Files
tfm_ainventory/frontend/lib/api.ts
Daniel Bedeleanu e6ca33f2f0 feat: frontend JWT handling, rate limiting [H-02], CORS config
Frontend:
- Creiez frontend/lib/auth.ts cu saveToken, getToken, getAuthHeader, clearAuth
- Modific api.ts: axiosInstance cu interceptor Bearer token + 401 → /login redirect
- Modific login page: salveaza JWT token din response

Backend:
- [H-02] Integrez slowapi rate limiting: 10 req/minute pe /items/extract-label
- [M-01] CORS: ALLOWED_ORIGINS din env (dev fallback: localhost:3000, localhost:3002)
- [C-01] JWT_SECRET_KEY din env (dev fallback: ephemeral key)

docker-compose.yml:
- Adaug ALLOWED_ORIGINS env var (dev: localhost)
- Adaug JWT_SECRET_KEY env var cu fallback warning

Status:
-  JWT backend: complet
-  JWT frontend: token save + attach + 401 handling
-  Rate limiting: 10/min pe extract-label
-  CORS: configurable via env

Gata pentru dev + testing local.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:42:09 +03:00

167 lines
4.5 KiB
TypeScript

import axios from 'axios';
import { getToken, clearAuth } from './auth';
export const getBackendUrl = () => {
if (typeof window === 'undefined') return 'http://localhost:8000';
const host = window.location.hostname;
// If we are on HTTPS (Proxy/Mobile mode), we use port 3002 for the backend
if (window.location.protocol === 'https:') {
if (host.includes('.loca.lt')) {
return 'https://inventory-ai-api.loca.lt';
}
return `https://${host}:3002`;
}
return `http://${host}:8000`;
};
/**
* [C-01] Axios instance cu JWT Bearer token în header
* și interceptor pentru 401 Unauthorized (token expired)
*/
const axiosInstance = axios.create({
baseURL: getBackendUrl()
});
axiosInstance.interceptors.request.use((config) => {
const token = getToken();
if (token) {
config.headers.Authorization = `Bearer ${token}`;
}
return config;
}, (error) => Promise.reject(error));
axiosInstance.interceptors.response.use(
(response) => response,
(error) => {
// [L-01] Handle 401 Unauthorized — token expired
if (error.response?.status === 401) {
clearAuth();
if (typeof window !== 'undefined') {
window.location.href = '/login';
}
}
return Promise.reject(error);
}
);
export const inventoryApi = {
getItems: async () => {
const res = await axiosInstance.get('/items/');
return res.data;
},
getStats: async () => {
const res = await axiosInstance.get('/items/stats');
return res.data;
},
syncBulkOperations: async (userId: number, operations: any[]) => {
try {
const res = await axiosInstance.post('/operations/bulk-sync', {
user_id: userId,
operations: operations
});
return res.data;
} catch (err: any) {
console.error("Sync API Error:", err);
if (err.response?.status === 404) {
throw new Error(`404: Endpoint not found`);
}
throw err;
}
},
analyzeLabel: async (formData: FormData) => {
const res = await axiosInstance.post('/items/extract-label', formData, {
headers: { 'Content-Type': 'multipart/form-data' }
});
return res.data;
},
createItem: async (userId: number, itemData: any) => {
const res = await axiosInstance.post('/items/', itemData);
return res.data;
},
updateItem: async (itemId: number, itemData: any) => {
const res = await axiosInstance.put(`/items/${itemId}`, itemData);
return res.data;
},
adjustStock: async (endpoint: string, data: any) => {
const res = await axiosInstance.post(`/operations/${endpoint}`, data);
return res.data;
},
deleteItem: async (itemId: number) => {
const res = await axiosInstance.delete(`/items/${itemId}`);
return res.data;
},
getAuditLogs: async (limit: number = 50) => {
const res = await axiosInstance.get('/operations/logs', { params: { limit } });
return res.data;
},
// Users
getUsers: async () => {
const res = await axiosInstance.get('/users/');
return res.data;
},
createUser: async (userData: any) => {
const res = await axiosInstance.post('/users/', userData);
return res.data;
},
login: async (credentials: any) => {
// [C-01] Login endpoint — NU adaug token header (login e public)
const res = await axios.post(`${getBackendUrl()}/users/login`, credentials);
return res.data;
},
deleteUser: async (userId: number) => {
const res = await axiosInstance.delete(`/users/${userId}`);
return res.data;
},
updateUser: async (userId: number, data: any) => {
const res = await axiosInstance.put(`/users/${userId}`, data);
return res.data;
},
getLdapConfig: async () => {
const res = await axiosInstance.get('/users/ldap-config');
return res.data;
},
updateLdapConfig: async (config: any) => {
const res = await axiosInstance.post('/users/ldap-config', config);
return res.data;
},
testLdapConnection: async (config: any) => {
const res = await axiosInstance.post('/users/test-ldap', config);
return res.data;
},
// Categories
getCategories: async () => {
const res = await axiosInstance.get('/categories/');
return res.data;
},
createCategory: async (data: any) => {
const res = await axiosInstance.post('/categories/', data);
return res.data;
},
updateCategory: async (id: number, data: any) => {
const res = await axiosInstance.put(`/categories/${id}`, data);
return res.data;
},
deleteCategory: async (id: number) => {
const res = await axiosInstance.delete(`/categories/${id}`);
return res.data;
}
};