import { NextResponse } from 'next/server'
import { cookies } from 'next/headers'
import { signSharedJwt, sharedCookieConfig } from '@/lib/jwt'
import { ldapAuth } from '@/lib/ldap'

export async function POST(request: Request) {
  try {
    const { username, password } = await request.json()
    if (!username || !password) {
      return NextResponse.json({ error: '请输入用户名和密码' }, { status: 400 })
    }

    const result = await ldapAuth(username, password)
    if (!result.success) {
      if (result.unreachable) {
        return NextResponse.json({ error: '认证服务暂时不可用，请稍后再试' }, { status: 503 })
      }
      return NextResponse.json({ error: '用户名或密码错误' }, { status: 401 })
    }

    const token = signSharedJwt({ username: result.username!, displayName: result.displayName! })
    const cfg = sharedCookieConfig()
    const cookieStore = await cookies()
    cookieStore.set(cfg.name, token, cfg)

    return NextResponse.json({
      user: { username: result.username, displayName: result.displayName },
    })
  } catch {
    return NextResponse.json({ error: '登录失败' }, { status: 500 })
  }
}