This local working tree had accumulated a substantial amount of finished-but-never-committed frontend work: custom client fields (replacing the old static ClientFields with a dynamic ClientCustomFieldCard + useCustomFields), CSV import (useImport + settings/import page), history type management (useHistoryTypes + settings/history-types page), an admin-only route middleware, several new icon components, a shared useApiFetch composable, and a client detail page restructure ([id].vue -> [id]/index.vue). None of it had ever been pushed, so production was running a stale build that was already linking to routes/components that didn't exist server-side (missing IconSettings, 404s on /settings/import, etc). This commit brings the repo in line with local state.
30 lines
1,006 B
TypeScript
30 lines
1,006 B
TypeScript
/**
|
|
* Central API fetch wrapper for the Sanctum SPA.
|
|
*
|
|
* - `credentials: 'include'` sends the session + XSRF cookies.
|
|
* - `Accept` / `X-Requested-With` make Laravel's `expectsJson()` return true,
|
|
* so an unauthenticated request yields a clean 401 instead of redirecting
|
|
* to the (non-existent) `login` route.
|
|
* - The decoded `XSRF-TOKEN` cookie is forwarded as `X-XSRF-TOKEN` so mutating
|
|
* requests pass CSRF verification.
|
|
*/
|
|
export const useApiFetch = <T = unknown>(
|
|
request: string,
|
|
options: Record<string, unknown> = {},
|
|
): Promise<T> => {
|
|
const getXsrfToken = (): string => {
|
|
const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/)
|
|
return match ? decodeURIComponent(match[1]) : ''
|
|
}
|
|
|
|
return $fetch<T>(request, {
|
|
credentials: 'include',
|
|
...options,
|
|
headers: {
|
|
Accept: 'application/json',
|
|
'X-Requested-With': 'XMLHttpRequest',
|
|
'X-XSRF-TOKEN': getXsrfToken(),
|
|
...(options.headers as Record<string, string> | undefined),
|
|
},
|
|
})
|
|
}
|