import { NextResponse } from "next/server";
import { cookies } from "next/headers";
import { getSessionCookieName } from "@/lib/server/auth";
import { loginUser } from "@/lib/server/auth-service";
import { toErrorResponse } from "@/lib/server/errors";

export async function POST(req: Request) {
  const body = await req.json().catch(() => null);
  const email = String(body?.email || "").trim().toLowerCase();
  const password = String(body?.password || "");
  const remember = Boolean(body?.remember ?? true);

  if (!email || !password)
    return NextResponse.json({ error: { code: "MISSING_CREDENTIALS", message: "Missing credentials" } }, { status: 400 });

  let user;
  let session;
  try {
    const result = await loginUser({ email, password, remember });
    user = result.user;
    session = result.session;
  } catch (e) {
    const { status, body } = toErrorResponse(e, "POST /api/auth/login");
    return NextResponse.json(body, { status });
  }
  const cookieStore = await cookies();
  cookieStore.set(getSessionCookieName(), session.token, {
    httpOnly: true,
    sameSite: "lax",
    secure: process.env.NODE_ENV === "production",
    maxAge: Math.floor(session.ttlMs / 1000),
    path: "/"
  });

  return NextResponse.json({ user });
}