/**
 * Protected API Endpoint
 * Requires authentication - returns user-specific data
 */
export default defineEventHandler(async (event) => {
  const session = await requireUserSession(event)

  return {
    message: 'Datos protegidos del usuario',
    user: (session.user as any).username,
    data: {
      lotes: [],
      permissions: (session.user as any).groups || []
    },
    timestamp: new Date().toISOString()
  }
})