import { NextResponse } from "next/server"

const ACCESS_CODE = process.env.ACCESS_CODE || "42069"

export async function POST(request: Request) {
  const { code } = await request.json()

  if (code !== ACCESS_CODE) {
    return NextResponse.json({ error: "Invalid code" }, { status: 401 })
  }

  const response = NextResponse.json({ success: true })
  response.cookies.set("jefflix-access", "granted", {
    httpOnly: true,
    secure: true,
    sameSite: "lax",
    maxAge: 60 * 60 * 24 * 365, // 1 year
    path: "/",
  })

  return response
}