diff_api.patch

diff --git a/admin/src/lib/api.ts b/admin/src/lib/api.ts
index f701c8aa..f2a605af 100644
--- a/admin/src/lib/api.ts
+++ b/admin/src/lib/api.ts
@@ -1,88 +1,319 @@
-const API_BASE_URL = import.meta.env.VITE_API_BASE_URL || 'http://localhost:8000';
-const ADMIN_API_KEY = import.meta.env.VITE_ADMIN_API_KEY;
+import { clearTokens as clearStoredTokens, readAccessToken, readRefreshToken, writeTokens } from './authStorage';
 
-interface ApiConfig {
-  baseURL?: string;
+const DEFAULT_BASE_URL = (import.meta.env.VITE_API_BASE_URL as string | undefined) ?? '';
+const DEFAULT_API_KEY = (import.meta.env.VITE_ADMIN_API_KEY as string | undefined) ?? '';
+
+export interface ApiClientConfig {
+  baseUrl?: string;
+  apiKey?: string;
+  fetchImpl?: typeof fetch;
+}
+
+export interface ApiRequestOptions extends Omit<RequestInit, 'headers'> {
   headers?: Record<string, string>;
 }
 
-class ApiClient {
-  private config: ApiConfig;
-
-  constructor(config: ApiConfig = {}) {
-    this.config = {
-      baseURL: config.baseURL || API_BASE_URL,
-      headers: {
-        'Content-Type': 'application/json',
-        'X-API-Key': ADMIN_API_KEY || '',
-        ...config.headers,
-      },
-    };
-  }
-
-  private async request<T>(
-    endpoint: string,
-    options: RequestInit = {}
-  ): Promise<T> {
-    const url = `${this.config.baseURL}${endpoint}`;
-
-    const response = await fetch(url, {
-      ...options,
-      headers: {
-        ...this.config.headers,
-        ...options.headers,
-      },
-    });
+export interface ApiErrorInit {
+  status: number;
+  statusText: string;
+  url: string;
+  data?: unknown;
+}
 
-    if (!response.ok) {
-      const errorData = await response.json().catch(() => ({}));
-      throw new Error(errorData.detail || `HTTP ${response.status}: ${response.statusText}`);
+export class ApiError extends Error {
+  public readonly status: number;
+  public readonly statusText: string;
+  public readonly url: string;
+  public readonly data?: unknown;
+
+  constructor(message: string, init: ApiErrorInit) {
+    super(message);
+    this.name = 'ApiError';
+    this.status = init.status;
+    this.statusText = init.statusText;
+    this.url = init.url;
+    this.data = init.data;
+  }
+}
+
+const isFormData = (value: unknown): value is FormData =>
+  typeof FormData !== 'undefined' && value instanceof FormData;
+
+const isBlob = (value: unknown): value is Blob =>
+  typeof Blob !== 'undefined' && value instanceof Blob;
+
+const isURLSearchParams = (value: unknown): value is URLSearchParams =>
+  typeof URLSearchParams !== 'undefined' && value instanceof URLSearchParams;
+
+const isReadableStream =
+  typeof ReadableStream !== 'undefined'
+    ? (value: unknown): value is ReadableStream<Uint8Array> => value instanceof ReadableStream
+    : (_value: unknown): _value is ReadableStream<Uint8Array> => false;
+
+const isArrayBuffer = (value: unknown): value is ArrayBuffer =>
+  typeof ArrayBuffer !== 'undefined' && value instanceof ArrayBuffer;
+
+const isArrayBufferView = (value: unknown): value is ArrayBufferView =>
+  typeof ArrayBuffer !== 'undefined' && ArrayBuffer.isView(value as ArrayBufferView);
+
+const redirectToLogin = () => {
+  if (typeof window !== 'undefined') {
+    window.location.replace('/login');
+  }
+};
+
+export class ApiClient {
+  private readonly baseUrl: string;
+  private readonly apiKey: string;
+  private readonly fetchImpl: typeof fetch;
+
+  constructor(config: ApiClientConfig = {}) {
+    const baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
+    this.baseUrl = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
+    this.apiKey = config.apiKey ?? DEFAULT_API_KEY;
+    this.fetchImpl = config.fetchImpl ?? fetch;
+  }
+
+  private buildUrl(endpoint: string): string {
+    if (endpoint.startsWith('http://') || endpoint.startsWith('https://')) {
+      return endpoint;
+    }
+
+    const normalizedEndpoint = endpoint.startsWith('/') ? endpoint : `/${endpoint}`;
+    return `${this.baseUrl}${normalizedEndpoint}`;
+  }
+
+  private shouldSerializeBody(method: string): boolean {
+    return method !== 'GET' && method !== 'HEAD';
+  }
+
+  private prepareBody(body: unknown, method: string): BodyInit | undefined {
+    if (!this.shouldSerializeBody(method) || body === undefined || body === null) {
+      return undefined;
     }
 
