// apps/admin/server/api/domain-submissions/[id]/reject.post.ts
//
// Proxy: leitet Reject-Request inkl. optionaler note ans Backend.

export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  const apiBase = config.public.apiBase;
  const adminSecret = config.adminSecret;

  if (!adminSecret) {
    throw createError({
      statusCode: 500,
      statusMessage: "ADMIN_SECRET nicht konfiguriert",
    });
  }

  const id = getRouterParam(event, "id");
  if (!id) {
    throw createError({ statusCode: 400, statusMessage: "ID fehlt" });
  }

  const body = await readBody(event).catch(() => ({}));

  try {
    const data = await $fetch(
      `${apiBase}/api/admin/domain-submissions/${encodeURIComponent(id)}/reject`,
      {
        method: "POST",
        headers: { "x-admin-secret": adminSecret },
        body: body ?? {},
      },
    );
    return data;
  } catch (err: any) {
    throw createError({
      statusCode: err?.statusCode ?? 502,
      statusMessage:
        err?.statusMessage ?? err?.message ?? "Backend-Request fehlgeschlagen",
    });
  }
});