import { NextResponse } from 'next/server';
import { requireUser } from '@/lib/session';

const ENGINE_URL    = process.env.ENGINE_URL    || 'http://127.0.0.1:3030';
const ENGINE_SECRET = process.env.ENGINE_SECRET || '';

export async function POST(req) {
  const user = await requireUser();
  if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
  const body = await req.json();
  const res = await fetch(`${ENGINE_URL}/api/billing/apply-promo`, {
    method: 'POST',
    headers: { 'Content-Type': 'application/json', 'x-internal-secret': ENGINE_SECRET, 'x-user-id': String(user.id) },
    body: JSON.stringify(body),
  });
  return NextResponse.json(await res.json(), { status: res.status });
}