// backend/server/api/admin/moderation/[id]/delete.post.ts
//
// POST /api/admin/moderation/[id]/delete
// Body: { type: "post" | "comment", reason?: string }
//
// Soft-Delete: content="", isDeleted=true. Original-Content + reporter-info
// bleiben in moderation_actions (audit-log, DSGVO Art. 17 erlaubt audit-trail).

import { deleteModerationItem } from "../../../../db/moderation";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const secret = getHeader(event, "x-admin-secret");
  if (!config.adminSecret || secret !== config.adminSecret) {
    throw createError({ statusCode: 401, message: "Unauthorized" });
  }

  const id = getRouterParam(event, "id");
  if (!id) throw createError({ statusCode: 400, message: "ID fehlt" });

  const body = (await readBody(event).catch(() => ({}))) as {
    type?: string;
    reason?: string;
    adminUserId?: string;
  };

  const type = body?.type === "comment" ? "comment" : "post";
  return deleteModerationItem(
    type,
    id,
    body?.adminUserId ?? null,
    body?.reason ?? null,
  );
});