diff --git a/server/api/admin/moderation.get.ts b/server/api/admin/moderation.get.ts
new file mode 100644
index 000000000..1400038de
--- /dev/null
+++ b/server/api/admin/moderation.get.ts
@@ -0,0 +1,30 @@
+import fs from 'node:fs/promises';
+
+import markdownit from 'markdown-it';
+
+import { rootDir } from '~/server/paths.ts';
+
+const md = markdownit({ html: true });
+
+export default defineEventHandler(async (event) => {
+    const { isGranted } = await useAuthentication(event);
+    if (!isGranted('panel')) {
+        throw createError({
+            status: 401,
+            statusMessage: 'Unauthorised',
+        });
+    }
+
+    const dir = `${rootDir}/moderation`;
+
+    return {
+        susRegexes: (await fs.readFile(`${dir}/sus.txt`, 'utf-8'))
+            .split('\n')
+            .filter((x) => !!x && !x.startsWith('#')),
+        rulesUsers: md.render(await fs.readFile(`${dir}/rules-users.md`, 'utf-8')),
+        rulesTerminology: md.render(await fs.readFile(`${dir}/rules-terminology.md`, 'utf-8')),
+        rulesSources: md.render(await fs.readFile(`${dir}/rules-sources.md`, 'utf-8')),
+        timesheets: md.render(await fs.readFile(`${dir}/timesheets.md`, 'utf-8')),
+        expenses: md.render(await fs.readFile(`${dir}/expenses.md`, 'utf-8')),
+    };
+});
diff --git a/server/express/admin.ts b/server/express/admin.ts
index 336be6b26..fa0d5f0cd 100644
--- a/server/express/admin.ts
+++ b/server/express/admin.ts
@@ -1,7 +1,4 @@
-import fs from 'fs';
-
 import { Router } from 'express';
-import markdownit from 'markdown-it';
 import SQL from 'sql-template-strings';
 import { encodeTime, decodeTime, ulid } from 'ulid';
 
@@ -12,7 +9,6 @@ import avatar from '../avatar.ts';
 import { archiveBan, liftBan } from '../ban.ts';
 import type { Database } from '../db.ts';
 import mailer from '../mailer.ts';
-import { rootDir } from '../paths.ts';
 
 import { profilesSnapshot } from './profile.ts';
 import { loadCurrentUser } from './user.ts';
@@ -495,27 +491,6 @@ router.post('/admin/overwrite-sensitive/:username', handleErrorAsync(async (req,
     return res.json(req.body.sensitive);
 }));
 
-const md = markdownit({ html: true });
-
-router.get('/admin/moderation', handleErrorAsync(async (req, res) => {
-    if (!req.isGranted('panel')) {
-        return res.status(401).json({ error: 'Unauthorised' });
-    }
-
-    const dir = `${rootDir}/moderation`;
-
-    return res.json({
-        susRegexes: fs.readFileSync(`${dir}/sus.txt`).toString('utf-8')
-            .split('\n')
-            .filter((x) => !!x && !x.startsWith('#')),
-        rulesUsers: md.render(fs.readFileSync(`${dir}/rules-users.md`).toString('utf-8')),
-        rulesTerminology: md.render(fs.readFileSync(`${dir}/rules-terminology.md`).toString('utf-8')),
-        rulesSources: md.render(fs.readFileSync(`${dir}/rules-sources.md`).toString('utf-8')),
-        timesheets: md.render(fs.readFileSync(`${dir}/timesheets.md`).toString('utf-8')),
-        expenses: md.render(fs.readFileSync(`${dir}/expenses.md`).toString('utf-8')),
-    });
-}));
-
 router.post('/admin/set-notification-frequency', handleErrorAsync(async (req, res) => {
     if (!req.isGranted()) {
         return res.status(401).json({ error: 'Unauthorised' });