import { adminRejectSubmission } from "../../../../db/domains";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const adminSecret = getHeader(event, "x-admin-secret");
  if (adminSecret !== config.adminSecret) {
    throw createError({ statusCode: 401, message: "Unauthorized" });
  }
  const id = getRouterParam(event, "id");
  if (!id) throw createError({ statusCode: 400, message: "ID fehlt" });

  const body = await readBody(event).catch(() => ({}));
  await adminRejectSubmission(id, body?.note);
  return { ok: true };
});