// Single client for the Car Control API Server. The web app never talks to // PocketBase directly — only to these endpoints (proxied to the API Server in // dev via vite.config.js). // Default API base: the Vite env override, else the same-origin "/api" (proxied // to the API Server in dev). A user can override this at runtime via the login // screen's "Server settings" — stored in localStorage and used for every call. export const DEFAULT_API_BASE = import.meta.env.VITE_API_BASE || "/api"; const SERVER_KEY = "cc_server_url"; // Resolved fresh on each request so changing it takes effect without a reload. function apiBase() { return localStorage.getItem(SERVER_KEY) || DEFAULT_API_BASE; } export function getServerUrl() { return localStorage.getItem(SERVER_KEY) || ""; } // Persist a custom API base URL (trailing slashes trimmed). Empty/blank clears // the override, falling back to the default. export function setServerUrl(url) { const trimmed = (url || "").trim().replace(/\/+$/, ""); if (trimmed) localStorage.setItem(SERVER_KEY, trimmed); else localStorage.removeItem(SERVER_KEY); } export const TOKEN_KEY = "cc_token"; export const USER_KEY = "cc_user"; function authHeader() { const t = localStorage.getItem(TOKEN_KEY); return t ? { Authorization: "Bearer " + t } : {}; } async function handleResponse(res, path) { // An expired/invalid token on any non-login call ends the session. if (res.status === 401 && path !== "/auth/login") { localStorage.removeItem(TOKEN_KEY); localStorage.removeItem(USER_KEY); if (location.pathname !== "/login") location.href = "/login"; throw new Error("Session expired — please log in again."); } if (res.status === 204) return null; const text = await res.text(); const data = text ? JSON.parse(text) : null; if (!res.ok) { const msg = (data && (data.error || data.message)) || res.statusText; throw new Error(msg); } return data; } async function request(path, options = {}) { const res = await fetch(apiBase() + path, { headers: { "Content-Type": "application/json", ...authHeader(), ...(options.headers || {}) }, ...options, }); return handleResponse(res, path); } // Like request(), but for multipart/form-data bodies (file uploads) — the // browser sets its own Content-Type (with boundary), so we must not. async function requestForm(path, options = {}) { const res = await fetch(apiBase() + path, { headers: { ...authHeader() }, ...options }); return handleResponse(res, path); } // Fetches a binary response (image, export file) as a Blob, since it needs the // Authorization header — a plain or can't attach one. async function requestBlob(path) { const res = await fetch(apiBase() + path, { headers: authHeader() }); if (res.status === 401) return handleResponse(res, path); if (!res.ok) throw new Error("Request failed: " + res.statusText); const filename = (res.headers.get("Content-Disposition") || "").match(/filename="([^"]+)"/)?.[1]; return { blob: await res.blob(), filename }; } export const api = { // Auth login: (email, password) => request("/auth/login", { method: "POST", body: JSON.stringify({ email, password }) }), me: () => request("/auth/me"), // Cars listCars: () => request("/cars"), getCar: (id) => request(`/cars/${id}`), createCar: (body) => request("/cars", { method: "POST", body: JSON.stringify(body) }), updateCar: (id, body) => request(`/cars/${id}`, { method: "PATCH", body: JSON.stringify(body) }), deleteCar: (id) => request(`/cars/${id}`, { method: "DELETE" }), // Sharing (owner-only). A share grants another user read or write access. listCarShares: (carId) => request(`/cars/${carId}/shares`), addCarShare: (carId, email, permission) => request(`/cars/${carId}/shares`, { method: "POST", body: JSON.stringify({ email, permission }) }), removeCarShare: (carId, userId) => request(`/cars/${carId}/shares/${userId}`, { method: "DELETE" }), // Service records listCarServices: (carId) => request(`/cars/${carId}/service-records`), createService: (body) => request("/service-records", { method: "POST", body: JSON.stringify(body) }), updateService: (id, body) => request(`/service-records/${id}`, { method: "PATCH", body: JSON.stringify(body) }), deleteService: (id) => request(`/service-records/${id}`, { method: "DELETE" }), // Parts listCarParts: (carId) => request(`/cars/${carId}/parts`), createPart: (body) => request("/parts", { method: "POST", body: JSON.stringify(body) }), updatePart: (id, body) => request(`/parts/${id}`, { method: "PATCH", body: JSON.stringify(body) }), deletePart: (id) => request(`/parts/${id}`, { method: "DELETE" }), // Admin — user management (admin role only) listUsers: () => request("/admin/users"), createUser: (body) => request("/admin/users", { method: "POST", body: JSON.stringify(body) }), updateUser: (id, body) => request(`/admin/users/${id}`, { method: "PATCH", body: JSON.stringify(body) }), setUserPassword: (id, newPassword) => request(`/admin/users/${id}/password`, { method: "POST", body: JSON.stringify({ newPassword }) }), deleteUser: (id) => request(`/admin/users/${id}`, { method: "DELETE" }), // Settings — account/profile/appearance getMe: () => request("/me"), updateMe: (body) => request("/me", { method: "PATCH", body: JSON.stringify(body) }), changePassword: (oldPassword, newPassword) => request("/me/password", { method: "POST", body: JSON.stringify({ oldPassword, newPassword }) }), requestVerification: () => request("/me/verify/request", { method: "POST" }), uploadAvatar: (file) => { const form = new FormData(); form.append("avatar", file); return requestForm("/me/avatar", { method: "POST", body: form }); }, deleteAvatar: () => request("/me/avatar", { method: "DELETE" }), getAvatarBlob: () => requestBlob("/me/avatar"), // Settings — privacy & security (active sessions) listSessions: () => request("/sessions"), revokeSession: (id) => request(`/sessions/${id}`, { method: "DELETE" }), revokeOtherSessions: () => request("/sessions", { method: "DELETE" }), // Settings — advanced / danger zone exportData: () => requestBlob("/me/export"), importData: (payload) => request("/me/import", { method: "POST", body: JSON.stringify(payload) }), requestAccountDeletion: (confirmEmail) => request("/me/delete", { method: "POST", body: JSON.stringify({ confirmEmail }) }), cancelAccountDeletion: () => request("/me/delete/cancel", { method: "POST" }), finalizeAccountDeletion: () => request("/me", { method: "DELETE" }), };