// backend/server/api/admin/moderation/[id]/ban-user.post.ts
//
// POST /api/admin/moderation/[id]/ban-user
// Body: { type: "post" | "comment", reason?: string }
//
// Bant den Author des gemeldeten Items (Profile.banned=true). Reuses denselben
// Patch-Pattern wie /api/admin/users/[id] (siehe db/adminUsers.ts updateAdminUser).
// Schreibt audit-log "ban_user" inkl. content-snapshot.

import { banUserFromModerationItem } from "../../../../db/moderation";

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const secret = getHeader(event, "x-admin-secret");
  if (!config.adminSecret || secret !== config.adminSecret) {
    throw createError({ statusCode: 401, message: "Unauthorized" });
  }

  const id = getRouterParam(event, "id");
  if (!id) throw createError({ statusCode: 400, message: "ID fehlt" });

  const body = (await readBody(event).catch(() => ({}))) as {
    type?: string;
    reason?: string;
    adminUserId?: string;
  };

  const type = body?.type === "comment" ? "comment" : "post";
  return banUserFromModerationItem(
    type,
    id,
    body?.adminUserId ?? null,
    body?.reason ?? null,
  );
});