179aaa8f16
- Fixed issue where empty string success filter was interpreted as false - Backend was filtering for only failed logs when success='' was sent - Added check to skip sending success parameter when empty string - Activity logs page now shows all logs when filters are set to 'All' Bug: When user selected 'All' for success filter, frontend sent success='', backend parsed this as success=false, showing only failed logs (usually none).
499 lines
13 KiB
JavaScript
499 lines
13 KiB
JavaScript
// Use relative URL - works for both dev (localhost:8080) and prod (localhost)
|
|
// Nginx proxies /api to backend
|
|
const API_URL = '/api';
|
|
|
|
class ApiError extends Error {
|
|
constructor(message, status, data) {
|
|
super(message);
|
|
this.name = 'ApiError';
|
|
this.status = status;
|
|
this.data = data;
|
|
}
|
|
}
|
|
|
|
// CSRF Token Management (Phase 3 - Security Hardening)
|
|
let csrfToken = null;
|
|
|
|
async function getCsrfToken() {
|
|
if (csrfToken) return csrfToken;
|
|
|
|
try {
|
|
const response = await fetch(`${API_URL}/csrf-token`, {
|
|
credentials: 'include', // Important for cookies
|
|
});
|
|
const data = await response.json();
|
|
csrfToken = data.csrfToken;
|
|
return csrfToken;
|
|
} catch (error) {
|
|
console.warn('Failed to fetch CSRF token:', error);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// Reset CSRF token (call this on 403 CSRF errors)
|
|
function resetCsrfToken() {
|
|
csrfToken = null;
|
|
}
|
|
|
|
async function fetchAPI(endpoint, options = {}) {
|
|
const url = `${API_URL}${endpoint}`;
|
|
|
|
const config = {
|
|
...options,
|
|
credentials: 'include', // Include cookies for CSRF
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
...options.headers,
|
|
},
|
|
};
|
|
|
|
// Add auth token if available
|
|
const token = localStorage.getItem('token');
|
|
if (token) {
|
|
config.headers['Authorization'] = `Bearer ${token}`;
|
|
}
|
|
|
|
// Add CSRF token for state-changing requests (Phase 3)
|
|
if (['POST', 'PUT', 'DELETE', 'PATCH'].includes(options.method?.toUpperCase())) {
|
|
const csrf = await getCsrfToken();
|
|
if (csrf) {
|
|
config.headers['X-CSRF-Token'] = csrf;
|
|
}
|
|
}
|
|
|
|
try {
|
|
const response = await fetch(url, config);
|
|
|
|
// Check if response is JSON before parsing
|
|
const contentType = response.headers.get('content-type');
|
|
if (!contentType || !contentType.includes('application/json')) {
|
|
throw new ApiError(
|
|
'Server returned non-JSON response',
|
|
response.status,
|
|
{ message: 'The server is not responding correctly. Please try again later.' }
|
|
);
|
|
}
|
|
|
|
const data = await response.json();
|
|
|
|
if (!response.ok) {
|
|
// Handle CSRF token errors (Phase 3)
|
|
if (response.status === 403 && data.error === 'Invalid CSRF token') {
|
|
resetCsrfToken();
|
|
// Retry the request once with a fresh CSRF token
|
|
if (!options._csrfRetry) {
|
|
return fetchAPI(endpoint, { ...options, _csrfRetry: true });
|
|
}
|
|
}
|
|
|
|
throw new ApiError(
|
|
data.error || 'API request failed',
|
|
response.status,
|
|
data
|
|
);
|
|
}
|
|
|
|
return data;
|
|
} catch (error) {
|
|
if (error instanceof ApiError) {
|
|
throw error;
|
|
}
|
|
// Handle JSON parsing errors
|
|
if (error instanceof SyntaxError) {
|
|
throw new ApiError(
|
|
'Invalid server response',
|
|
0,
|
|
{ message: 'The server returned an invalid response. Please check if the server is running.' }
|
|
);
|
|
}
|
|
throw new ApiError('Network error', 0, { message: error.message });
|
|
}
|
|
}
|
|
|
|
// Auth API
|
|
export const authAPI = {
