#!/bin/sh
set -eu

mkdir -p "${LANGFLOW_CONFIG_DIR}" "${LANGFLOW_KNOWLEDGE_BASES_DIR}"

mkdir -p "${CHALLENGE_TARGET_DIR}"
printf 'delete-me: CVE-2026-42048 challenge target\n' \
  > "${CHALLENGE_TARGET_DIR}/proof.txt"

echo "[lab] Langflow vulnerable version: 1.8.4"
echo "[lab] Internal Langflow API: http://127.0.0.1:${LANGFLOW_PORT}"
echo "[lab] Public challenge proxy: http://0.0.0.0:${CHALLENGE_PROXY_PORT}"
echo "[lab] Knowledge base dir: ${LANGFLOW_KNOWLEDGE_BASES_DIR}"
echo "[lab] Delete target dir: ${CHALLENGE_TARGET_DIR}"
echo "[lab] Required kb_names payload path: ${CHALLENGE_TARGET_DIR}"

langflow run --host 127.0.0.1 --port "${LANGFLOW_PORT}" &
LANGFLOW_PID="$!"

trap 'kill "$LANGFLOW_PID" 2>/dev/null || true' INT TERM
exec python /opt/cve-2026-42048/challenge-proxy.py