// Admin-App proxy: PATCH /api/admin/users/[id]
// Forwards body 1:1 ans Backend mit x-admin-secret.

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const id = getRouterParam(event, "id");
  if (!id) throw createError({ statusCode: 400, message: "User-ID fehlt" });

  const body = await readBody(event).catch(() => ({}));

  return $fetch(`${config.public.apiBase}/api/admin/users/${id}`, {
    method: "PATCH",
    headers: {
      "x-admin-secret": config.adminSecret as string,
      "content-type": "application/json",
    },
    body,
  });
});