import { NextRequest, NextResponse } from 'next/server'
import { deleteSession, SESSION_COOKIE } from '@/lib/session'

export async function POST(req: NextRequest) {
  // Aceita Bearer token (ambientes sem cookie cross-origin) ou cookie httpOnly
  const authHeader = req.headers.get('authorization')
  const bearerToken = authHeader?.startsWith('Bearer ') ? authHeader.slice(7) : null
  const token = bearerToken ?? req.cookies.get(SESSION_COOKIE)?.value

  if (token) {
    await deleteSession(token)
  }
  const response = NextResponse.json({ ok: true })
  response.cookies.set(SESSION_COOKIE, '', { maxAge: 0, path: '/' })
  return response
}