rebreak-monorepo/backend/server/api/devices/protected.get.ts

import { getProfile } from "../../db/profile";
import { listProtectedDevices } from "../../db/protectedDevices";

/**
 * GET /api/devices/protected
 *
 * Liste aller aktiven+pending ProtectedDevices des Users.
 * Niemals dnsToken zurückgeben — Security.
 *
 * Auth: requireUser
 */
export default defineEventHandler(async (event) => {
  const user = await requireUser(event);
  const profile = await getProfile(user.id);

  const devices = await listProtectedDevices(user.id);

  return {
    success: true,
    data: {
      devices,
      plan: profile?.plan ?? "free",
      max: 3,
      isLegend: profile?.plan === "legend",
    },
  };
});