import { NextRequest, NextResponse } from 'next/server';
import { doCheckAndMail } from '@/lib/mailService';

// Einfacher Shared-Secret-Schutz
const SECRET = process.env.CHECK_SECRET || '';

export async function GET(req: NextRequest) {
  if (SECRET) {
    const token = req.nextUrl.searchParams.get('secret');
    if (token !== SECRET) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }
  }
  const result = await doCheckAndMail();
  return NextResponse.json({ ok: true, result });
}