-    const contentType = response.headers.get('content-type');
-    if (contentType && contentType.includes('application/json')) {
+    if (
+      isFormData(body) ||
+      isBlob(body) ||
+      isURLSearchParams(body) ||
+      isReadableStream(body) ||
+      isArrayBuffer(body) ||
+      isArrayBufferView(body) ||
+      typeof body === 'string'
+    ) {
+      return body as BodyInit;
+    }
+
+    return JSON.stringify(body);
+  }
+
+  private async parseResponse(response: Response): Promise<unknown> {
+    if (response.status === 204 || response.status === 205) {
+      return undefined;
+    }
+
+    const contentType = response.headers.get('content-type') ?? '';
+    const isJson = contentType.includes('application/json');
+
+    if (isJson) {
       return response.json();
     }
 
-    return response.text() as unknown as T;
+    return response.text();
   }
 
-  async get<T>(endpoint: string): Promise<T> {
-    return this.request<T>(endpoint, { method: 'GET' });
+  private getAuthToken(): string | null {
+    return readAccessToken();
   }
 
-  async post<T>(endpoint: string, data?: any): Promise<T> {
-    return this.request<T>(endpoint, {
-      method: 'POST',
-      body: data ? JSON.stringify(data) : undefined,
-    });
+  private async refreshToken(): Promise<boolean> {
+    const refreshToken = readRefreshToken();
+    if (!refreshToken) {
+      return false;
+    }
+
+    try {
+      const response = await this.fetchImpl(this.buildUrl('/auth/refresh'), {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ refresh_token: refreshToken }),
+      });
+
+      if (response.ok) {
+        const tokens = await response.json();
+        writeTokens({ accessToken: tokens.access_token, refreshToken: tokens.refresh_token });
+        return true;
+      }
+    } catch (error) {
+      console.error('Token refresh failed:', error);
+    }
+
+    clearStoredTokens();
+    redirectToLogin();
+    return false;
   }
 
-  async put<T>(endpoint: string, data?: any): Promise<T> {
-    return this.request<T>(endpoint, {
-      method: 'PUT',
-      body: data ? JSON.stringify(data) : undefined,
-    });
+  private ensureBaseHeaders(headers: Headers, body: unknown, apiKey?: string): void {
+    const token = this.getAuthToken();
+
+    if (token && !apiKey) {
+      headers.set('Authorization', `Bearer ${token}`);
+    } else if (apiKey) {
+      headers.set('X-API-Key', apiKey);
+    }
+
+    if (!isFormData(body)) {
+      headers.set('Content-Type', 'application/json');
+    } else {
+      headers.delete('Content-Type');
+    }
   }
 
-  async delete<T>(endpoint: string): Promise<T> {
-    return this.request<T>(endpoint, { method: 'DELETE' });
+  private extractErrorMessage(payload: unknown, response: Response): string {
+    if (typeof payload === 'string' && payload.trim()) {
+      return payload;
+    }
+
+    if (payload && typeof payload === 'object') {
+      const candidate =
+        (payload as Record<string, unknown>).detail ??
+        (payload as Record<string, unknown>).message ??
+        (payload as Record<string, unknown>).error ??
+        (payload as Record<string, unknown>).title;
+
+      if (typeof candidate === 'string' && candidate.trim()) {
+        return candidate;
+      }
+    }
+
+    return `HTTP ${response.status}: ${response.statusText}`;
   }
 
