KalBot/app/api/login/route.js

import { NextResponse } from 'next/server';
import crypto from 'crypto';
import { signSession } from '../../../lib/auth';

export async function POST(req) {
  try {
    const body = await req.json();
    const { email, password, captcha } = body;

    const cookieHash = req.cookies.get('captcha_hash')?.value;
    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
    const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');

    if (!cookieHash || cookieHash !== expectedHash) {
      return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
    }

    if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
      const token = await signSession();
      const response = NextResponse.json({ success: true, message: 'Welcome back, Master!', redirect: '/dash' });

      response.cookies.set('kalbot_session', token, {
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
        sameSite: 'strict',
        path: '/',
        maxAge: 60 * 60 * 24
      });

      return response;
    } else {
      if (process.env.NTFY_URL) {
        await fetch(process.env.NTFY_URL, {
          method: 'POST',
          body: `Failed login attempt for email: ${email}`,
          headers: { 'Title': 'Kalbot Login Alert', 'Priority': 'urgent', 'Tags': 'warning,skull' }
        }).catch(e => console.error("Ntfy error:", e));
      }
      return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
    }
  } catch (err) {
    return NextResponse.json({ error: 'Server error' }, { status: 500 });
  }
}