// app/api/me/route.ts
import { NextResponse } from "next/server";

function readCookie(name: string, cookieHeader: string) {
    const m = cookieHeader.match(new RegExp(`(?:^|;\\s*)${name}=([^;]+)`));
    return m?.[1] ?? null;
}

export async function GET(req: Request) {
    const base = process.env.NEXT_PUBLIC_API_BASE_URL!;
    const url  = `${base}/users/me?fields=id,username,display_name,first_name,last_name,email`;

    const cookieHeader = req.headers.get("cookie") ?? "";
    const ma_at = readCookie("ma_at", cookieHeader);

    const headers: Record<string, string> = { "cache-control": "no-store" };
    if (cookieHeader) headers.cookie = cookieHeader;          // session cookie
    if (ma_at) headers.authorization = `Bearer ${ma_at}`;     // direct token (if present)

    const res  = await fetch(url, { headers, cache: "no-store" });
    const raw  = await res.json().catch(() => ({}));
    const data = raw?.data ?? raw ?? null;                    // normalize

    return NextResponse.json(
        { data },
        { status: res.status, headers: { "content-type": "application/json", "cache-control": "no-store" } }
    );
}