import { NextResponse } from 'next/server';
import { verifyOTP } from '@/lib/otp';
import { cookies } from 'next/headers';

export async function POST(req: Request) {
  try {
    const { code } = await req.json();
    
    if (verifyOTP(code)) {
      // Set cookie
      cookies().set('auth_token', 'true', { 
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
        maxAge: 60 * 60 * 24 * 7, // 1 week
        path: '/'
      });
      return NextResponse.json({ success: true });
    }
    
    return NextResponse.json({ error: 'Invalid Code' }, { status: 401 });
  } catch (error) {
    return NextResponse.json({ error: 'Invalid Request' }, { status: 400 });
  }
}