import { NextRequest, NextResponse } from 'next/server';
import { createCSRTEndpoint } from '@/lib/csrf';
import { createClient } from '@/lib/supabase/server';

/**
 * CSRF Token Endpoint
 * Generates and returns a CSRF token for authenticated users
 * This should be called after successful authentication
 */
export async function GET(request: NextRequest) {
  try {
    // Check if user is authenticated
    const supabase = await createClient();
    const { data: { user } } = await supabase.auth.getUser();
    
    if (!user) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }
    
    // Create and return CSRF token
    return createCSRTEndpoint(request);
  } catch (error) {
    console.error('CSRF token generation error:', error);
    return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
  }
}