// apps/admin/server/api/admin/lyra-generate.post.ts
//
// Proxy: leitet LLM-Generierungsrequest an das Backend weiter.
// Admin-Secret bleibt server-only (NIE im Client-Bundle).

export default defineEventHandler(async (event): Promise<{ success: boolean; content: string }> => {
  const config = useRuntimeConfig();
  const apiBase = config.public.apiBase;
  const adminSecret = config.adminSecret;

  if (!adminSecret) {
    throw createError({
      statusCode: 500,
      statusMessage: "ADMIN_SECRET nicht konfiguriert (Infisical-Var fehlt)",
    });
  }

  const body = await readBody(event).catch(() => ({}));

  try {
    return await $fetch(`${apiBase}/api/admin/lyra-generate`, {
      method: "POST",
      headers: { "x-admin-secret": adminSecret },
      body: body ?? {},
    });
  } catch (err: any) {
    throw createError({
      statusCode: err?.statusCode ?? 502,
      statusMessage:
        err?.statusMessage ?? err?.message ?? "Backend-Request fehlgeschlagen",
    });
  }
});