import { getApiBaseUrl, jsonResponse } from '../../../_lib/api';

export const dynamic = 'force-dynamic';

export async function POST(req: Request): Promise<Response> {
  const body = await req.json();
  const upstream = await fetch(`${getApiBaseUrl()}/auth/login`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
    body: JSON.stringify(body),
    cache: 'no-store',
  });
  const payload = await upstream.json();
  if (!upstream.ok) return jsonResponse(payload, upstream.status);
  const token: string | undefined = payload?.token;
  if (!token) return jsonResponse({ message: 'Login response missing token' }, 502);
  const cookieValue = `tower_token=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${60 * 60 * 24 * 7}`;
  return jsonResponse({ admin: payload.admin }, 200, { 'Set-Cookie': cookieValue });
}