|
|
async register(username, email, password, firstName = null, lastName = null, wsdcId = null) {
|
|
const data = await fetchAPI('/auth/register', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ username, email, password, firstName, lastName, wsdcId }),
|
|
});
|
|
|
|
// Save token
|
|
if (data.data.token) {
|
|
localStorage.setItem('token', data.data.token);
|
|
}
|
|
|
|
return data.data;
|
|
},
|
|
|
|
async login(email, password) {
|
|
const data = await fetchAPI('/auth/login', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ email, password }),
|
|
});
|
|
|
|
// Save token
|
|
if (data.data.token) {
|
|
localStorage.setItem('token', data.data.token);
|
|
}
|
|
|
|
return data.data;
|
|
},
|
|
|
|
async getCurrentUser() {
|
|
const data = await fetchAPI('/users/me');
|
|
return data.data;
|
|
},
|
|
|
|
async verifyEmailByToken(token) {
|
|
const data = await fetchAPI(`/auth/verify-email?token=${token}`);
|
|
return data;
|
|
},
|
|
|
|
async verifyEmailByCode(email, code) {
|
|
const data = await fetchAPI('/auth/verify-code', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ email, code }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async resendVerification(email) {
|
|
const data = await fetchAPI('/auth/resend-verification', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ email }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async requestPasswordReset(email) {
|
|
const data = await fetchAPI('/auth/request-password-reset', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ email }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async resetPassword(token, newPassword) {
|
|
const data = await fetchAPI('/auth/reset-password', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ token, newPassword }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async updateProfile(profileData) {
|
|
const data = await fetchAPI('/users/me', {
|
|
method: 'PATCH',
|
|
body: JSON.stringify(profileData),
|
|
});
|
|
|
|
// Update token if it was returned (email changed)
|
|
if (data.data?.token) {
|
|
localStorage.setItem('token', data.data.token);
|
|
}
|
|
|
|
return data;
|
|
},
|
|
|
|
async changePassword(currentPassword, newPassword) {
|
|
const data = await fetchAPI('/users/me/password', {
|
|
method: 'PATCH',
|
|
body: JSON.stringify({ currentPassword, newPassword }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async getUserByUsername(username) {
|
|
const data = await fetchAPI(`/users/${username}`);
|
|
return data.data;
|
|
},
|
|
|
|
logout() {
|
|
localStorage.removeItem('token');
|
|
localStorage.removeItem('user');
|
|
},
|
|
};
|
|
|
|
// WSDC API (Phase 1.5)
|
|
export const wsdcAPI = {
|
|
async lookupDancer(wsdcId) {
|
|
const data = await fetchAPI(`/wsdc/lookup?id=${wsdcId}`);
|
|
return data;
|
|
},
|
|
};
|
|
|
|
// Events API
|
|
export const eventsAPI = {
|
|
async getAll() {
|
|
const data = await fetchAPI('/events');
|
|
return data.data;
|
|
},
|
|
|
|
async getBySlug(slug) {
|
|
const data = await fetchAPI(`/events/${slug}`);
|
|
return data.data;
|
|
},
|
|
|
|
async getMessages(slug, before = null, limit = 20) {
|
|
const params = new URLSearchParams({ limit: limit.toString() });
|
|
if (before) {
|
|
params.append('before', before.toString());
|
|
}
|
|
const data = await fetchAPI(`/events/${slug}/messages?${params}`);
|
|
return data;
|
|
},
|
|
|
|
async getDetails(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/details`);
|
|
return data;
|
|
},
|
|
|
|
async checkin(token) {
|
|
const data = await fetchAPI(`/events/checkin/${token}`, {
