Feat: Add complete auth system (Login, Register, OTP/2FA via Telegram, Session management)

app/api/auth/login/route.ts

@@ -0,0 +1,54 @@
+import { NextResponse } from 'next/server';
+import { findUser, verifyPassword, createSession } from '@/lib/auth';
+import { generateOTP } from '@/lib/otp';
+import TelegramBot from 'node-telegram-bot-api';
+
+const BOT_TOKEN = process.env.TELEGRAM_BOT_TOKEN;
+
+async function sendTelegramOTP(chatId: string, otp: string) {
+  if (!BOT_TOKEN) return false;
+  try {
+    const bot = new TelegramBot(BOT_TOKEN, { polling: false });
+    await bot.sendMessage(chatId, `🔐 *Código de Acceso Finanzas*\n\nTu código es: \`${otp}\`\n\nSi no intentaste ingresar, ignora este mensaje.`, { parse_mode: 'Markdown' });
+    return true;
+  } catch (e) {
+    console.error('Telegram send error:', e);
+    return false;
+  }
+}
+
+export async function POST(req: Request) {
+  try {
+    const { username, password } = await req.json();
+    const ip = req.headers.get('x-forwarded-for')?.split(',')[0].trim() || 'unknown';
+
+    const user = findUser(username);
+
+    if (!user || !(await verifyPassword(password, user.passwordHash))) {
+      return NextResponse.json({ error: 'Credenciales inválidas' }, { status: 401 });
+    }
+
+    // Check IP
+    const isKnownIp = user.knownIps.includes(ip);
+
+    if (isKnownIp) {
+      // Login success directly
+      await createSession(user);
+      return NextResponse.json({ success: true, requireOtp: false });
+    } else {
+      // Require OTP
+      const otp = generateOTP(user.username);
+      
+      const sent = await sendTelegramOTP(user.chatId, otp);
+      
+      if (!sent) {
+        return NextResponse.json({ error: 'No se pudo enviar el código OTP a Telegram' }, { status: 500 });
+      }
+
+      return NextResponse.json({ success: true, requireOtp: true });
+    }
+  } catch (error) {
+    console.error('Login error:', error);
+    return NextResponse.json({ error: 'Error interno' }, { status: 500 });
+  }
+}