oma-memorial/src/app/api/auth/route.ts

import { NextRequest, NextResponse } from 'next/server'
import { createHash } from 'crypto'
import { cookies } from 'next/headers'

function getExpectedToken() {
  return createHash('sha256')
    .update(process.env.ADMIN_PASSWORD || 'change-me')
    .digest('hex')
}

export async function GET() {
  const cookieStore = await cookies()
  const token = cookieStore.get('admin_auth')?.value
  return NextResponse.json({ authed: token === getExpectedToken() })
}

export async function POST(req: NextRequest) {
  const { password } = await req.json()

  if (password !== (process.env.ADMIN_PASSWORD || 'change-me')) {
    return NextResponse.json({ error: 'Falsches Passwort' }, { status: 401 })
  }

  const response = NextResponse.json({ success: true })
  response.cookies.set('admin_auth', getExpectedToken(), {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    maxAge: 60 * 60 * 24 * 30,
    path: '/',
  })
  return response
}

export async function DELETE() {
  const response = NextResponse.json({ success: true })
  response.cookies.delete('admin_auth')
  return response
}