56 lines
1.9 KiB
TypeScript
56 lines
1.9 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
||
import { db } from '@/lib/db';
|
||
import { cookies } from 'next/headers';
|
||
|
||
export async function POST(req: NextRequest) {
|
||
try {
|
||
const { identifier, apiKey } = await req.json();
|
||
|
||
if (!identifier || !apiKey) {
|
||
return NextResponse.json({ error: 'Eksik bilgi.' }, { status: 400 });
|
||
}
|
||
|
||
// 1. Resolve merchant by ID or short_id
|
||
const isUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(identifier);
|
||
|
||
const queryText = isUUID
|
||
? 'SELECT * FROM merchants WHERE id = $1 LIMIT 1'
|
||
: 'SELECT * FROM merchants WHERE short_id = $1 LIMIT 1';
|
||
|
||
const result = await db.query(queryText, [identifier]);
|
||
const merchant = result.rows[0];
|
||
|
||
if (!merchant) {
|
||
return NextResponse.json({ error: 'Firma bulunamadı.' }, { status: 404 });
|
||
}
|
||
|
||
// 2. Verify API Key
|
||
if (merchant.api_key !== apiKey) {
|
||
return NextResponse.json({ error: 'Geçersiz anahtar.' }, { status: 401 });
|
||
}
|
||
|
||
// 3. Set Auth Cookie (simplified for now)
|
||
// Store the merchant ID in a cookie
|
||
const cookieStore = await cookies();
|
||
cookieStore.set(`merchant_auth_${merchant.id}`, 'true', {
|
||
httpOnly: true,
|
||
secure: process.env.NODE_ENV === 'production',
|
||
maxAge: 60 * 60 * 24, // 24 hours
|
||
path: '/',
|
||
});
|
||
|
||
// Also set a temporary short_id link if needed
|
||
if (merchant.short_id) {
|
||
cookieStore.set(`merchant_auth_${merchant.short_id}`, 'true', {
|
||
httpOnly: true,
|
||
maxAge: 60 * 60 * 24,
|
||
path: '/',
|
||
});
|
||
}
|
||
|
||
return NextResponse.json({ success: true });
|
||
} catch (err: any) {
|
||
return NextResponse.json({ error: err.message }, { status: 500 });
|
||
}
|
||
}
|