app/api/auth/login/route.js

import { NextResponse } from 'next/server';
import crypto from 'crypto';

/**
 * GET /api/auth/login
 * Redirects user to HuggingFace OAuth authorize URL.
 */
export async function GET(request) {
    const clientId = process.env.OAUTH_CLIENT_ID;
    if (!clientId) {
        return NextResponse.json(
            { error: 'OAuth not configured (missing OAUTH_CLIENT_ID). Set hf_oauth: true in Space metadata.' },
            { status: 500 }
        );
    }

    // Build redirect URI
    const host = process.env.SPACE_HOST
        ? `https://${process.env.SPACE_HOST}`
        : 'http://localhost:3000';
    const redirectUri = `${host}/api/auth/callback`;

    const state = crypto.randomBytes(16).toString('hex');

    const params = new URLSearchParams({
        client_id: clientId,
        redirect_uri: redirectUri,
        scope: 'openid profile',
        response_type: 'code',
        state,
    });

    const authorizeUrl = `https://huggingface.co/oauth/authorize?${params.toString()}`;
    return NextResponse.redirect(authorizeUrl);
}