import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
import { readContactRequests } from '../../utils/contact-requests.js'

export default defineEventHandler(async (event) => {
  const token = getCookie(event, 'auth_token')
  const currentUser = token ? await getUserFromToken(token) : null

  if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
    throw createError({
      statusCode: 403,
      statusMessage: 'Zugriff verweigert'
    })
  }

  const requests = await readContactRequests()
  return requests
})