/** * API client with JWT auth for the Notify Bridge backend. */ import { goto } from '$app/navigation'; const API_BASE = '/api'; /** * Thrown when the API client decides to redirect the user to /login (after a * terminal 401). Caller-side `try/catch` blocks can branch on * `instanceof AuthRedirectError` to skip showing an "Unauthorized" snackbar * — the redirect itself is the user-visible signal. */ export class AuthRedirectError extends Error { constructor() { super('Unauthorized — redirecting to login'); this.name = 'AuthRedirectError'; } } // Module-level dedupe — a burst of concurrent requests that all get 401 (e.g. // the dashboard's parallel cache loads) should only schedule a single // `goto('/login')` instead of stacking N navigations. let _redirecting = false; /** Centralised "send the user to /login" path used by both api() and fetchAuth(). */ function redirectToLogin(): void { if (_redirecting) return; _redirecting = true; clearTokens(); if (typeof window !== 'undefined') { // SvelteKit's goto() with replaceState avoids leaving the failed page // in the back-stack (no "back-button to broken view" UX). We don't // reset `_redirecting` — the page about to unmount makes it moot. goto('/login', { replaceState: true }); } } /** Normalize a caught error to a user-safe message. */ export function errMsg(err: unknown, fallback = 'Unexpected error'): string { if (err instanceof Error && err.message) return err.message; if (typeof err === 'string' && err) return err; return fallback; } /** Structured 409 blocked-by payload attached to ApiError.blockedBy. */ export interface BlockedByDetail { message: string; entity: string; blocked_by: string[]; } export class ApiError extends Error { status: number; blockedBy?: BlockedByDetail; constructor(message: string, status: number, blockedBy?: BlockedByDetail) { super(message); this.name = 'ApiError'; this.status = status; this.blockedBy = blockedBy; } } /** Parse a server-issued datetime string as UTC (appends Z if no timezone info present). */ export function parseDate(dateStr: string): Date { if (!dateStr) return new Date(NaN); if (!/Z$|[+-]\d{2}:?\d{2}$/.test(dateStr)) return new Date(dateStr + 'Z'); return new Date(dateStr); } /** If the thrown error was a structured 409 from delete_protection, return its payload. */ export function getBlockedBy(err: unknown): BlockedByDetail | null { if (err instanceof ApiError && err.blockedBy) return err.blockedBy; return null; } function getToken(): string | null { if (typeof window === 'undefined') return null; return localStorage.getItem('access_token'); } export function setTokens(access: string, refresh: string) { localStorage.setItem('access_token', access); localStorage.setItem('refresh_token', refresh); } export function clearTokens() { localStorage.removeItem('access_token'); localStorage.removeItem('refresh_token'); } export function isAuthenticated(): boolean { return !!getToken(); } let refreshPromise: Promise | null = null; async function refreshAccessToken(): Promise { if (refreshPromise) return refreshPromise; refreshPromise = doRefreshAccessToken().finally(() => { refreshPromise = null; }); return refreshPromise; } async function doRefreshAccessToken(): Promise { if (typeof window === 'undefined') return false; const refreshToken = localStorage.getItem('refresh_token'); if (!refreshToken) return false; try { const res = await fetch(`${API_BASE}/auth/refresh`, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ refresh_token: refreshToken }) }); if (res.ok) { const data = await res.json(); setTokens(data.access_token, data.refresh_token); return true; } } catch (e) { console.warn('Token refresh failed:', e); } return false; } const DEFAULT_TIMEOUT_MS = 30_000; // Longer cap for fetchAuth — it's used for multipart uploads (backup restore) // and binary downloads where a 30s limit can cut off a legit slow upload. const DEFAULT_FETCHAUTH_TIMEOUT_MS = 120_000; export async function api( path: string, options: RequestInit & { timeoutMs?: number } = {} ): Promise { const token = getToken(); const headers: Record = { 'Content-Type': 'application/json', ...