56 lines
1.2 KiB
TypeScript
56 lines
1.2 KiB
TypeScript
import { getSessionUsername } from '~/server/utils/auth'
|
|
import { getDatabase, getUserByUsername } from '~/server/utils/database'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
// Check authentication
|
|
const username = await getSessionUsername(event)
|
|
|
|
if (!username) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Unauthorized'
|
|
})
|
|
}
|
|
|
|
// Check admin role
|
|
const user = getUserByUsername(username)
|
|
|
|
if (!user || user.is_admin !== 1) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Forbidden - Admin access required'
|
|
})
|
|
}
|
|
|
|
const id = getRouterParam(event, 'id')
|
|
|
|
if (!id) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Sermon ID is required'
|
|
})
|
|
}
|
|
|
|
try {
|
|
const db = getDatabase()
|
|
const result = db.prepare('DELETE FROM sermons WHERE id = ?').run(parseInt(id))
|
|
|
|
if (result.changes === 0) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: 'Sermon not found'
|
|
})
|
|
}
|
|
|
|
return {
|
|
success: true,
|
|
message: 'Sermon deleted successfully'
|
|
}
|
|
} catch (error: any) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
message: error.message || 'Failed to delete sermon'
|
|
})
|
|
}
|
|
})
|