import { NextRequest, NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import { verifyPassword } from "@/lib/auth/passwords";
import { createToken, setSessionCookie } from "@/lib/auth/human-auth";
import { loginSchema } from "@/lib/validators/auth";
export async function POST(request: NextRequest) {
try {
const body = await request.json();
const parsed = loginSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: "Validation failed", details: parsed.error.flatten() },
{ status: 400 }
);
}
const { email, password } = parsed.data;
const user = await prisma.humanUser.findUnique({ where: { email } });
if (!user) {
return NextResponse.json(
{ error: "Invalid email or password" },
{ status: 401 }
);
}
const valid = await verifyPassword(password, user.passwordHash);
if (!valid) {
return NextResponse.json(
{ error: "Invalid email or password" },
{ status: 401 }
);
}
const token = createToken(user);
const response = NextResponse.json({
user: {
id: user.id,
email: user.email,
displayName: user.displayName,
isAdmin: user.isAdmin,
},
});
setSessionCookie(response, token);
return response;
} catch (error) {
console.error("Login error:", error);
return NextResponse.json(
{ error: "Internal server error" },
{ status: 500 }
);
}
}
