// Admin-App proxy: DELETE /api/admin/users/[id] — soft-delete (DSGVO).

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const id = getRouterParam(event, "id");
  if (!id) throw createError({ statusCode: 400, message: "User-ID fehlt" });

  return $fetch(`${config.public.apiBase}/api/admin/users/${id}`, {
    method: "DELETE",
    headers: {
      "x-admin-secret": config.adminSecret as string,
    },
  });
});