ArchiTools/src/app/api/compress-pdf/unlock/route.ts

import { NextRequest, NextResponse } from "next/server";
import { requireAuth } from "../auth-check";

const STIRLING_PDF_URL = process.env.STIRLING_PDF_URL;
const STIRLING_PDF_API_KEY = process.env.STIRLING_PDF_API_KEY;

export async function POST(req: NextRequest) {
  const authErr = await requireAuth(req);
  if (authErr) return authErr;

  if (!STIRLING_PDF_URL || !STIRLING_PDF_API_KEY) {
    return NextResponse.json(
      { error: "Stirling PDF nu este configurat" },
      { status: 503 },
    );
  }

  try {
    // Stream body directly to Stirling — avoids FormData re-serialization
    // failure on large files ("Failed to parse body as FormData")
    const res = await fetch(
      `${STIRLING_PDF_URL}/api/v1/security/remove-password`,
      {
        method: "POST",
        headers: {
          "X-API-KEY": STIRLING_PDF_API_KEY,
          "Content-Type": req.headers.get("content-type") || "",
        },
        body: req.body,
        // @ts-expect-error duplex required for streaming request bodies in Node
        duplex: "half",
      },
    );

    if (!res.ok) {
      const text = await res.text().catch(() => res.statusText);
      return NextResponse.json(
        { error: `Stirling PDF error: ${res.status} — ${text}` },
        { status: res.status },
      );
    }

    const blob = await res.blob();
    const buffer = Buffer.from(await blob.arrayBuffer());

    return new NextResponse(buffer, {
      status: 200,
      headers: {
        "Content-Type": "application/pdf",
        "Content-Disposition": 'attachment; filename="unlocked.pdf"',
      },
    });
  } catch (err) {
    const message = err instanceof Error ? err.message : "Unknown error";
    return NextResponse.json(
      { error: `Nu s-a putut contacta Stirling PDF: ${message}` },
      { status: 502 },
    );
  }
}