import { NextResponse } from "next/server"; import { UserStatus } from "@prisma/client"; import { prisma } from "../../../../lib/prisma"; import { verifyPassword } from "../../../../lib/auth"; import { signAccessToken, buildSessionCookie, clearSessionCookie, } from "../../../../lib/jwt"; export async function POST(req: Request) { try { const body = await req.json(); const email = String(body.email ?? "") .trim() .toLowerCase(); const password = String(body.password ?? ""); if (!email || !password) { return NextResponse.json( { error: "Email and password are required" }, { status: 400 }, ); } const user = await prisma.user.findUnique({ where: { email } }); if (!user) { return NextResponse.json( { error: "Invalid credentials" }, { status: 401 }, ); } const valid = await verifyPassword(password, user.passwordHash); if (!valid) { return NextResponse.json( { error: "Invalid credentials" }, { status: 401 }, ); } if (!user.emailVerifiedAt) { return NextResponse.json( { error: "Email not verified yet" }, { status: 403 }, ); } if (!user.approvedAt || user.status !== UserStatus.ACTIVE) { const statusMessage = user.status === UserStatus.REJECTED ? "User access was rejected" : user.status === UserStatus.REMOVED ? "User has been removed" : "User is not approved yet"; return NextResponse.json({ error: statusMessage }, { status: 403 }); } const token = await signAccessToken({ userId: user.id, role: user.role }); const res = NextResponse.json({ token, user: { id: user.id, role: user.role, email: user.email }, }); res.headers.append("Set-Cookie", buildSessionCookie(token)); return res; } catch (error) { console.error("Login error", error); const res = NextResponse.json({ error: "Login failed" }, { status: 500 }); res.headers.append("Set-Cookie", clearSessionCookie()); return res; } }