gucci

app/api/auth/login/route.ts

@@ -0,0 +1,39 @@
+import { NextResponse } from "next/server";
+import { prisma } from "@/lib/db";
+import {
+  createSessionToken,
+  setSessionCookie,
+  verifyPassword,
+} from "@/lib/auth";
+
+export async function POST(req: Request) {
+  const body = await req.json().catch(() => null);
+  const email = (body?.email as string | undefined)?.toLowerCase()?.trim();
+  const password = body?.password as string | undefined;
+
+  if (!email || !password) {
+    return NextResponse.json(
+      { error: "Email and password are required." },
+      { status: 400 }
+    );
+  }
+
+  const user = await prisma.user.findUnique({ where: { email } });
+  if (!user) {
+    return NextResponse.json({ error: "Invalid credentials." }, { status: 401 });
+  }
+
+  const valid = await verifyPassword(password, user.passwordHash);
+  if (!valid) {
+    return NextResponse.json({ error: "Invalid credentials." }, { status: 401 });
+  }
+
+  const token = await createSessionToken({ userId: user.id, email: user.email });
+  await setSessionCookie(token);
+
+  return NextResponse.json({
+    ok: true,
+    user: { id: user.id, email: user.email },
+  });
+}
+