167 lines
5.5 KiB
TypeScript
167 lines
5.5 KiB
TypeScript
import type { ApiEnvelope } from "@/uhm/types/api";
|
|
import { API_ENDPOINTS } from "@/uhm/api/config";
|
|
|
|
export class ApiError extends Error {
|
|
status: number;
|
|
body: string;
|
|
errors: unknown[];
|
|
|
|
constructor(message: string, status: number, body: string, errors: unknown[] = []) {
|
|
super(message);
|
|
this.name = "ApiError";
|
|
this.status = status;
|
|
this.body = body;
|
|
this.errors = errors;
|
|
}
|
|
}
|
|
|
|
// BackEndGo auth flow: cookie-based (httpOnly access_token/refresh_token).
|
|
// We intentionally do not store bearer tokens in localStorage in this FE.
|
|
|
|
type RequestJsonOptions = {
|
|
skipAuth?: boolean;
|
|
skipRefresh?: boolean;
|
|
};
|
|
|
|
export async function requestJson<T>(
|
|
input: RequestInfo | URL,
|
|
init?: RequestInit,
|
|
options?: RequestJsonOptions
|
|
): Promise<T> {
|
|
return requestJsonInternal<T>(input, init, options);
|
|
}
|
|
|
|
export function jsonRequestInit(method: string, body: unknown): RequestInit {
|
|
return {
|
|
method,
|
|
headers: { "Content-Type": "application/json" },
|
|
body: JSON.stringify(body),
|
|
};
|
|
}
|
|
|
|
async function requestJsonInternal<T>(
|
|
input: RequestInfo | URL,
|
|
init?: RequestInit,
|
|
options?: RequestJsonOptions
|
|
): Promise<T> {
|
|
const nextInit = withAuthHeaders(init, options);
|
|
let res: Response;
|
|
try {
|
|
res = await fetch(input, nextInit);
|
|
} catch (err) {
|
|
// Browser "TypeError: Failed to fetch" typically means:
|
|
// - CORS blocked (common when using 127.0.0.1 instead of localhost in dev),
|
|
// - DNS/TLS/network error,
|
|
// - request blocked by the browser.
|
|
const origin = typeof window !== "undefined" ? window.location.origin : "<server>";
|
|
const url = typeof input === "string" ? input : String(input);
|
|
const details = { origin, url, apiBase: API_ENDPOINTS.projects.split("/projects")[0] };
|
|
throw new ApiError("Network error (failed to fetch)", 0, stringifyPayload(details));
|
|
}
|
|
|
|
// One-shot refresh + retry for protected endpoints.
|
|
if (
|
|
res.status === 401 &&
|
|
!options?.skipRefresh &&
|
|
!options?.skipAuth &&
|
|
typeof input === "string" &&
|
|
!String(input).includes("/auth/")
|
|
) {
|
|
const refreshed = await tryRefreshTokens();
|
|
if (refreshed) {
|
|
return requestJsonInternal<T>(input, init, { ...(options || {}), skipRefresh: true });
|
|
}
|
|
}
|
|
|
|
const payload = await parseJsonResponse(res);
|
|
const envelope = isApiEnvelopeLike<T>(payload) ? payload : null;
|
|
|
|
if (!res.ok) {
|
|
const message = extractErrorMessage(payload, envelope) || `Request failed with status ${res.status}`;
|
|
const body = envelope ? stringifyPayload(envelope) : stringifyPayload(payload);
|
|
const errors = envelope?.errors ? normalizeErrors(envelope.errors) : [];
|
|
throw new ApiError(message, res.status, body, errors);
|
|
}
|
|
|
|
if (envelope) {
|
|
const isError =
|
|
envelope.status === false ||
|
|
envelope.status === "error";
|
|
if (isError) {
|
|
const message = extractErrorMessage(payload, envelope) || "Request failed";
|
|
throw new ApiError(message, res.status, stringifyPayload(envelope), normalizeErrors(envelope.errors));
|
|
}
|
|
return (envelope.data ?? null) as T;
|
|
}
|
|
|
|
return payload as T;
|
|
}
|
|
|
|
async function parseJsonResponse(res: Response): Promise<unknown> {
|
|
const text = await res.text();
|
|
if (!text.length) return null;
|
|
try {
|
|
return JSON.parse(text);
|
|
} catch {
|
|
return text;
|
|
}
|
|
}
|
|
|
|
function isApiEnvelopeLike<T>(value: unknown): value is ApiEnvelope<T> {
|
|
if (!value || typeof value !== "object" || Array.isArray(value)) return false;
|
|
const source = value as Record<string, unknown>;
|
|
return "status" in source && ("data" in source || "message" in source || "errors" in source);
|
|
}
|
|
|
|
function normalizeErrors(value: unknown): unknown[] {
|
|
if (value == null) return [];
|
|
if (Array.isArray(value)) return value;
|
|
return [value];
|
|
}
|
|
|
|
function extractErrorMessage(payload: unknown, envelope: ApiEnvelope<unknown> | null): string | null {
|
|
const msg =
|
|
(typeof envelope?.message === "string" && envelope.message.trim()) ||
|
|
(typeof (payload as any)?.message === "string" && String((payload as any).message).trim());
|
|
if (msg) return msg;
|
|
const errors = envelope?.errors ?? (payload as any)?.errors;
|
|
if (typeof errors === "string" && errors.trim()) return errors.trim();
|
|
if (Array.isArray(errors) && typeof errors[0] === "string") return errors[0];
|
|
return null;
|
|
}
|
|
|
|
function stringifyPayload(payload: unknown): string {
|
|
if (typeof payload === "string") return payload;
|
|
try {
|
|
return JSON.stringify(payload);
|
|
} catch {
|
|
return String(payload);
|
|
}
|
|
}
|
|
|
|
function withAuthHeaders(init: RequestInit | undefined, options?: RequestJsonOptions): RequestInit | undefined {
|
|
const baseInit: RequestInit = {
|
|
...init,
|
|
// Always include cookies (BackEndGo sets httpOnly access_token/refresh_token cookies).
|
|
credentials: init?.credentials ?? "include",
|
|
};
|
|
|
|
// Cookie-based auth only.
|
|
// Keep the function so call sites don't change, but never inject Authorization headers.
|
|
if (options?.skipAuth) return baseInit;
|
|
return baseInit;
|
|
}
|
|
|
|
async function tryRefreshTokens(): Promise<boolean> {
|
|
try {
|
|
await requestJson(
|
|
API_ENDPOINTS.authRefresh,
|
|
{ method: "POST" },
|
|
{ skipAuth: true, skipRefresh: true }
|
|
);
|
|
return true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
}
|