biblical-guide.com/app/api/auth/login/route.ts

import { NextResponse } from 'next/server'
import { validateUser, generateToken } from '@/lib/auth'
import { prisma } from '@/lib/db'
import { createUserLoginSchema } from '@/lib/validation'

export const runtime = 'nodejs'

function getErrorMessages(locale: string = 'ro') {
  const messages = {
    ro: {
      fieldsRequired: 'Email și parola sunt obligatorii',
      invalidCredentials: 'Email sau parolă incorectă',
      serverError: 'Eroare de server',
      invalidInput: 'Date de intrare invalide'
    },
    en: {
      fieldsRequired: 'Email and password are required',
      invalidCredentials: 'Invalid email or password',
      serverError: 'Server error',
      invalidInput: 'Invalid input data'
    }
  }
  return messages[locale as keyof typeof messages] || messages.ro
}

export async function POST(request: Request) {
  try {
    const url = new URL(request.url)
    const locale = url.searchParams.get('locale') || 'ro'
    const messages = getErrorMessages(locale)

    const body = await request.json()
    const { email, password } = body

    // Validation
    const loginSchema = createUserLoginSchema(locale)
    const result = loginSchema.safeParse({ email, password })

    if (!result.success) {
      const errors = result.error.errors.map(err => err.message).join(', ')
      return NextResponse.json({ error: errors }, { status: 400 })
    }

    // Validate user
    const user = await validateUser(email, password)
    if (!user) {
      return NextResponse.json({ error: messages.invalidCredentials }, { status: 401 })
    }

    // Generate token
    const token = generateToken(user.id)

    // Create session
    await prisma.session.create({
      data: {
        userId: user.id,
        token,
        expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
      }
    })

    // Update last login
    await prisma.user.update({
      where: { id: user.id },
      data: { lastLoginAt: new Date() }
    })

    return NextResponse.json({
      user: { id: user.id, email: user.email, name: user.name, role: user.role, theme: user.theme, fontSize: user.fontSize },
      token
    })
  } catch (error) {
    console.error('Login error:', error)
    const url = new URL(request.url)
    const locale = url.searchParams.get('locale') || 'ro'
    const messages = getErrorMessages(locale)
    return NextResponse.json({ error: messages.serverError }, { status: 500 })
  }
}