export async function onRequestPost(context) {
  const db = context.env.DB;
  const { username, password } = await context.request.json();

  if (!username || !password) {
    return new Response(JSON.stringify({ error: "Missing credentials." }), {
      status: 400,
      headers: { "Content-Type": "application/json" }
    });
  }

  try {
    const user = await db
      .prepare("SELECT * FROM users WHERE username = ? AND password = ?")
      .bind(username, password)
      .first();

    if (!user) {
      return new Response(JSON.stringify({ error: "Invalid username or password." }), {
        status: 401,
        headers: { "Content-Type": "application/json" }
      });
    }

    // Set a readable cookie across the entire site
    return new Response(JSON.stringify({ success: true }), {
      status: 200,
      headers: {
        "Set-Cookie": `auth=${username}; Path=/; Max-Age=300; SameSite=Strict`,
        "Content-Type": "application/json"
      }
    });

  } catch (err) {
    return new Response(JSON.stringify({ error: "Database error." }), {
      status: 500,
      headers: { "Content-Type": "application/json" }
    });
  }
}