api.js

Go to the documentation of this file.

// Simple global fetch wrapper: injects Authorization header (if token)
// and redirects to login on 401/403 responses.
const originalFetch = window.fetch.bind(window);
 
window.fetch = async (input, init = {}) => {
  const token = localStorage.getItem('token');
  init.headers = init.headers || {};
 
  // Normalize URL for checks
  const url = typeof input === 'string' ? input : (input && input.url) ? input.url : '';
  const isLoginRequest = url.includes('/users/login');
 
  // If Authorization not already present, add it (but never for login requests)
  if (!isLoginRequest && token && !init.headers.Authorization && !init.headers.authorization) {
    init.headers = { ...init.headers, Authorization: `Bearer ${token}` };
  }
 
  try {
    const res = await originalFetch(input, init);
 
    // Don't auto-redirect on auth errors for login calls or when we're already on the login page
    // Only redirect on 401 (unauthenticated). Do NOT redirect on 403 (forbidden) as it may be a legitimate ACL deny.
    if ((res.status === 401) && !isLoginRequest && window.location.pathname !== '/login') {
      try { localStorage.removeItem('token'); } catch (e) {}
      // Send users to the login page instead of home
      window.location.href = '/login';
    }
    return res;
  } catch (err) {
    // network error - rethrow so callers can handle
    throw err;
  }
};
 
export {};