import { NextRequest, NextResponse } from "next/server"; import { AUTH_COOKIE_DOMAIN } from "@/config/domain.config"; const COOKIE_NAME = "pb_session"; const COOKIE_MAX_AGE = 60 * 60 * 24 * 365; // 365 天,登录态持续有效直至用户主动退出 export async function POST(request: NextRequest) { const body = await request.json().catch(() => ({})); const token = body?.token; const record = body?.record; if (!token || !record?.id) { return NextResponse.json({ ok: false, error: "缺少 token 或 record" }, { status: 400 }); } const payload = JSON.stringify({ token, userId: record.id, email: record.email ?? "", }); const encoded = Buffer.from(payload, "utf-8").toString("base64url"); const res = NextResponse.json({ ok: true }); res.cookies.set(COOKIE_NAME, encoded, { domain: AUTH_COOKIE_DOMAIN, path: "/", maxAge: COOKIE_MAX_AGE, secure: process.env.NODE_ENV === "production", sameSite: "lax", httpOnly: true, }); return res; }