// apps/admin/server/api/moderation/queue.get.ts
//
// Server-side proxy: holt die Moderation-Queue (gemeldete Posts + Comments)
// vom Backend. Admin-Secret bleibt server-only.
//
// Query-Forwarding: cursor + limit werden an Backend durchgereicht.

export interface ModerationItem {
  id: string;
  type: "post" | "comment";
  content: string;
  postId: string | null;
  userId: string;
  reportedAt: string | null;
  createdAt: string;
  isDeleted: boolean;
  author: {
    id: string;
    nickname: string | null;
    avatar: string | null;
    plan: string;
  } | null;
}

export interface ModerationQueueResponse {
  items: ModerationItem[];
  nextCursor: string | null;
}

export default defineEventHandler(
  async (event): Promise<ModerationQueueResponse> => {
    const config = useRuntimeConfig();
    const apiBase = config.public.apiBase;
    const adminSecret = config.adminSecret;

    if (!adminSecret) {
      throw createError({
        statusCode: 500,
        statusMessage: "ADMIN_SECRET nicht konfiguriert (Infisical-Var fehlt)",
      });
    }

    const query = getQuery(event);

    try {
      return await $fetch<ModerationQueueResponse>(
        `${apiBase}/api/admin/moderation/queue`,
        {
          method: "GET",
          headers: { "x-admin-secret": adminSecret },
          query,
        },
      );
    } catch (err: any) {
      throw createError({
        statusCode: err?.statusCode ?? 502,
        statusMessage:
          err?.statusMessage ?? err?.message ?? "Backend-Request fehlgeschlagen",
      });
    }
  },
);