import { NextRequest, NextResponse } from "next/server"; import { getPocketBaseConfig } from "@/config/services.config"; import { AUTH_COOKIE_DOMAIN } from "@/config/domain.config"; const COOKIE_NAME = "pb_session"; const COOKIE_MAX_AGE = 60 * 60 * 24 * 365; export async function GET(request: NextRequest) { const cookie = request.cookies.get(COOKIE_NAME)?.value; if (!cookie) { return NextResponse.json({ ok: true, user: null }); } try { const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8")); const { token, userId, email } = payload; if (!token || !userId) return NextResponse.json({ ok: true, user: null }); const pb = getPocketBaseConfig(); const res = await fetch(`${pb.url}/api/users/refresh`, { headers: { Authorization: `Bearer ${token}` }, }); if (!res.ok) { const r = NextResponse.json({ ok: true, user: null }); r.cookies.set(COOKIE_NAME, "", { domain: AUTH_COOKIE_DOMAIN, path: "/", maxAge: 0 }); return r; } const data = await res.json(); const newToken = data.token; const newRecord = data.record; // 刷新成功:回写新 token 到 Cookie,保持登录态长期有效 if (newToken && newRecord?.id) { const newPayload = JSON.stringify({ token: newToken, userId: newRecord.id, email: newRecord.email ?? email, }); const encoded = Buffer.from(newPayload, "utf-8").toString("base64url"); const r = NextResponse.json({ ok: true, user: { id: newRecord.id, email: newRecord.email ?? email }, token: newToken, }); r.cookies.set(COOKIE_NAME, encoded, { domain: AUTH_COOKIE_DOMAIN, path: "/", maxAge: COOKIE_MAX_AGE, secure: process.env.NODE_ENV === "production", sameSite: "lax", httpOnly: true, }); return r; } return NextResponse.json({ ok: true, user: { id: data.record?.id ?? userId, email: data.record?.email ?? email }, token: data.token, }); } catch { return NextResponse.json({ ok: true, user: null }); } }