import { createError, getRequestHeader } from 'h3'

import { requireAuthContext } from '../utils/require-auth'

/**
 * Exemplo de orquestração A -> B.
 * Reaproveita o mesmo Authorization para chamar `/profile/me`.
 */
export default defineEventHandler(async (event) => {
  const auth = requireAuthContext(event)

  const authorization = getRequestHeader(event, 'authorization')

  if (!authorization) {
    throw createError({ statusCode: 401, statusMessage: 'Missing Authorization header' })
  }

  const profileFromService = await $fetch('/profile/me', {
    headers: {
      Authorization: authorization
    }
  })

  return {
    sub_from_api_a: auth.id,
    sub_from_api_b: profileFromService.id,
    same_subject: profileFromService.id === auth.id,
    profile: profileFromService
  }
})