import { request } from './client' export interface AuthStatus { hasPasswordLogin: boolean hasUsers?: boolean } export async function fetchAuthStatus(): Promise { const res = await fetch('/api/auth/status') if (!res.ok) throw new Error('Failed to fetch auth status') return res.json() } export async function loginWithPassword(username: string, password: string): Promise { const res = await fetch('/api/auth/login', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ username, password }), }) if (!res.ok) { const data = await res.json().catch(() => ({})) const err: any = new Error(data.error || 'Login failed') err.status = res.status throw err } const data = await res.json() return data.token } export interface CurrentUser { id: number username: string role: UserRole status: UserStatus created_at: number updated_at: number last_login_at: number | null requiresCredentialChange?: boolean } export async function fetchCurrentUser(): Promise { const res = await request<{ user: CurrentUser }>('/api/auth/me') return res.user } export async function setupPassword(username: string, password: string): Promise { return request('/api/auth/setup', { method: 'POST', body: JSON.stringify({ username, password }), }) } export async function changePassword(currentPassword: string, newPassword: string): Promise { return request('/api/auth/change-password', { method: 'POST', body: JSON.stringify({ currentPassword, newPassword }), }) } export async function changeUsername(currentPassword: string, newUsername: string): Promise { return request('/api/auth/change-username', { method: 'POST', body: JSON.stringify({ currentPassword, newUsername }), }) } export async function removePassword(): Promise { return request('/api/auth/password', { method: 'DELETE', }) } export type UserRole = 'super_admin' | 'admin' export type UserStatus = 'active' | 'disabled' export interface ManagedUser { id: number username: string role: UserRole status: UserStatus profiles: string[] default_profile: string | null created_at: number updated_at: number last_login_at: number | null } export interface ManagedUsersResponse { users: ManagedUser[] profiles: string[] } export async function fetchManagedUsers(): Promise { return request('/api/auth/users') } export async function createManagedUser(input: { username: string password: string role: UserRole status: UserStatus profiles: string[] defaultProfile?: string | null }): Promise { const res = await request<{ users: ManagedUser[] }>('/api/auth/users', { method: 'POST', body: JSON.stringify(input), }) const current = await fetchManagedUsers() return { ...current, users: res.users } } export async function updateManagedUser(id: number, input: { username?: string password?: string role?: UserRole status?: UserStatus profiles?: string[] defaultProfile?: string | null }): Promise { const res = await request<{ users: ManagedUser[] }>(`/api/auth/users/${id}`, { method: 'PUT', body: JSON.stringify(input), }) const current = await fetchManagedUsers() return { ...current, users: res.users } } export async function deleteManagedUser(id: number): Promise { const res = await request<{ users: ManagedUser[] }>(`/api/auth/users/${id}`, { method: 'DELETE', }) const current = await fetchManagedUsers() return { ...current, users: res.users } } export interface LockedIp { ip: string type: 'password' | 'token' failures: number lockedUntil: number } export async function fetchLockedIps(): Promise { const res = await request<{ locks: LockedIp[] }>('/api/auth/locked-ips') return res.locks } export async function unlockSpecificIp(ip: string): Promise { return request(`/api/auth/locked-ips?ip=${encodeURIComponent(ip)}`, { method: 'DELETE', }) } export async function unlockAllIps(): Promise { const res = await request<{ count: number }>('/api/auth/locked-ips', { method: 'DELETE', }) return res.count }