owltide/server/api/accounts/index.get.ts

import { readAccounts } from "~/server/database"
import { requireAccountSession } from "~/server/utils/session";

export default defineEventHandler(async (event) => {
	const session = await requireAccountSession(event);
	const accounts = await readAccounts();
	const account = accounts.find(a => a.id === session.accountId);
	if (!account) {
		throw new Error("Account does not exist");
	}

	if (account.type === "admin") {
		return accounts;
	}
	if (account.type === "crew") {
		return accounts.filter(a => a.type === "crew" || a.type === "admin");
	}
	throw createError({
		status: 403,
		statusText: "Forbidden",
		message: "You do not have permission to list accounts",
	});
})