packages/client/src/api/auth.ts

import { request } from './client'

export interface AuthStatus {
  hasPasswordLogin: boolean
  username: string | null
}

export async function fetchAuthStatus(): Promise<AuthStatus> {
  const res = await fetch('/api/auth/status')
  if (!res.ok) throw new Error('Failed to fetch auth status')
  return res.json()
}

export async function loginWithPassword(username: string, password: string): Promise<string> {
  const res = await fetch('/api/auth/login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ username, password }),
  })
  if (!res.ok) {
    const data = await res.json().catch(() => ({}))
    const err: any = new Error(data.error || 'Login failed')
    err.status = res.status
    throw err
  }
  const data = await res.json()
  return data.token
}

export async function setupPassword(username: string, password: string): Promise<void> {
  return request('/api/auth/setup', {
    method: 'POST',
    body: JSON.stringify({ username, password }),
  })
}

export async function changePassword(currentPassword: string, newPassword: string): Promise<void> {
  return request('/api/auth/change-password', {
    method: 'POST',
    body: JSON.stringify({ currentPassword, newPassword }),
  })
}

export async function changeUsername(currentPassword: string, newUsername: string): Promise<void> {
  return request('/api/auth/change-username', {
    method: 'POST',
    body: JSON.stringify({ currentPassword, newUsername }),
  })
}

export async function removePassword(): Promise<void> {
  return request('/api/auth/password', {
    method: 'DELETE',
  })
}

export interface LockedIp {
  ip: string
  type: 'password' | 'token'
  failures: number
  lockedUntil: number
}

export async function fetchLockedIps(): Promise<LockedIp[]> {
  const res = await request<{ locks: LockedIp[] }>('/api/auth/locked-ips')
  return res.locks
}

export async function unlockSpecificIp(ip: string): Promise<void> {
  return request(`/api/auth/locked-ips?ip=${encodeURIComponent(ip)}`, {
    method: 'DELETE',
  })
}

export async function unlockAllIps(): Promise<number> {
  const res = await request<{ count: number }>('/api/auth/locked-ips', {
    method: 'DELETE',
  })
  return res.count
}
feat: add username/password login, account settings, and changelog (#133 ) (#134 ) 2026-04-22 20:27:33 +08:00			`import { request } from './client'`

			`export interface AuthStatus {`
			`hasPasswordLogin: boolean`
			`username: string \| null`
			`}`

			`export async function fetchAuthStatus(): Promise<AuthStatus> {`
			`const res = await fetch('/api/auth/status')`
			`if (!res.ok) throw new Error('Failed to fetch auth status')`
			`return res.json()`
			`}`

			`export async function loginWithPassword(username: string, password: string): Promise<string> {`
			`const res = await fetch('/api/auth/login', {`
			`method: 'POST',`
			`headers: { 'Content-Type': 'application/json' },`
			`body: JSON.stringify({ username, password }),`
			`})`
			`if (!res.ok) {`
			`const data = await res.json().catch(() => ({}))`
feat: add IP-based login brute-force protection (#531 ) 2026-05-08 18:29:43 +08:00			`const err: any = new Error(data.error \|\| 'Login failed')`
			`err.status = res.status`
			`throw err`
feat: add username/password login, account settings, and changelog (#133 ) (#134 ) 2026-04-22 20:27:33 +08:00			`}`
			`const data = await res.json()`
			`return data.token`
			`}`

			`export async function setupPassword(username: string, password: string): Promise<void> {`
			`return request('/api/auth/setup', {`
			`method: 'POST',`
			`body: JSON.stringify({ username, password }),`
			`})`
			`}`

			`export async function changePassword(currentPassword: string, newPassword: string): Promise<void> {`
			`return request('/api/auth/change-password', {`
			`method: 'POST',`
			`body: JSON.stringify({ currentPassword, newPassword }),`
			`})`
			`}`

			`export async function changeUsername(currentPassword: string, newUsername: string): Promise<void> {`
			`return request('/api/auth/change-username', {`
			`method: 'POST',`
			`body: JSON.stringify({ currentPassword, newUsername }),`
			`})`
			`}`

			`export async function removePassword(): Promise<void> {`
			`return request('/api/auth/password', {`
			`method: 'DELETE',`
			`})`
			`}`
feat: add IP-based login brute-force protection (#531 ) 2026-05-08 18:29:43 +08:00
			`export interface LockedIp {`
			`ip: string`
			`type: 'password' \| 'token'`
			`failures: number`
			`lockedUntil: number`
			`}`

			`export async function fetchLockedIps(): Promise<LockedIp[]> {`
			`const res = await request<{ locks: LockedIp[] }>('/api/auth/locked-ips')`
			`return res.locks`
			`}`

			`export async function unlockSpecificIp(ip: string): Promise<void> {`
			return request(`/api/auth/locked-ips?ip=${encodeURIComponent(ip)}`, {
			`method: 'DELETE',`
			`})`
			`}`

			`export async function unlockAllIps(): Promise<number> {`
			`const res = await request<{ count: number }>('/api/auth/locked-ips', {`
			`method: 'DELETE',`
			`})`
			`return res.count`
			`}`