recipe-app/frontend/app/api/products-create/route.ts

import { auth } from '../../../auth';

const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';

async function getAuthHeaders(): Promise<Record<string, string>> {
  const session = await auth();
  if (!session?.accessToken) {
    return {};
  }
  return { Authorization: `Bearer ${session.accessToken}` };
}

export async function POST(req: Request) {
  try {
    const body = await req.json();
    const { name } = body;

    if (!name || typeof name !== 'string') {
      return Response.json({ error: 'Name is required' }, { status: 400 });
    }

    const authHeaders = await getAuthHeaders();
    console.log('[products-create] Auth headers:', authHeaders ? 'YES' : 'NO');

    const res = await fetch(`${API_BASE}/api/products`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json', ...authHeaders },
      body: JSON.stringify({ name }),
    });

    if (!res.ok) {
      const e = await res.json().catch(() => ({}));
      return Response.json(
        { error: e.message ?? `HTTP ${res.status}` },
        { status: res.status },
      );
    }

    const product = await res.json();

    // Return only serializable fields
    return Response.json({
      id: product.id,
      name: product.name,
      canonicalName: product.canonicalName ?? null,
    });
  } catch (err) {
    console.error('[products-create] Error:', err);
    return Response.json(
      { error: err instanceof Error ? err.message : 'Unknown error' },
      { status: 500 },
    );
  }
}