import { NextRequest, NextResponse } from 'next/server';
import { logger } from '@/lib/logger';
import { createCSRFEndpoint } from '@/lib/csrf';
import { HTTP_STATUS_INTERNAL_SERVER_ERROR } from '@/lib/constants';

export const dynamic = 'force-dynamic';

/**
 * CSRF Token Endpoint
 * Generates and returns a CSRF token via double-submit cookie pattern.
 * No authentication required — CSRF protection works by matching a cookie
 * to a header, not by checking auth. Must be accessible pre-login/signup
 * so that subsequent API calls can include the token.
 */
export async function GET(request: NextRequest) {
  try {
    return createCSRFEndpoint(request);
  } catch (error) {
    logger.error('CSRF token generation error:', error);
    return NextResponse.json({ error: 'Internal server error' }, { status: HTTP_STATUS_INTERNAL_SERVER_ERROR });
  }
}