// backend/server/api/admin/moderation/queue.get.ts
//
// GET /api/admin/moderation/queue
// Liste aller gemeldeten Posts + Comments (isModerated=true).
//
// Query-Params:
//   - cursor (optional): "{type}:{id}" opaker String, vom letzten Response übernehmen
//   - limit  (optional): default 50, max 100
//
// Auth: x-admin-secret-Header (analog stats.get.ts / domain-submissions).

import { listModerationQueue } from "../../../db/moderation";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const secret = getHeader(event, "x-admin-secret");
  if (!config.adminSecret || secret !== config.adminSecret) {
    throw createError({ statusCode: 401, message: "Unauthorized" });
  }

  const query = getQuery(event);
  const cursor =
    typeof query.cursor === "string" && query.cursor.length > 0
      ? query.cursor
      : undefined;
  const limitRaw = query.limit;
  const limit =
    typeof limitRaw === "string" || typeof limitRaw === "number"
      ? Number.parseInt(String(limitRaw), 10)
      : undefined;

  return listModerationQueue({
    cursor,
    limit: Number.isFinite(limit) ? limit : undefined,
  });
});