|
|
method: 'POST',
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async leave(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/leave`, {
|
|
method: 'DELETE',
|
|
});
|
|
return data;
|
|
},
|
|
};
|
|
|
|
// Divisions API (Phase 1.6)
|
|
export const divisionsAPI = {
|
|
async getAll() {
|
|
const data = await fetchAPI('/divisions');
|
|
return data.data;
|
|
},
|
|
};
|
|
|
|
// Competition Types API (Phase 1.6)
|
|
export const competitionTypesAPI = {
|
|
async getAll() {
|
|
const data = await fetchAPI('/competition-types');
|
|
return data.data;
|
|
},
|
|
};
|
|
|
|
// Heats API (Phase 1.6)
|
|
export const heatsAPI = {
|
|
async saveHeats(slug, heats) {
|
|
const data = await fetchAPI(`/events/${slug}/heats`, {
|
|
method: 'POST',
|
|
body: JSON.stringify({ heats }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async getMyHeats(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/heats/me`);
|
|
// Returns { data: heats[], competitorNumber: number|null }
|
|
return data;
|
|
},
|
|
|
|
async getAllHeats(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/heats/all`);
|
|
return data.data;
|
|
},
|
|
|
|
async deleteHeat(slug, heatId) {
|
|
const data = await fetchAPI(`/events/${slug}/heats/${heatId}`, {
|
|
method: 'DELETE',
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async setCompetitorNumber(slug, competitorNumber) {
|
|
const data = await fetchAPI(`/events/${slug}/competitor-number`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ competitorNumber }),
|
|
});
|
|
return data;
|
|
},
|
|
};
|
|
|
|
// Matches API (Phase 2)
|
|
export const matchesAPI = {
|
|
async createMatch(targetUserId, eventSlug) {
|
|
const data = await fetchAPI('/matches', {
|
|
method: 'POST',
|
|
body: JSON.stringify({ targetUserId, eventSlug }),
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async getMatches(eventSlug = null, status = null) {
|
|
const params = new URLSearchParams();
|
|
if (eventSlug) params.append('eventSlug', eventSlug);
|
|
if (status) params.append('status', status);
|
|
|
|
const queryString = params.toString();
|
|
const endpoint = queryString ? `/matches?${queryString}` : '/matches';
|
|
|
|
const data = await fetchAPI(endpoint);
|
|
return data;
|
|
},
|
|
|
|
async getMatch(matchSlug) {
|
|
const data = await fetchAPI(`/matches/${matchSlug}`);
|
|
return data;
|
|
},
|
|
|
|
async acceptMatch(matchSlug) {
|
|
const data = await fetchAPI(`/matches/${matchSlug}/accept`, {
|
|
method: 'PUT',
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async deleteMatch(matchSlug) {
|
|
const data = await fetchAPI(`/matches/${matchSlug}`, {
|
|
method: 'DELETE',
|
|
});
|
|
return data;
|
|
},
|
|
|
|
async getMatchMessages(matchSlug) {
|
|
const data = await fetchAPI(`/matches/${matchSlug}/messages`);
|
|
return data;
|
|
},
|
|
|
|
async createRating(matchSlug, { score, comment, wouldCollaborateAgain }) {
|
|
const data = await fetchAPI(`/matches/${matchSlug}/ratings`, {
|
|
method: 'POST',
|
|
body: JSON.stringify({ score, comment, wouldCollaborateAgain }),
|
|
});
|
|
return data;
|
|
},
|
|
};
|
|
|
|
// Ratings API
|
|
export const ratingsAPI = {
|
|
async getUserRatings(username) {
|
|
const data = await fetchAPI(`/users/${username}/ratings`);
|
|
return data;
|
|
},
|
|
};
|
|
|
|
// Dashboard API
|
|
export const dashboardAPI = {
|
|
async getData() {
|
|
const data = await fetchAPI('/dashboard');
|
|
return data.data;
|
|
},
|
|
};
|
|
|
|
// Recording Matching API (Auto-matching for recording partners)
|
|
export const matchingAPI = {
|
|
