import { d as defineEventHandler, g as getCookie, c as createError, r as readBody } from '../../../../nitro/nitro.mjs';
import { a as getUserFromToken, r as readUsers, w as writeUsers } from '../../../../_/auth.mjs';
import 'node:http';
import 'node:https';
import 'node:events';
import 'node:buffer';
import 'node:fs';
import 'node:path';
import 'node:crypto';
import 'node:url';
import 'bcryptjs';
import 'jsonwebtoken';
import 'fs';
import 'path';
import '../../../../_/encryption.mjs';
import 'crypto';

const updateRole_post = defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, "auth_token");
    const currentUser = await getUserFromToken(token);
    if (!currentUser || currentUser.role !== "admin" && currentUser.role !== "vorstand") {
      throw createError({
        statusCode: 403,
        message: "Zugriff verweigert"
      });
    }
    const body = await readBody(event);
    const { userId, role } = body;
    if (!["mitglied", "vorstand", "admin"].includes(role)) {
      throw createError({
        statusCode: 400,
        message: "Ung\xFCltige Rolle"
      });
    }
    const users = await readUsers();
    const user = users.find((u) => u.id === userId);
    if (!user) {
      throw createError({
        statusCode: 404,
        message: "Benutzer nicht gefunden"
      });
    }
    user.role = role;
    const updatedUsers = users.map((u) => u.id === userId ? user : u);
    await writeUsers(updatedUsers);
    return {
      success: true,
      message: "Rolle wurde aktualisiert"
    };
  } catch (error) {
    console.error("Fehler beim Aktualisieren der Rolle:", error);
    throw error;
  }
});

export { updateRole_post as default };
//# sourceMappingURL=update-role.post.mjs.map