-  async uploadFile<T>(endpoint: string, file: File): Promise<T> {
-    const formData = new FormData();
-    formData.append('file', file);
+  async request<T>(endpoint: string, options: ApiRequestOptions = {}): Promise<T> {
+    const method = (options.method ?? 'GET').toUpperCase();
+    const url = this.buildUrl(endpoint);
+    const headers = new Headers(options.headers);
+    const body = this.prepareBody(options.body, method);
+
+    const providedKey =
+      (options.headers &&
+        (options.headers['X-API-Key'] ?? (options.headers['x-api-key'] as string | undefined))) ??
+      undefined;
+    const resolvedApiKey = (providedKey ?? this.apiKey ?? '').trim();
+    const token = this.getAuthToken();
+
+    if (!token && !resolvedApiKey) {
+      throw new ApiError('Authentication required. Please log in or provide API key.', {
+        status: 401,
+        statusText: 'Unauthorized',
+        url,
+      });
+    }
+
+    this.ensureBaseHeaders(headers, options.body, resolvedApiKey);
+
+    let response: Response;
+
+    try {
+      response = await this.fetchImpl(url, {
+        ...options,
+        method,
+        headers,
+        body,
+      });
+    } catch (error) {
+      throw new ApiError('Network request failed', {
+        status: 0,
+        statusText: 'FETCH_ERROR',
+        url,
+        data: error,
+      });
+    }
+
+    if (response.status === 401 && token && !providedKey) {
+      const refreshed = await this.refreshToken();
+      if (refreshed) {
+        const newHeaders = new Headers(options.headers);
+        this.ensureBaseHeaders(newHeaders, options.body);
+
+        try {
+          const retryResponse = await this.fetchImpl(url, {
+            ...options,
+            method,
+            headers: newHeaders,
+            body,
+          });
+
+          if (!retryResponse.ok) {
+            const retryPayload = await this.parseResponse(retryResponse);
+            const message = this.extractErrorMessage(retryPayload, retryResponse);
+            throw new ApiError(message, {
+              status: retryResponse.status,
+              statusText: retryResponse.statusText,
+              url,
+              data: retryPayload,
+            });
+          }
 
-    return this.request<T>(endpoint, {
-      method: 'POST',
-      body: formData,
-      headers: {
-        'X-API-Key': ADMIN_API_KEY || '',
-      },
-    });
+          return (await this.parseResponse(retryResponse)) as T;
+        } catch (retryError) {
+          if (retryError instanceof ApiError) {
+            throw retryError;
+          }
+          throw new ApiError('Retry request failed', {
+            status: 0,
+            statusText: 'RETRY_ERROR',
+            url,
+            data: retryError,
+          });
+        }
+      }
+
+      throw new ApiError('Authentication failed', {
+        status: 401,
+        statusText: 'Unauthorized',
+        url,
+      });
+    }
+
+    const payload = await this.parseResponse(response);
+
+    if (!response.ok) {
+      const message = this.extractErrorMessage(payload, response);
+      throw new ApiError(message, {
+        status: response.status,
+        statusText: response.statusText,
+        url,
+        data: payload,
+      });
+    }
+
+    return payload as T;
+  }
+
+  get<T>(endpoint: string, options?: Omit<ApiRequestOptions, 'method' | 'body'>): Promise<T> {
+    return this.request<T>(endpoint, { ...options, method: 'GET' });
+  }
+
+  post<T>(endpoint: string, body?: unknown, options?: Omit<ApiRequestOptions, 'method' | 'body'>): Promise<T> {
+    return this.request<T>(endpoint, { ...options, method: 'POST', body });
+  }
+
+  put<T>(endpoint: string, body?: unknown, options?: Omit<ApiRequestOptions, 'method' | 'body'>): Promise<T> {
+    return this.request<T>(endpoint, { ...options, method: 'PUT', body });
+  }
+
+  patch<T>(endpoint: string, body?: unknown, options?: Omit<ApiRequestOptions, 'method' | 'body'>): Promise<T> {
+    return this.request<T>(endpoint, { ...options, method: 'PATCH', body });
+  }
+
+  delete<T>(endpoint: string, options?: Omit<ApiRequestOptions, 'method'>): Promise<T> {
+    return this.request<T>(endpoint, { ...options, method: 'DELETE' });
   }
 }
 
 export const apiClient = new ApiClient();
 
-export default apiClient;
\ No newline at end of file
+export const createApiClient = (config?: ApiClientConfig): ApiClient => new ApiClient(config);
+
+export default apiClient;