import { NextRequest, NextResponse } from 'next/server';
import { authLimiter } from '@/lib/middleware/rateLimiter';

/**
 * Login endpoint with rate limiting
 * Limited to 5 attempts per 15 minutes per IP
 */
export async function POST(request: NextRequest) {
  // Apply rate limiting
  const rateLimitResult = await authLimiter(request);
  if (rateLimitResult) return rateLimitResult;

  try {
    const body = await request.json();
    const { email, password } = body;

    // TODO: Implement actual authentication logic
    // This is a placeholder - actual auth will be handled by backend

    // For now, forward to backend API
    const backendUrl = process.env.NEXT_PUBLIC_API_URL || 'http://localhost:3020';
    const response = await fetch(`${backendUrl}/api/v1/auth/login`, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
      },
      body: JSON.stringify({ email, password }),
    });

    const data = await response.json();

    if (!response.ok) {
      return NextResponse.json(data, { status: response.status });
    }

    return NextResponse.json(data, { status: 200 });
  } catch (error) {
    console.error('[Auth] Login error:', error);
    return NextResponse.json(
      {
        error: 'AUTH_LOGIN_FAILED',
        message: 'Login failed. Please try again.',
      },
      { status: 500 }
    );
  }
}