tower/apps/web/app/api/auth/super/login/route.ts

import { getApiBaseUrl, jsonResponse } from '../../../../_lib/api';

export const dynamic = 'force-dynamic';

export async function POST(req: Request): Promise<Response> {
  const body = await req.json().catch(() => ({}));
  const res = await fetch(`${getApiBaseUrl()}/auth/super/login`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
    body: JSON.stringify(body),
    cache: 'no-store',
  });
  const payload = await res.json();
  const headers: Record<string, string> = {};
  if (res.ok && payload.token) {
    headers['Set-Cookie'] = `tower_super_token=${payload.token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${7 * 24 * 60 * 60}`;
  }
  return jsonResponse(payload, res.status, headers);
}