import { getAllUsers } from '~/server/utils/database'
import { getSessionUsername } from '~/server/utils/auth'
import { getUserByUsername } from '~/server/utils/database'

export default defineEventHandler(async (event) => {
  const username = await getSessionUsername(event)
  
  if (!username) {
    throw createError({
      statusCode: 401,
      message: 'Unauthorized'
    })
  }

  const user = getUserByUsername(username)
  
  if (!user || user.is_admin !== 1) {
    throw createError({
      statusCode: 403,
      message: 'Forbidden - Admin access required'
    })
  }

  const users = getAllUsers()
  return users
})