data/baustelle-pwa
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
baustelle-pwa/lib/api.js
Eduard Wisch 40fbdb7370
All checks were successful
Deploy baustelle-pwa / deploy (push) Successful in 1s
Details
fix: JWT als Query-Param bei photo.php (Apache filtert Header auf prod) 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[deploy]
2026-04-08 23:27:27 +02:00

131 lines
4.2 KiB
JavaScript
Raw Blame History

/* API-Client für die Bericht-REST-API */
(function () {
// API-Base wird aus der aktuellen Origin gebaut.
// PWA läuft unter /baustelle/, API unter /custom/bericht/api/
const API_BASE = window.location.origin + '/custom/bericht/api';
let cachedToken = null;
async function getToken() {
if (cachedToken) return cachedToken;
cachedToken = await idb.get('jwt');
return cachedToken;
}
async function setToken(t) {
cachedToken = t;
await idb.set('jwt', t);
}
async function clearToken() {
cachedToken = null;
await idb.del('jwt');
await idb.del('user');
}
async function request(path, opts = {}) {
const t = await getToken();
const headers = opts.headers || {};
if (t && !headers.Authorization) headers.Authorization = 'Bearer ' + t;
if (!headers['Content-Type'] && !(opts.body instanceof FormData)) {
headers['Content-Type'] = 'application/json';
}
const r = await fetch(API_BASE + path, { ...opts, headers });
if (r.status === 401) {
await clearToken();
window.location.hash = '#/login';
throw new Error('Nicht authentifiziert');
}
const data = await r.json().catch(() => ({}));
if (!r.ok) throw new Error(data.error || 'API-Fehler');
return data;
}
async function login(loginName, password) {
const r = await request('/auth.php', {
method: 'POST',
body: JSON.stringify({ login: loginName, password }),
});
await setToken(r.token);
await idb.set('user', r.user);
return r;
}
async function logout() {
await clearToken();
}
async function listOrders(opts = {}) {
const params = new URLSearchParams();
if (opts.q) params.set('q', opts.q);
if (opts.open) params.set('open', '1');
const qs = params.toString();
return request('/orders.php' + (qs ? '?' + qs : ''));
}
async function getOrder(id) {
return request('/orders.php?id=' + id);
}
async function listOrderPhotos(id) {
return request('/orders.php?id=' + id + '&action=photos');
}
async function uploadOrderPhoto(orderId, fileBlob, filename) {
const fd = new FormData();
fd.append('file', fileBlob, filename || 'photo.jpg');
return request('/orders.php?id=' + orderId + '&action=upload_photo', {
method: 'POST',
body: fd,
});
}
async function getReport(id) {
return request('/reports.php?id=' + id);
}
/**
* Lädt eine Bild-Datei von der API als Blob-URL (inkl. JWT).
* Wird benötigt weil <img src> keine Authorization-Header mitschickt.
*/
const blobUrlCache = new Map();
async function getPhotoBlobUrl(relpath, size) {
const key = (size || 'full') + '|' + relpath;
if (blobUrlCache.has(key)) return blobUrlCache.get(key);
const t = await getToken();
if (!t) return null;
// JWT als Query-Param, weil Apache auf prod den Authorization-Header filtert
const params = new URLSearchParams({ relpath, jwt: t });
if (size) params.set('size', size);
const r = await fetch(API_BASE + '/photo.php?' + params.toString());
if (!r.ok) {
const body = await r.text().catch(() => '');
console.warn('photo.php failed', r.status, relpath, body);
return null;
}
const ct = r.headers.get('Content-Type') || '';
if (!ct.startsWith('image/')) {
const body = await r.text().catch(() => '');
console.warn('photo.php not an image', ct, body);
return null;
}
const blob = await r.blob();
const url = URL.createObjectURL(blob);
blobUrlCache.set(key, url);
return url;
}
function clearPhotoCache() {
for (const url of blobUrlCache.values()) URL.revokeObjectURL(url);
blobUrlCache.clear();
}
window.api = {
getToken, setToken, clearToken,
login, logout,
listOrders, getOrder, listOrderPhotos, uploadOrderPhoto, getReport,
getPhotoBlobUrl, clearPhotoCache,
};
})();
Reference in a new issue View git blame Copy permalink