import { NextRequest, NextResponse } from 'next/server'
import bcrypt from 'bcryptjs'
import pool from '@/lib/db'
import { createSession, SESSION_COOKIE } from '@/lib/session'

export async function POST(req: NextRequest) {
  try {
    const { email, password } = await req.json()

    if (!email || !password) {
      return NextResponse.json({ error: 'Email e senha são obrigatórios' }, { status: 400 })
    }

    const [rows] = await pool.execute<any[]>(
      "SELECT * FROM portal_users WHERE email = ? AND status = 'active' LIMIT 1",
      [email],
    )

    const user = rows[0]
    if (!user) {
      return NextResponse.json({ error: 'Credenciais inválidas' }, { status: 401 })
    }

    const valid = await bcrypt.compare(password, user.password_hash)
    if (!valid) {
      return NextResponse.json({ error: 'Credenciais inválidas' }, { status: 401 })
    }

    // Atualiza last_login
    await pool.execute('UPDATE portal_users SET last_login = NOW() WHERE id = ?', [user.id])

    const token = await createSession(user.id)

    const response = NextResponse.json({
      token,
      user: {
        id: user.id,
        name: user.name,
        email: user.email,
        role: user.role,
        tenant_id: user.tenant_id,
        mfa_enabled: user.mfa_enabled,
      },
    })

    response.cookies.set(SESSION_COOKIE, token, {
      httpOnly: true,
      secure: process.env.NODE_ENV === 'production',
      sameSite: 'lax',
      maxAge: 60 * 60 * 8, // 8 horas
      path: '/',
    })

    return response
  } catch (err) {
    console.error('[v0] Erro no login:', err)
    return NextResponse.json({ error: 'Erro interno do servidor' }, { status: 500 })
  }
}