/** * @copyright 2026 NHCarrigan * @license Naomi's Public License * @author Naomi Carrigan */ import { Injectable, signal, inject } from '@angular/core'; import { HttpClient, HttpHeaders } from '@angular/common/http'; import { Observable, switchMap, tap, of } from 'rxjs'; import { environment } from '../../environments/environment'; interface CsrfTokenResponse { csrfToken: string; } @Injectable({ providedIn: 'root' }) export class ApiService { private http = inject(HttpClient); private readonly apiUrl = environment.apiUrl; private csrfToken = signal(null); private getHeaders(): HttpHeaders { const headers: Record = { 'Content-Type': 'application/json' }; const token = this.csrfToken(); if (token) { headers['X-CSRF-Token'] = token; } return new HttpHeaders(headers); } private ensureCsrfToken(): Observable { const existingToken = this.csrfToken(); if (existingToken) { return of(existingToken); } return this.http.get(`${this.apiUrl}/auth/csrf-token`, { withCredentials: true }).pipe( tap(response => this.csrfToken.set(response.csrfToken)), switchMap(response => of(response.csrfToken)) ); } get(endpoint: string): Observable { return this.http.get(`${this.apiUrl}${endpoint}`, { headers: this.getHeaders(), withCredentials: true }); } post(endpoint: string, body: unknown): Observable { return this.ensureCsrfToken().pipe( switchMap(() => this.http.post(`${this.apiUrl}${endpoint}`, body, { headers: this.getHeaders(), withCredentials: true })) ); } put(endpoint: string, body: unknown): Observable { return this.ensureCsrfToken().pipe( switchMap(() => this.http.put(`${this.apiUrl}${endpoint}`, body, { headers: this.getHeaders(), withCredentials: true })) ); } delete(endpoint: string): Observable { return this.ensureCsrfToken().pipe( switchMap(() => this.http.delete(`${this.apiUrl}${endpoint}`, { headers: this.getHeaders(), withCredentials: true })) ); } clearCsrfToken(): void { this.csrfToken.set(null); } }