kestrelos/server/api/live/webrtc/router-rtp-capabilities.get.js

import { requireAuth } from '../../../utils/authHelpers.js'
import { getLiveSession } from '../../../utils/liveSessions.js'
import { getRouter } from '../../../utils/mediasoup.js'

export default defineEventHandler(async (event) => {
  const user = requireAuth(event)
  const sessionId = getQuery(event).sessionId

  if (!sessionId) {
    throw createError({ statusCode: 400, message: 'sessionId required' })
  }

  const session = getLiveSession(sessionId)
  if (!session) {
    throw createError({ statusCode: 404, message: 'Session not found' })
  }

  // Only session owner or admin/leader can access
  if (session.userId !== user.id && user.role !== 'admin' && user.role !== 'leader') {
    throw createError({ statusCode: 403, message: 'Forbidden' })
  }

  const router = await getRouter(sessionId)
  return router.rtpCapabilities
})