slot/next-app/apps/web/src/app/api/auth/login/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { login, SESSION_COOKIE } from '@slot/auth';
import { getRequestIp } from '@/lib/session';

export async function POST(req: NextRequest) {
  const form = await req.formData();
  const loginId = String(form.get('loginId') ?? '').trim();
  const password = String(form.get('password') ?? '');
  if (!loginId || !password) {
    return NextResponse.redirect(new URL('/login?error=1', req.url), { status: 303 });
  }
  const ip = await getRequestIp();
  const result = await login(loginId, password, { ip, userAgent: req.headers.get('user-agent') ?? undefined });
  if (!result.ok) {
    return NextResponse.redirect(new URL('/login?error=1', req.url), { status: 303 });
  }
  const res = NextResponse.redirect(new URL('/', req.url), { status: 303 });
  res.cookies.set(SESSION_COOKIE, result.session.id, {
    httpOnly: true,
    sameSite: 'lax',
    path: '/',
    expires: result.session.expiresAt,
  });
  return res;
}