import { NextRequest, NextResponse } from 'next/server'
import { authenticateH5FromCookieHeader, getCookieHeaderFromRequest } from '@/lib/h5/auth'
import { h5Router, toIsoUtc } from '@/lib/h5/router'

export const runtime = 'nodejs'
export const dynamic = 'force-dynamic'

/**
 * 新建会话（§7.2）。
 *
 * POST /api/h5/session/new
 * 鉴权：forge_h5 cookie
 * 行为：直接新建一个空会话，旧会话保留。
 */
export async function POST(req: NextRequest): Promise<NextResponse> {
  const auth = authenticateH5FromCookieHeader(getCookieHeaderFromRequest(req))
  if (!auth) {
    return NextResponse.json({ error: 'Session expired' }, { status: 401 })
  }

  const { page, payload } = auth
  const session = h5Router.createSession(page, payload.externalUserId, payload.name)

  return NextResponse.json({
    id: session.id,
    title: session.title,
    updatedAt: toIsoUtc(session.updatedAt),
  })
}
