export async function POST(req: Request) {
  try {
    const body = await req.json();
    // Prefer VITE_BACKEND_API_URL (frontend env) then VITE_TOKEN_SERVER_URL then BACKEND_URL / BACKEND
    const backend = process.env.VITE_BACKEND_API_URL || process.env.VITE_TOKEN_SERVER_URL || process.env.BACKEND_URL || process.env.BACKEND || '';
    if (!backend) {
      return new Response(JSON.stringify({ error: 'BACKEND_URL not configured' }), { status: 500, headers: { 'content-type': 'application/json' } });
    }

    const url = `${backend.replace(/\/$/, '')}/api/session`;
    const resp = await fetch(url, { method: 'POST', headers: { 'content-type': 'application/json' }, body: JSON.stringify(body) });
    const text = await resp.text();
    const headers = { 'content-type': 'application/json' };
    return new Response(text, { status: resp.status, headers });
  } catch (err) {
    console.error('proxy /api/session error', err);
    return new Response(JSON.stringify({ error: 'internal' }), { status: 500, headers: { 'content-type': 'application/json' } });
  }
}