// api/v1/auth.php
header('Content-Type: application/json');

$input = json_decode(file_get_contents('php://input'), true);

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    try {
        $user = db()->prepare("SELECT id, password_hash FROM users WHERE email = ?")
            ->execute([$input['email']])
            ->fetch();

        if ($user && password_verify($input['password'], $user['password_hash'])) {
            $payload = [
                'sub' => $user['id'],
                'exp' => time() + 3600 // 1 hour
            ];
            $jwt = JWT::encode($payload, APP_SECRET);
            echo json_encode(['token' => $jwt]);
        } else {
            http_response_code(401);
            echo json_encode(['error' => 'Invalid credentials']);
        }
    } catch (Exception $e) {
        http_response_code(500);
        echo json_encode(['error' => $e->getMessage()]);
    }
}