Files
nat-as-server/website/js/api.js
2026-06-01 22:46:48 +02:00

103 lines
3.3 KiB
JavaScript

const API_BASE = '../api';
function getToken() {
return localStorage.getItem('qdb_token');
}
async function apiFetch(endpoint, options = {}) {
const token = getToken();
const headers = options.headers || {};
headers['X-QDB-Client'] = 'web';
if (token) headers['Authorization'] = `Bearer ${token}`;
if (!(options.body instanceof FormData)) {
headers['Content-Type'] = 'application/json; charset=UTF-8';
}
// Strip .php suffix for clean URLs
const cleanEndpoint = endpoint.replace(/\.php(\?|$)/, '$1');
const res = await fetch(`${API_BASE}/${cleanEndpoint}`, { ...options, headers });
if (res.status === 401 || res.status === 403) {
const json = await res.json().catch(() => ({}));
const errMsg = json.error?.message || json.error || '';
if (res.status === 401 || errMsg === 'Invalid or expired token') {
localStorage.removeItem('qdb_token');
localStorage.removeItem('qdb_user');
localStorage.removeItem('qdb_role');
window.location.hash = '#/login';
throw new Error('Session expired');
}
throw new Error(errMsg || 'Permission denied');
}
return res;
}
/**
* Unwrap the unified response envelope:
* {"ok": true, "data": ...} -> returns { success: true, ...data }
* {"ok": false, "error": ...} -> returns { success: false, error: message }
* Also supports legacy format for backward compat.
*/
function unwrap(json) {
if (typeof json.ok === 'boolean') {
if (json.ok) {
const d = json.data || {};
return { success: true, ...(Array.isArray(d) ? { items: d } : d) };
}
return { success: false, error: json.error?.message || 'Unknown error' };
}
return json;
}
export async function apiGet(endpoint) {
const res = await apiFetch(endpoint);
return unwrap(await res.json());
}
export async function apiPost(endpoint, body) {
const res = await apiFetch(endpoint, {
method: 'POST',
body: JSON.stringify(body),
});
return unwrap(await res.json());
}
export async function apiPut(endpoint, body) {
const res = await apiFetch(endpoint, {
method: 'PUT',
body: JSON.stringify(body),
});
return unwrap(await res.json());
}
export async function apiPatch(endpoint, body) {
const res = await apiFetch(endpoint, {
method: 'PATCH',
body: JSON.stringify(body),
});
return unwrap(await res.json());
}
export async function apiDelete(endpoint, body) {
const res = await apiFetch(endpoint, {
method: 'DELETE',
body: JSON.stringify(body),
});
return unwrap(await res.json());
}
export function apiDownloadUrl(endpoint) {
const token = getToken();
const cleanEndpoint = endpoint.replace(/\.php(\?|$)/, '$1');
return `${API_BASE}/${cleanEndpoint}${cleanEndpoint.includes('?') ? '&' : '?'}token=${encodeURIComponent(token)}`;
}
/** Authenticated file/download fetch (marks request as website for activity logging). */
export async function apiDownloadFetch(url, options = {}) {
const token = getToken();
const headers = { ...(options.headers || {}), 'X-QDB-Client': 'web' };
if (token) headers['Authorization'] = `Bearer ${token}`;
return fetch(url, { ...options, headers });
}