import { NextRequest, NextResponse } from "next/server";
import { loginUser, deleteSession, getServerSession, SESSION_COOKIE } from "@/lib/auth";
import { cookies } from "next/headers";

export async function POST(req: NextRequest) {
  try {
    const { nickname, password } = await req.json();
    if (!nickname || !password) {
      return NextResponse.json({ error: "Nickname and password required" }, { status: 400 });
    }
    const result = await loginUser(nickname, password);
    if ("error" in result) {
      return NextResponse.json(result, { status: 401 });
    }
    const res = NextResponse.json(result.user);
    res.cookies.set(SESSION_COOKIE, result.sessionId, {
      httpOnly: true,
      secure: false,
      sameSite: "lax",
      path: "/",
      maxAge: 7 * 86400,
    });
    return res;
  } catch {
    return NextResponse.json({ error: "Login failed" }, { status: 500 });
  }
}

export async function DELETE() {
  const session = await getServerSession();
  if (session) {
    const cookieStore = await cookies();
    const token = cookieStore.get(SESSION_COOKIE)?.value;
    if (token) await deleteSession(token);
  }
  const res = NextResponse.json({ ok: true });
  res.cookies.set(SESSION_COOKIE, "", { httpOnly: true, path: "/", maxAge: 0 });
  return res;
}