mandant-crm/frontend/composables/useApiFetch.ts

31 lines
1,006 B
TypeScript
Raw Normal View History

/**
* Central API fetch wrapper for the Sanctum SPA.
*
* - `credentials: 'include'` sends the session + XSRF cookies.
* - `Accept` / `X-Requested-With` make Laravel's `expectsJson()` return true,
* so an unauthenticated request yields a clean 401 instead of redirecting
* to the (non-existent) `login` route.
* - The decoded `XSRF-TOKEN` cookie is forwarded as `X-XSRF-TOKEN` so mutating
* requests pass CSRF verification.
*/
export const useApiFetch = <T = unknown>(
request: string,
options: Record<string, unknown> = {},
): Promise<T> => {
const getXsrfToken = (): string => {
const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/)
return match ? decodeURIComponent(match[1]) : ''
}
return $fetch<T>(request, {
credentials: 'include',
...options,
headers: {
Accept: 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'X-XSRF-TOKEN': getXsrfToken(),
...(options.headers as Record<string, string> | undefined),
},
})
}