oma-memorial/src/app/api/site-auth/route.ts

import { NextRequest, NextResponse } from 'next/server'
import { createHash } from 'crypto'

export const runtime = 'nodejs'

function getExpectedToken() {
  return createHash('sha256')
    .update(process.env.SITE_PASSWORD || 'familie')
    .digest('hex')
}

export async function POST(req: NextRequest) {
  const { password } = await req.json()

  if (password !== (process.env.SITE_PASSWORD || 'familie')) {
    return NextResponse.json({ error: 'Falsches Passwort' }, { status: 401 })
  }

  const response = NextResponse.json({ success: true })
  response.cookies.set('site_auth', getExpectedToken(), {
    httpOnly: true,
    secure: process.env.NODE_ENV === 'production',
    sameSite: 'lax',
    maxAge: 60 * 60 * 24 * 30,
    path: '/',
  })
  return response
}