import json, threading
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import parse_qs

USERS = {
    "attacker_code": {"sub": "attacker_id_111", "email": "attacker@evil.com", "email_verified": True},
    "victim_code":   {"sub": "victim_id_999",   "email": "victim@company.com", "email_verified": True},
}

class Handler(BaseHTTPRequestHandler):
    def log_message(self, *a): pass
    def send_json(self, code, body):
        data = json.dumps(body).encode()
        self.send_response(code)
        self.send_header("Content-Type", "application/json")
        self.send_header("Content-Length", str(len(data)))
        self.end_headers()
        self.wfile.write(data)
    def do_POST(self):
        body = self.rfile.read(int(self.headers.get("Content-Length", 0))).decode()
        code = parse_qs(body).get("code", [""])[0]
        self.send_json(200, {"access_token": code, "token_type": "Bearer"})
    def do_GET(self):
        token = self.headers.get("Authorization", "").removeprefix("Bearer ").strip()
        user = USERS.get(token)
        self.send_json(200 if user else 401, user or {"error": "invalid_token"})

def start(port=8089):
    s = HTTPServer(("127.0.0.1", port), Handler)
    threading.Thread(target=s.serve_forever, daemon=True).start()
    return s