diff --git a/src/app/api/auth/login/route.ts b/src/app/api/auth/login/route.ts
index 064d78c..d1d897d 100644
--- a/src/app/api/auth/login/route.ts
+++ b/src/app/api/auth/login/route.ts
@@ -1,7 +1,11 @@
-import { NextRequest, NextResponse } from 'next/server';
+import { NextRequest, NextResponse } from "next/server";
+import bcrypt from "bcryptjs";
+import jwt from "jsonwebtoken";
 
-// Temporary in-memory user storage (replace with database)
-const users: Map<string, any> = new Map();
+const JWT_SECRET = process.env.JWT_SECRET || "your-secret-key-change-in-production";
+
+// Mock database - in production, use a real database
+const users: Array<{ id: string; name: string; email: string; passwordHash: string }> = [];
 
 export async function POST(request: NextRequest) {
   try {
@@ -10,58 +14,48 @@ export async function POST(request: NextRequest) {
     // Validation
     if (!email || !password) {
       return NextResponse.json(
-        { message: 'Email and password are required' },
+        { message: "Email e senha são obrigatórios" },
         { status: 400 }
       );
     }
 
     // Find user
-    const user = users.get(email);
+    const user = users.find((u) => u.email === email);
     if (!user) {
       return NextResponse.json(
-        { message: 'Invalid email or password' },
+        { message: "Email ou senha incorretos" },
         { status: 401 }
       );
     }
 
-    // Compare password using simple hash (not production-ready)
-    const hashedPassword = await hashPassword(password);
-    const isPasswordValid = hashedPassword === user.password;
+    // Verify password
+    const isPasswordValid = await bcrypt.compare(password, user.passwordHash);
     if (!isPasswordValid) {
       return NextResponse.json(
-        { message: 'Invalid email or password' },
+        { message: "Email ou senha incorretos" },
         { status: 401 }
       );
     }
 
-    // Create JWT-like token (simplified)
-    const token = Buffer.from(JSON.stringify({ userId: user.id, email })).toString('base64');
+    // Create JWT token
+    const token = jwt.sign(
+      { id: user.id, email: user.email, name: user.name },
+      JWT_SECRET,
+      { expiresIn: "7d" }
+    );
 
     return NextResponse.json(
       {
-        message: 'Login successful',
         token,
-        user: {
-          id: user.id,
-          name: user.name,
-          email: user.email,
-        },
+        user: { id: user.id, name: user.name, email: user.email },
       },
       { status: 200 }
     );
   } catch (error) {
+    console.error("Login error:", error);
     return NextResponse.json(
-      { message: 'Login failed' },
+      { message: "Erro ao fazer login" },
       { status: 500 }
     );
   }
-}
-
-// Simple hash function (not secure - for development only)
-async function hashPassword(password: string): Promise<string> {
-  const encoder = new TextEncoder();
-  const data = encoder.encode(password);
-  const hashBuffer = await crypto.subtle.digest('SHA-256', data);
-  const hashArray = Array.from(new Uint8Array(hashBuffer));
-  return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
-}
+}
\ No newline at end of file