import { NextResponse } from "next/server";
import bcrypt from "bcryptjs";
import { prisma } from "@/lib/prisma";
import { createAdminToken, setAdminSession } from "@/lib/auth";

export async function POST(req: Request) {
  try {
    const { email, password } = await req.json();
    if (!email || !password) {
      return NextResponse.json({ error: "Email e senha obrigatórios" }, { status: 400 });
    }
    const user = await prisma.adminUser.findUnique({
      where: { email: String(email).toLowerCase().trim() },
    });
    if (!user || !(await bcrypt.compare(password, user.passwordHash))) {
      return NextResponse.json({ error: "Credenciais inválidas" }, { status: 401 });
    }
    const token = await createAdminToken(user.email);
    await setAdminSession(token);
    return NextResponse.json({ ok: true });
  } catch {
    return NextResponse.json({ error: "Erro no servidor" }, { status: 500 });
  }
}