import { NextRequest, NextResponse } from "next/server"
import { prisma } from "@/lib/prisma"
import { comparePassword } from "@/lib/bcrypt"
import { createSession } from "@/lib/session"

export async function POST(req: NextRequest) {
  try {
    const body = await req.json().catch(() => ({}))
    const email = typeof body.email === "string" ? body.email.trim().toLowerCase() : ""
    const password = typeof body.password === "string" ? body.password : ""

    if (!email || !password) {
      return NextResponse.json({ error: "Invalid email or password" }, { status: 401 })
    }

    const user = await prisma.user.findUnique({
      where: { email },
      select: { id: true, password: true, status: true },
    })

    if (!user || user.status !== "active") {
      return NextResponse.json({ error: "Invalid email or password" }, { status: 401 })
    }

    const valid = await comparePassword(password, user.password)
    if (!valid) {
      return NextResponse.json({ error: "Invalid email or password" }, { status: 401 })
    }

    await createSession(user.id)

    return NextResponse.json({ success: true })
  } catch (err) {
    console.error("[auth/login]", err)
    return NextResponse.json({ error: "Internal server error" }, { status: 500 })
  }
}