import { NextRequest, NextResponse } from "next/server"; import { getPocketBaseConfig, SITE_ID } from "@/config/services.config"; import { getAdminToken } from "@/app/lib/pocketbase/admin"; import { COOKIE_NAME, COOKIE_MAX_AGE } from "@/app/lib/auth-cookie"; async function checkVip(userId: string): Promise { try { const token = await getAdminToken(); if (!token) return false; const pb = getPocketBaseConfig(); const filter = `user_id = "${userId}" && site_id = "${SITE_ID}"`; const res = await fetch( `${pb.url}/api/collections/site_vip/records?filter=${encodeURIComponent(filter)}&perPage=1`, { headers: { Authorization: `Bearer ${token}` }, cache: "no-store" } ); if (!res.ok) return false; const data = await res.json(); const items = data?.items ?? []; const record = items[0]; if (!record) return false; const now = new Date().toISOString(); const isExpired = record?.expires_at && record.expires_at < now; return !isExpired; } catch { return false; } } export async function GET(request: NextRequest) { const cookie = request.cookies.get(COOKIE_NAME)?.value; if (!cookie) { return NextResponse.json({ ok: true, user: null }); } try { const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8")); const { token, userId, email } = payload; if (!token || !userId) return NextResponse.json({ ok: true, user: null }); const pb = getPocketBaseConfig(); const res = await fetch(`${pb.url}/api/collections/${pb.usersCollection}/auth-refresh`, { method: "POST", headers: { Authorization: `Bearer ${token}` }, cache: "no-store", }); if (!res.ok) { const r = NextResponse.json({ ok: true, user: null }); r.cookies.set(COOKIE_NAME, "", { path: "/", maxAge: 0 }); return r; } const data = await res.json(); const newToken = data.token; const newRecord = data.record; if (newToken && newRecord?.id) { const newPayload = JSON.stringify({ token: newToken, userId: newRecord.id, email: newRecord.email ?? email, }); const encoded = Buffer.from(newPayload, "utf-8").toString("base64url"); const vip = await checkVip(newRecord.id); const r = NextResponse.json({ ok: true, user: { id: newRecord.id, email: newRecord.email ?? email, vip }, token: newToken, }); r.cookies.set(COOKIE_NAME, encoded, { path: "/", maxAge: COOKIE_MAX_AGE, secure: process.env.NODE_ENV === "production", sameSite: "lax", httpOnly: true, }); return r; } const uid = data.record?.id ?? userId; const vip = uid ? await checkVip(uid) : false; return NextResponse.json({ ok: true, user: { id: uid, email: data.record?.email ?? email, vip }, token: data.token, }); } catch { return NextResponse.json({ ok: true, user: null }); } }