yt/src/pages/api/login.ts

import type { APIRoute } from 'astro';
import { createSessionCookie, isLoginEnabled } from '../../lib/session';

export const POST: APIRoute = async ({ request }) => {
  // Wenn Login deaktiviert ist, weiterleiten
  if (!isLoginEnabled()) {
    return new Response(null, {
      status: 302,
      headers: {
        'Location': new URL('/download', request.url).toString(),
      },
    });
  }
  const formData = await request.formData();
  const username = formData.get('username')?.toString();
  const password = formData.get('password')?.toString();
  
  // Credentials aus Environment-Variablen
  const envUsername = import.meta.env.LOGIN_USERNAME;
  const envPassword = import.meta.env.LOGIN_PASSWORD;
  
  // Prüfe ob Credentials konfiguriert sind
  if (!envUsername || !envPassword) {
    console.error('LOGIN_USERNAME oder LOGIN_PASSWORD nicht in Environment-Variablen gesetzt!');
    return new Response(null, {
      status: 302,
      headers: {
        'Location': new URL('/', request.url).toString(),
      },
    });
  }
  
  // Authentifizierung gegen Environment-Variablen
  if (username === envUsername && password === envPassword) {
    const session = {
      username,
      loggedIn: true,
    };
    
    return new Response(null, {
      status: 302,
      headers: {
        'Location': new URL('/download', request.url).toString(),
        'Set-Cookie': createSessionCookie(session),
      },
    });
  }
  
  // Falsche Credentials
  return new Response(null, {
    status: 302,
    headers: {
      'Location': new URL('/', request.url).toString(),
    },
  });
};