import svgCaptcha from 'svg-captcha';
import { NextResponse } from 'next/server';
import crypto from 'crypto';

// Prevent Next.js from evaluating this route at build time
export const dynamic = 'force-dynamic';

export async function GET() {
    const captcha = svgCaptcha.create({
        size: 5,
        ignoreChars: '0o1i',
        noise: 2,
        color: true,
        background: '#f3f4f6'
    });
    
    const text = captcha.text.toLowerCase();
    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
    const hash = crypto.createHmac('sha256', secret).update(text).digest('hex');

    const response = new NextResponse(captcha.data, {
        headers: {
            'Content-Type': 'image/svg+xml',
            'Cache-Control': 'no-store, max-age=0'
        }
    });
    
    // Store the expected hash in an HttpOnly cookie
    response.cookies.set('captcha_hash', hash, {
        httpOnly: true,
        path: '/',
        maxAge: 300 // 5 minutes validity
    });
    
    return response;
}