makearmy-app/app/api/auth/login/route.ts

// app/api/auth/login/route.ts
import { NextResponse } from "next/server";
import { emailForUsername, loginDirectus, directusAdminFetch } from "@/lib/directus";
import { setAuthCookies, type TokenBundle, type PublicUser } from "@/lib/auth-cookies";

export const runtime = "nodejs";

function bad(msg: string, status = 400) {
    return NextResponse.json({ ok: false, error: msg }, { status });
}

export async function POST(req: Request) {
    try {
        const body = await req.json().catch(() => ({}));
        const identifier = String(body?.identifier || "").trim(); // username or email
        const password = String(body?.password || "").trim();

        if (!identifier) return bad("Missing identifier");
        if (!password) return bad("Missing password");

        // 1) Resolve email (Directus login requires email)
        let email = identifier.includes("@") ? identifier : null;
        if (!email) {
            email = await emailForUsername(identifier);
            if (!email) return bad("User not found", 404);
        }

        // 2) Login through Directus
        const tokens = (await loginDirectus(email, password)) as TokenBundle;

        // 3) Fetch minimal public user
        const { data } = await directusAdminFetch<{ data: Array<{ id: string; email: string; username: string }> }>(
            `/users?filter[email][_eq]=${encodeURIComponent(email)}&fields=id,email,username&limit=1`
        );
        const userRow = data?.[0];
        if (!userRow) return bad("User not found after login", 404);

        const user: PublicUser = {
            id: String(userRow.id),
            email: String(userRow.email || ""),
            username: String(userRow.username || ""),
        };

        // 4) Build response and set cookies (mutates in-place)
        const res = NextResponse.json<{ ok: boolean; user: PublicUser }>({
            ok: true,
            user,
        });
        setAuthCookies(res, tokens, user);
        return res;
    } catch (err: any) {
        return NextResponse.json({ ok: false, error: err?.message || "Login failed" }, { status: 401 });
    }
}