// app/api/auth/set-cookie/route.ts
import { cookies } from "next/headers";
import { NextResponse } from "next/server";
import { verifyDisplayJWT } from "@/lib/auth";

export async function POST(request: Request) {
  const { token } = await request.json();

  if (!token) {
    return NextResponse.json({ error: "Token is required" }, { status: 400 });
  }

  try {
    const claims = await verifyDisplayJWT(token);

    (await cookies()).set("display-token", token, {
      httpOnly: true,
      secure: process.env.NODE_ENV === "production",
      sameSite: "strict",
      maxAge: 60 * 60 * 24 * 30, // 30 days
      path: "/",
    });

    return NextResponse.json({
      success: true,
      mode: claims.mode,
    });
  } catch (error) {
    return NextResponse.json({ error: "Invalid token" }, { status: 401 });
  }
}