import { NextRequest, NextResponse } from 'next/server' /** * Proxy for the parent-side school-service endpoints. Mirrors the school * proxy but forwards the parent-session cookie via Set-Cookie/Cookie * headers so HttpOnly survives the round-trip. */ const BACKEND_URL = process.env.SCHOOL_SERVICE_URL || 'http://school-service:8084' async function proxy(request: NextRequest, params: { path: string[] }): Promise { const path = params.path.join('/') const url = `${BACKEND_URL}/api/v1/parent/${path}${request.nextUrl.search}` const headers: HeadersInit = { 'Content-Type': 'application/json' } const cookie = request.headers.get('cookie') if (cookie) headers['Cookie'] = cookie const init: RequestInit = { method: request.method, headers } if (['POST', 'PUT', 'PATCH'].includes(request.method)) { init.body = await request.text() } try { const upstream = await fetch(url, init) const body = await upstream.text() const res = new NextResponse(body, { status: upstream.status, headers: { 'Content-Type': upstream.headers.get('content-type') || 'application/json' }, }) // Mirror Set-Cookie back so the browser stores the parent session. const setCookie = upstream.headers.get('set-cookie') if (setCookie) res.headers.set('Set-Cookie', setCookie) return res } catch (error) { return NextResponse.json( { error: 'school-service nicht erreichbar', details: error instanceof Error ? error.message : 'Unknown error' }, { status: 502 }, ) } } export async function GET(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) } export async function POST(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) } export async function PUT(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) } export async function DELETE(req: NextRequest, ctx: { params: Promise<{ path: string[] }> }) { return proxy(req, await ctx.params) }