mirror of
https://github.com/lordmathis/lemma.git
synced 2025-12-24 02:24:25 +00:00
92 lines
2.7 KiB
TypeScript
92 lines
2.7 KiB
TypeScript
import { refreshToken } from './auth';
|
|
|
|
/**
|
|
* Gets the CSRF token from cookies
|
|
* @returns {string} The CSRF token or an empty string if not found
|
|
*/
|
|
const getCsrfToken = (): string => {
|
|
const cookies = document.cookie.split(';');
|
|
let csrfToken = '';
|
|
for (const cookie of cookies) {
|
|
const [name, value] = cookie.trim().split('=');
|
|
if (name === 'csrf_token' && value) {
|
|
csrfToken = decodeURIComponent(value);
|
|
break;
|
|
}
|
|
}
|
|
return csrfToken;
|
|
};
|
|
|
|
/**
|
|
* Makes an API call with proper cookie handling and error handling
|
|
*/
|
|
export const apiCall = async (
|
|
url: string,
|
|
options: RequestInit = {}
|
|
): Promise<Response> => {
|
|
console.debug(`Making API call to: ${url}`);
|
|
try {
|
|
// Set up headers with CSRF token for non-GET requests
|
|
const method = options.method || 'GET';
|
|
const headers: Record<string, string> = {
|
|
...(options.headers as Record<string, string>),
|
|
};
|
|
|
|
// Only set Content-Type to application/json if not already set and body is not FormData
|
|
// FormData requires the browser to set Content-Type with the boundary parameter
|
|
const isFormData = options.body instanceof FormData;
|
|
if (!headers['Content-Type'] && !isFormData) {
|
|
headers['Content-Type'] = 'application/json';
|
|
}
|
|
|
|
// Add CSRF token for non-GET methods
|
|
if (method !== 'GET') {
|
|
const csrfToken = getCsrfToken();
|
|
if (csrfToken) {
|
|
headers['X-CSRF-Token'] = csrfToken;
|
|
}
|
|
}
|
|
|
|
// For FormData, don't include Content-Type in headers - let the browser set it
|
|
const fetchHeaders = isFormData
|
|
? Object.fromEntries(
|
|
Object.entries(headers).filter(([key]) => key !== 'Content-Type')
|
|
)
|
|
: headers;
|
|
|
|
const response = await fetch(url, {
|
|
...options,
|
|
// Include credentials to send/receive cookies
|
|
credentials: 'include',
|
|
headers: fetchHeaders,
|
|
});
|
|
console.debug(`Response status: ${response.status} for URL: ${url}`);
|
|
|
|
// Handle 401 responses
|
|
if (response.status === 401) {
|
|
const isRefreshEndpoint = url.endsWith('/auth/refresh');
|
|
if (!isRefreshEndpoint) {
|
|
// Attempt token refresh and retry the request
|
|
const refreshSuccess = await refreshToken();
|
|
if (refreshSuccess) {
|
|
// Retry the original request
|
|
return apiCall(url, options);
|
|
}
|
|
}
|
|
throw new Error('Authentication failed');
|
|
}
|
|
|
|
if (!response.ok && response.status !== 204) {
|
|
const errorData = (await response.json()) as { message: string };
|
|
throw new Error(
|
|
errorData?.message || `HTTP error! status: ${response.status}`
|
|
);
|
|
}
|
|
|
|
return response;
|
|
} catch (error) {
|
|
console.error(`API call failed: ${(error as Error).message}`);
|
|
throw error;
|
|
}
|
|
};
|