import { usePrisma } from "../../utils/prisma";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const secret = getHeader(event, "x-admin-secret");
  if (!config.adminSecret || secret !== config.adminSecret) {
    throw createError({ statusCode: 401, message: "Nicht autorisiert" });
  }

  const query = getQuery(event);
  const status = query.status as string | undefined;

  const db = usePrisma();
  const items = await db.feedbackItem.findMany({
    where: status ? { status: status as any } : undefined,
    orderBy: { createdAt: "desc" },
    take: 200,
  });

  return items;
});