// Get match suggestions for current user
|
|
async getSuggestions(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/match-suggestions`);
|
|
return data.data;
|
|
},
|
|
|
|
// Run matching algorithm (admin/trigger)
|
|
async runMatching(slug) {
|
|
const data = await fetchAPI(`/events/${slug}/run-matching`, {
|
|
method: 'POST',
|
|
});
|
|
return data.data;
|
|
},
|
|
|
|
// Accept or reject a suggestion
|
|
async updateSuggestionStatus(slug, suggestionId, status) {
|
|
const data = await fetchAPI(`/events/${slug}/match-suggestions/${suggestionId}/status`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ status }),
|
|
});
|
|
return data.data;
|
|
},
|
|
|
|
// Set recorder opt-out preference
|
|
async setRecorderOptOut(slug, optOut) {
|
|
const data = await fetchAPI(`/events/${slug}/recorder-opt-out`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ optOut }),
|
|
});
|
|
return data.data;
|
|
},
|
|
|
|
// Set registration deadline (admin)
|
|
async setRegistrationDeadline(slug, deadline) {
|
|
const data = await fetchAPI(`/events/${slug}/registration-deadline`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ registrationDeadline: deadline }),
|
|
});
|
|
return data.data;
|
|
},
|
|
|
|
// Set schedule config (admin)
|
|
async setScheduleConfig(slug, scheduleConfig) {
|
|
const data = await fetchAPI(`/events/${slug}/schedule-config`, {
|
|
method: 'PUT',
|
|
body: JSON.stringify({ scheduleConfig }),
|
|
});
|
|
return data.data;
|
|
},
|
|
};
|
|
|
|
// Admin API (matching control)
|
|
export const adminAPI = {
|
|
async runMatchingNow(slug) {
|
|
const data = await fetchAPI(`/admin/events/${slug}/run-now`, {
|
|
method: 'POST',
|
|
});
|
|
return data.data;
|
|
},
|
|
|
|
async getMatchingRuns(slug, limit = 20) {
|
|
const params = new URLSearchParams({ limit: String(limit) });
|
|
const data = await fetchAPI(`/admin/events/${slug}/matching-runs?${params.toString()}`);
|
|
return data;
|
|
},
|
|
|
|
async getRunSuggestions(slug, runId, { onlyAssigned = true, includeNotFound = false, limit = 100 } = {}) {
|
|
const params = new URLSearchParams({
|
|
onlyAssigned: String(onlyAssigned),
|
|
includeNotFound: String(includeNotFound),
|
|
limit: String(limit),
|
|
});
|
|
const data = await fetchAPI(`/admin/events/${slug}/matching-runs/${runId}/suggestions?${params.toString()}`);
|
|
return data;
|
|
},
|
|
|
|
// Activity Logs API
|
|
async getActivityLogs({ startDate, endDate, action, category, username, userId, success, limit = 100, offset = 0 } = {}) {
|
|
const params = new URLSearchParams();
|
|
if (startDate) params.append('startDate', startDate);
|
|
if (endDate) params.append('endDate', endDate);
|
|
if (action) params.append('action', action);
|
|
if (category) params.append('category', category);
|
|
if (username) params.append('username', username);
|
|
if (userId) params.append('userId', String(userId));
|
|
// Only send success if it's not empty string (to avoid filtering to false when user wants all logs)
|
|
if (success !== undefined && success !== '') params.append('success', String(success));
|
|
params.append('limit', String(limit));
|
|
params.append('offset', String(offset));
|
|
|
|
const data = await fetchAPI(`/admin/activity-logs?${params.toString()}`);
|
|
return data.data;
|
|
},
|
|
|
|
async getActivityLogActions() {
|
|
const data = await fetchAPI('/admin/activity-logs/actions');
|
|
return data.data;
|
|
},
|
|
|
|
async getActivityLogStats() {
|
|
const data = await fetchAPI('/admin/activity-logs/stats');
|
|
return data.data;
|
|
},
|
|
};
|
|
|
|
export { ApiError };
|