import { NextRequest, NextResponse } from 'next/server'
import { login } from '@/lib/auth'
import { initDatabase } from '@/lib/db-schema'

export async function POST(request: NextRequest) {
  try {
    initDatabase()
    const { username, password } = await request.json()
    if (!username || !password) return NextResponse.json({ error: '请输入用户名和密码' }, { status: 400 })
    const result = await login(username, password)
    if (!result) return NextResponse.json({ error: '用户名或密码错误' }, { status: 401 })
    const response = NextResponse.json({ user: result.user })
    response.cookies.set('session_issue', result.token, { httpOnly: true, secure: process.env.NODE_ENV === 'production', sameSite: 'lax', maxAge: 7 * 24 * 60 * 60, path: '/' })
    return response
  } catch (e) { console.error('Login error:', e); return NextResponse.json({ error: '登录失败' }, { status: 500 }) }
}