38 lines
892 B
JavaScript
38 lines
892 B
JavaScript
import { getUserFromToken, readUsers } from '../../../utils/auth.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const token = getCookie(event, 'auth_token')
|
|
const currentUser = await getUserFromToken(token)
|
|
|
|
if (!currentUser || (currentUser.role !== 'admin' && currentUser.role !== 'vorstand')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Zugriff verweigert'
|
|
})
|
|
}
|
|
|
|
const users = await readUsers()
|
|
|
|
// Return users without passwords
|
|
const safeUsers = users.map(u => ({
|
|
id: u.id,
|
|
email: u.email,
|
|
name: u.name,
|
|
role: u.role,
|
|
phone: u.phone || '',
|
|
active: u.active,
|
|
created: u.created,
|
|
lastLogin: u.lastLogin
|
|
}))
|
|
|
|
return {
|
|
users: safeUsers
|
|
}
|
|
} catch (error) {
|
|
console.error('Fehler beim Laden der Benutzer:', error)
|
|
throw error
|
|
}
|
|
})
|
|
|