import { NextResponse } from "next/server"; import { isAuthEnabled, verifyCredentials, } from "@/lib/auth/config"; import { createSessionToken, SESSION_COOKIE, SESSION_MAX_AGE_SEC, } from "@/lib/auth/session"; export async function POST(req: Request) { if (!isAuthEnabled()) { return NextResponse.json({ ok: true, authEnabled: false }); } let body: { username?: string; password?: string }; try { body = await req.json(); } catch { return NextResponse.json({ error: "请求格式错误" }, { status: 400 }); } const username = body.username?.trim() ?? ""; const password = body.password ?? ""; if (!verifyCredentials(username, password)) { return NextResponse.json({ error: "用户名或密码错误" }, { status: 401 }); } const token = await createSessionToken(username); const res = NextResponse.json({ ok: true, username }); res.cookies.set(SESSION_COOKIE, token, { httpOnly: true, sameSite: "lax", secure: process.env.NODE_ENV === "production", path: "/", maxAge: SESSION_MAX_AGE_SEC, }); return res; }