Initial commit

app/api/auth/login/route.ts

@@ -0,0 +1,46 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuth, signInWithEmailAndPassword } from 'firebase/auth';
+import { app } from '@/lib/firebase';
+
+export async function POST(request: NextRequest) {
+  try {
+    const { email, password } = await request.json();
+
+    if (!email || !password) {
+      return NextResponse.json(
+        { error: 'Missing email or password' },
+        { status: 400 }
+      );
+    }
+
+    const auth = getAuth(app);
+
+    const userCredential = await signInWithEmailAndPassword(auth, email, password);
+    const user = userCredential.user;
+
+    return NextResponse.json(
+      {
+        user: {
+          uid: user.uid,
+          email: user.email,
+          name: user.displayName,
+        },
+      },
+      { status: 200 }
+    );
+  } catch (error: any) {
+    console.error('Login error:', error);
+
+    let message = 'Login failed';
+
+    if (error?.code === 'auth/user-not-found') {
+      message = 'No user found with that email';
+    } else if (error?.code === 'auth/wrong-password') {
+      message = 'Incorrect password';
+    } else if (error?.code === 'auth/invalid-credential') {
+      message = 'Invalid credentials';
+    }
+
+    return NextResponse.json({ error: message }, { status: 400 });
+  }
+}

app/api/auth/me/route.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export async function GET(_request: NextRequest) {
+  // MVP placeholder: always "not authenticated"
+  // Later we will read a token (cookie/header) and return the real user.
+  return NextResponse.json(
+    {
+      user: null,
+      isAuthenticated: false,
+    },
+    { status: 200 }
+  );
+}

app/api/auth/register/route.ts

@@ -0,0 +1,48 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuth, createUserWithEmailAndPassword, updateProfile } from 'firebase/auth';
+import { app } from '@/lib/firebase';
+
+export async function POST(request: NextRequest) {
+  try {
+    const { email, password, name } = await request.json();
+
+    if (!email || !password || !name) {
+      return NextResponse.json(
+        { error: 'Missing email, password or name' },
+        { status: 400 }
+      );
+    }
+
+    const auth = getAuth(app);
+
+    const userCredential = await createUserWithEmailAndPassword(auth, email, password);
+
+    if (auth.currentUser) {
+      await updateProfile(auth.currentUser, { displayName: name });
+    }
+
+    const user = userCredential.user;
+
+    // Firebase client SDK already keeps the session via cookies/local storage on client.
+    // For MVP, we just return basic user info.
+    return NextResponse.json(
+      {
+        user: {
+          uid: user.uid,
+          email: user.email,
+          name: user.displayName,
+        },
+      },
+      { status: 201 }
+    );
+  } catch (error: any) {
+    console.error('Register error:', error);
+
+    const message =
+      error?.code === 'auth/email-already-in-use'
+        ? 'Email already in use'
+        : 'Registration failed';
+
+    return NextResponse.json({ error: message }, { status: 400 });
+  }
+}