        const rewrittenCookie = cookie.replace(/domain=\.?chatgpt\.com/gi, `domain=${url.host}`).replace(/domain=\.?openai\.com/gi, `domain=${url.host}`);
        newHeaders.append('set-cookie', rewrittenCookie);
      }
    }

    // Optional CORS
    newHeaders.set('Access-Control-Allow-Origin', '*');
    newHeaders.set('Access-Control-Allow-Credentials', 'true');

    return new Response(response.body, {
      status: response.status,
      statusText: response.statusText,
      headers: newHeaders,
    });
  },
};