/**
 * DELETE /api/users/me/push-token?token=ExponentPushToken[xxx]
 *
 * Client deregistriert Token (Logout, Permission-Revoke, App-Uninstall-Cleanup).
 * Wir setzen `enabled = false` statt zu löschen — Audit-Trail bleibt erhalten.
 */
import { requireUser } from "../../../utils/auth";
import { usePrisma } from "../../../utils/prisma";

export default defineEventHandler(async (event) => {
  const user = await requireUser(event);
  const query = getQuery(event);
  const token = typeof query.token === "string" ? query.token : "";

  if (!token) {
    throw createError({
      statusCode: 400,
      data: { error: "MISSING_TOKEN" },
    });
  }

  const db = usePrisma();
  await db.pushToken.updateMany({
    where: { token, userId: user.id },
    data: { enabled: false },
  });

  return { success: true, data: { ok: true } };
});