// app/api/auth/login/route.js
import { NextResponse } from "next/server";
import jwt from "jsonwebtoken";
import users from "@/data/users";

export async function POST(request) {
	const { username, password } = await request.json();

	const user = users.find((u) => u.username === username);

	if (!user || user.password !== password) {
		return NextResponse.json(
			{ error: "Invalid username or password" },
			{ status: 401, headers: { "Cache-Control": "no-store" } }
		);
	}

	const token = jwt.sign(
		{
			username: user.username,
			niederlassungId: user.id,
			role: user.role,
		},
		process.env.JWT_SECRET,
		{ expiresIn: "1h" }
	);

	const redirectUrl =
		user.role === "admin" ? "/admin-view" : `/niederlassung/${user.id}`;

	const response = NextResponse.json({
		message: "Login successful",
		redirectUrl,
	});

	response.headers.set("Cache-Control", "no-store");

	// `secure: false` setzen, um sicherzustellen, dass der Cookie über HTTP funktioniert
	response.cookies.set("authToken", token, {
		httpOnly: true,
		secure: false, // Deaktiviert, um sicherzustellen, dass es auch über HTTP funktioniert
		sameSite: "Strict",
		maxAge: 3600, // 1 Stunde
		path: "/",
	});

	return response;
}