/**
 * GET /api/profile/me/demographics
 *
 * Returns the 9 demographic fields + 2 consent-timestamps for the current
 * user. All fields are null when not yet filled. Frontend uses this on
 * page-open to hydrate the DemographicsAccordion form.
 *
 * DSGVO note: only the authenticated user can read their own demographics.
 * Fields are never exposed in public profile endpoints.
 */
import { requireUser } from "../../../utils/auth";
import { getDemographics } from "../../../db/profile";

export default defineEventHandler(async (event) => {
  const user = await requireUser(event);
  const data = await getDemographics(user.id);
  return { success: true, data };
});