(options.headers as Record) }; if (token) { headers['Authorization'] = `Bearer ${token}`; } const { timeoutMs, ...fetchOptions } = options; const controller = new AbortController(); const timeout = setTimeout(() => controller.abort(), timeoutMs ?? DEFAULT_TIMEOUT_MS); const signal = options.signal ?? controller.signal; try { let res = await fetch(`${API_BASE}${path}`, { ...fetchOptions, headers, signal }); // Try token refresh on 401 if (res.status === 401 && token) { const refreshed = await refreshAccessToken(); if (refreshed) { headers['Authorization'] = `Bearer ${getToken()}`; res = await fetch(`${API_BASE}${path}`, { ...fetchOptions, headers, signal }); } } if (res.status === 401 && token) { redirectToLogin(); // Tagged so the caller's catch can distinguish "we already showed // the user a redirect" from a real authorization failure they // should snackbar. throw new AuthRedirectError(); } if (res.status === 204) return undefined as T; if (!res.ok) { const err = await res.json().catch(() => ({ detail: res.statusText })); // Structured blocked-by detail (from delete_protection.raise_if_used) if (err && err.detail && typeof err.detail === 'object' && Array.isArray(err.detail.blocked_by)) { const bb: BlockedByDetail = { message: err.detail.message || `HTTP ${res.status}`, entity: err.detail.entity || '', blocked_by: err.detail.blocked_by, }; throw new ApiError(bb.message, res.status, bb); } const msg = typeof err.detail === 'string' ? err.detail : (err.detail?.message || `HTTP ${res.status}`); throw new ApiError(msg, res.status); } return res.json(); } finally { clearTimeout(timeout); } } /** * Auth-aware ``fetch`` wrapper for calls that can't go through ``api()`` — * typically multipart/form-data uploads or binary downloads where we need the * raw ``Response`` object rather than parsed JSON. * * - Injects the Bearer token automatically. * - Does NOT set ``Content-Type`` (the caller's body — e.g. ``FormData`` — * decides the encoding; browsers add the boundary). * - Attempts a one-shot token refresh on 401, matching ``api()``. * - Translates non-OK responses to ``ApiError`` so callers can use the same * ``getBlockedBy`` / ``err.message`` handling pattern. */ export async function fetchAuth( path: string, options: RequestInit & { timeoutMs?: number } = {}, ): Promise { const token = getToken(); const headers: Record = { ...(options.headers as Record) }; if (token) headers['Authorization'] = `Bearer ${token}`; const url = path.startsWith('http') ? path : `${API_BASE}${path}`; // Abort after timeout so uploads/downloads don't hang indefinitely if // the backend stops responding. Callers can override per-request via // options.timeoutMs or pass their own signal to opt out. const { timeoutMs, ...fetchOptions } = options; const controller = new AbortController(); const timeout = setTimeout( () => controller.abort(), timeoutMs ?? DEFAULT_FETCHAUTH_TIMEOUT_MS, ); const signal = options.signal ?? controller.signal; try { let res = await fetch(url, { ...fetchOptions, headers, signal }); if (res.status === 401 && token) { const refreshed = await refreshAccessToken(); if (refreshed) { headers['Authorization'] = `Bearer ${getToken()}`; res = await fetch(url, { ...fetchOptions, headers, signal }); } } if (res.status === 401) { redirectToLogin(); throw new AuthRedirectError(); } if (!res.ok) { const err = await res.clone().json().catch(() => ({ detail: res.statusText })); if (err && err.detail && typeof err.detail === 'object' && Array.isArray(err.detail.blocked_by)) { const bb: BlockedByDetail = { message: err.detail.message || `HTTP ${res.status}`, entity: err.detail.entity || '', blocked_by: err.detail.blocked_by, }; throw new ApiError(bb.message, res.status, bb); } const msg = typeof err.detail === 'string' ? err.detail : (err.detail?.message || `HTTP ${res.status}`); throw new ApiError(msg, res.status); } return res; } finally { clearTimeout(timeout); } }