postcast-tool/app/api/auth/login/route.js

import { NextResponse } from 'next/server';
import bcrypt from 'bcryptjs';
import { q } from '@/lib/db';
import { getSession } from '@/lib/session';

export async function POST(req) {
  const { email, password, mode = 'login' } = await req.json();
  if (!email || !password) {
    return NextResponse.json({ error: 'email и password обязательны' }, { status: 400 });
  }

  if (mode === 'register') {
    const exists = await q(`SELECT id FROM users WHERE email=$1`, [email]);
    if (exists.rows.length) {
      return NextResponse.json({ error: 'Пользователь уже существует' }, { status: 400 });
    }
    const hash = await bcrypt.hash(password, 10);
    const { rows } = await q(
      `INSERT INTO users (email,password) VALUES ($1,$2) RETURNING id,email,name,is_admin`,
      [email, hash]
    );
    const user = rows[0];
    const s = await getSession();
    s.userId = user.id;
    s.email = user.email;
    s.isAdmin = !!user.is_admin;
    await s.save();
    return NextResponse.json({ ok: true, user });
  }

  // login
  const { rows } = await q(
    `SELECT id,email,password,name,is_admin FROM users WHERE email=$1`,
    [email]
  );
  if (!rows.length) {
    return NextResponse.json({ error: 'Неверный email или пароль' }, { status: 401 });
  }
  const user = rows[0];
  const ok = await bcrypt.compare(password, user.password);
  if (!ok) {
    return NextResponse.json({ error: 'Неверный email или пароль' }, { status: 401 });
  }
  const s = await getSession();
  s.userId = user.id;
  s.email = user.email;
  s.name = user.name;
  s.isAdmin = !!user.is_admin;
  await s.save();
  return NextResponse.json({
    ok: true,
    user: { id: user.id, email: user.email, name: user.name, isAdmin: !!user.is_admin },
  });
}