18 lines
557 B
JavaScript
18 lines
557 B
JavaScript
import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
|
|
import { readContactRequests } from '../../utils/contact-requests.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const token = getCookie(event, 'auth_token')
|
|
const currentUser = token ? await getUserFromToken(token) : null
|
|
|
|
if (!currentUser || !hasAnyRole(currentUser, 'admin', 'vorstand', 'trainer')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: 'Zugriff verweigert'
|
|
})
|
|
}
|
|
|
|
const requests = await readContactRequests()
|
|
return requests
|
|
})
|