import { NextResponse } from 'next/server';
import { auth } from '../../../auth';

export async function GET() {
  const session = await auth();
  if ((session?.user as any)?.role !== 'admin') {
    return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
  }

  const key = process.env.MISTRAL_API_KEY ?? '';
  const keyHint = key.length >= 4 ? key.slice(-4) : '????';
  const hasKey = key.length > 0;

  return NextResponse.json({ keyHint, hasKey });
}