qms/pages/api/auth/me.ts

import type { NextApiRequest, NextApiResponse } from 'next'
import { prisma } from '@/lib/prisma'
import { getSessionUser, SESSION_COOKIE } from '@/lib/auth'

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  if (req.method === 'GET') {
    const user = await getSessionUser(req)
    if (!user) return res.status(401).json({ user: null })
    const { password: _pw, ...safe } = user
    return res.json({ user: safe })
  }

  if (req.method === 'DELETE') {
    const token = req.cookies[SESSION_COOKIE]
    if (token) {
      await prisma.session.deleteMany({ where: { token } })
    }
    res.setHeader('Set-Cookie', `${SESSION_COOKIE}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0`)
    return res.json({ ok: true })
  }

  res.status(405).end()
}