damir/pgz-sport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auth fix: apiPost/apiPut/apiDelete uses Bearer token

Browse Source 
sport2.html:
- apiPost: localStorage pgz_access → Authorization: Bearer
- apiPut, apiDelete added
- Better error toast

Login redirect (multiple files):
- Wrap auto-redirect in __pgz_made_api_call check
- Don't redirect on initial page load if user has no API call yet
This commit is contained in:
Damir Radulić
2026-05-05 18:22:52 +02:00
parent 1bc30d7881
commit 7608839473
2 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/app.html
+1 -1
View File
@@ -481,7 +481,7 @@ async function apiAuth(path, opts){
const onLogin = location.pathname.includes('/login');
if(!onLogin && !window.__pgz_redirecting){
window.__pgz_redirecting = true;
window.location.href = '/login?reason=unauthorized';
window.(window.__pgz_made_api_call ? location.href = '/login?reason=unauthorized' : console.warn('[auth] no token but no API call yet, skipping redirect'));
}
return {__unauthorized:true, status:401};
}
static/sport2.html
+36 -4
View File
@@ -575,25 +575,57 @@ function txt(v, fb){
}
async function api(path){
try{
const r = await fetch(API+path);
const tok = localStorage.getItem('pgz_access') || sessionStorage.getItem('pgz_access') || localStorage.getItem('access_token') || '';
const headers = {};
if(tok) headers['Authorization'] = 'Bearer ' + tok;
const r = await fetch(API+path, {headers});
if(!r.ok) throw new Error('HTTP '+r.status);
return await r.json();
}catch(e){
console.error('API error', path, e);
console.error('API GET error', path, e);
return null;
}
}
async function apiPost(path, body){
try{
const r = await fetch(API+path, {method:'POST', headers:{'Content-Type':'application/json'}, body: body?JSON.stringify(body):'{}'});
if(!r.ok) throw new Error('HTTP '+r.status);
const tok = localStorage.getItem('pgz_access') || sessionStorage.getItem('pgz_access') || localStorage.getItem('access_token') || '';
const headers = {'Content-Type':'application/json'};
if(tok) headers['Authorization'] = 'Bearer ' + tok;
const r = await fetch(API+path, {method:'POST', headers, body: body?JSON.stringify(body):'{}'});
if(!r.ok){
const errText = await r.text().catch(()=>(''));
throw new Error('HTTP '+r.status+(errText? ': '+errText.slice(0,150):''));
}
return await r.json();
}catch(e){
console.error('API POST error', path, e);
if(typeof showToast === 'function') showToast('Greška: '+e.message, 'err');
return null;
}
}
async function apiPut(path, body){
try{
const tok = localStorage.getItem('pgz_access') || sessionStorage.getItem('pgz_access') || '';
const headers = {'Content-Type':'application/json'};
if(tok) headers['Authorization'] = 'Bearer ' + tok;
const r = await fetch(API+path, {method:'PUT', headers, body: JSON.stringify(body||{})});
if(!r.ok) throw new Error('HTTP '+r.status);
return await r.json();
}catch(e){ console.error('API PUT error', path, e); return null; }
}
async function apiDelete(path){
try{
const tok = localStorage.getItem('pgz_access') || sessionStorage.getItem('pgz_access') || '';
const headers = {};
if(tok) headers['Authorization'] = 'Bearer ' + tok;
const r = await fetch(API+path, {method:'DELETE', headers});
if(!r.ok) throw new Error('HTTP '+r.status);
return await r.json();
}catch(e){ console.error('API DELETE error', path, e); return null; }
}
// Cache the latest preview so /apply can pass back the same sources
window._enrichPreviews = window._enrichPreviews || {};