mandant-crm/frontend/composables/useApiFetch.ts
Tim Stollberg 570f17e8b8 feat(frontend): commit uncommitted settings, custom fields, and import work
This local working tree had accumulated a substantial amount of
finished-but-never-committed frontend work: custom client fields
(replacing the old static ClientFields with a dynamic
ClientCustomFieldCard + useCustomFields), CSV import
(useImport + settings/import page), history type management
(useHistoryTypes + settings/history-types page), an admin-only route
middleware, several new icon components, a shared useApiFetch
composable, and a client detail page restructure ([id].vue ->
[id]/index.vue). None of it had ever been pushed, so production was
running a stale build that was already linking to routes/components
that didn't exist server-side (missing IconSettings, 404s on
/settings/import, etc). This commit brings the repo in line with
local state.
2026-07-18 16:27:19 +07:00

30 lines
1,006 B
TypeScript

/**
* Central API fetch wrapper for the Sanctum SPA.
*
* - `credentials: 'include'` sends the session + XSRF cookies.
* - `Accept` / `X-Requested-With` make Laravel's `expectsJson()` return true,
* so an unauthenticated request yields a clean 401 instead of redirecting
* to the (non-existent) `login` route.
* - The decoded `XSRF-TOKEN` cookie is forwarded as `X-XSRF-TOKEN` so mutating
* requests pass CSRF verification.
*/
export const useApiFetch = <T = unknown>(
request: string,
options: Record<string, unknown> = {},
): Promise<T> => {
const getXsrfToken = (): string => {
const match = document.cookie.match(/XSRF-TOKEN=([^;]+)/)
return match ? decodeURIComponent(match[1]) : ''
}
return $fetch<T>(request, {
credentials: 'include',
...options,
headers: {
Accept: 'application/json',
'X-Requested-With': 'XMLHttpRequest',
'X-XSRF-TOKEN': getXsrfToken(),
...(options.headers as Record<string, string> | undefined),
},
})
}