portaldata/app/api/auth/check/route.ts

import { NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import { jwtVerify } from 'jose';
import supabase from '@/lib/db';

export async function GET() {
  try {
    const cookieStore = await cookies();
    const token = cookieStore.get('token')?.value;

    if (!token) {
      return NextResponse.json(
        { error: 'Unauthorized', isAuthenticated: false },
        { status: 401 }
      );
    }

    // Verify JWT token
    const { payload } = await jwtVerify(
      token,
      new TextEncoder().encode(process.env.JWT_SECRET || 'your-secret-key')
    );

    // Check if token is expired
    if (payload.exp && payload.exp * 1000 < Date.now()) {
      return NextResponse.json(
        { error: 'Token expired', isAuthenticated: false },
        { status: 401 }
      );
    }

    // Get user data from user_app table
    const { data: user, error } = await supabase
      .from('user_app')
      .select('id_user, nim, username, nip, role_user')
      .eq('id_user', payload.id)
      .single();

    if (error || !user) {
      return NextResponse.json(
        { error: 'User not found', isAuthenticated: false },
        { status: 404 }
      );
    }

    return NextResponse.json({
      isAuthenticated: true,
      user: {
        id: user.id_user,
        nim: user.nim,
        username: user.username,
        nip: user.nip,
        role: user.role_user
      },
      session: {
        expiresAt: payload.exp ? new Date(payload.exp * 1000).toISOString() : null,
        issuedAt: payload.iat ? new Date(payload.iat * 1000).toISOString() : null
      }
    });
  } catch (error) {
    console.error('Auth check error:', error);
    return NextResponse.json(
      { error: 'Unauthorized', isAuthenticated: false },
      { status: 401 }
    );
  }
}

// Handle OPTIONS request for CORS
export async function OPTIONS() {
  return NextResponse.json({}, {
    headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Methods': 'GET, OPTIONS',
      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
    }
  });
}