client/src/api/client.ts

const BASE = "/api/v1";

function getToken(): string | null {
  return localStorage.getItem("accessToken");
}

export function setTokens(accessToken: string, refreshToken: string) {
  localStorage.setItem("accessToken", accessToken);
  localStorage.setItem("refreshToken", refreshToken);
}

export function clearTokens() {
  localStorage.removeItem("accessToken");
  localStorage.removeItem("refreshToken");
}

async function request<T>(
  path: string,
  options: RequestInit = {}
): Promise<T> {
  const token = getToken();
  const headers: Record<string, string> = {
    "Content-Type": "application/json",
    ...(options.headers as Record<string, string>),
  };
  if (token) headers["Authorization"] = `Bearer ${token}`;

  const res = await fetch(`${BASE}${path}`, { ...options, headers });

  if (!res.ok) {
    const body = await res.json().catch(() => ({}));
    const message = body?.error?.message ?? `HTTP ${res.status}`;
    throw new Error(message);
  }

  return res.json() as Promise<T>;
}

export const api = {
  get: <T>(path: string) => request<T>(path),
  post: <T>(path: string, body: unknown) =>
    request<T>(path, { method: "POST", body: JSON.stringify(body) }),
  put: <T>(path: string, body: unknown) =>
    request<T>(path, { method: "PUT", body: JSON.stringify(body) }),
  patch: <T>(path: string, body: unknown) =>
    request<T>(path, { method: "PATCH", body: JSON.stringify(body) }),
  delete: <T>(path: string) => request<T>(path, { method: "DELETE" }),
};
Add Milestones 1 & 2: full-stack POS foundation with admin UI - Node/Express/TypeScript API under /api/v1 with JWT auth (login, refresh, logout, /me) - Prisma schema: vendors, users, roles, products, categories, taxes, transactions - SQLite for local dev; Postgres via docker-compose for production - Full CRUD routes for vendors, users, categories, taxes, products with Zod validation and RBAC - Paginated list endpoints scoped per vendor; refresh token rotation - React/TypeScript admin SPA (Vite): login, protected routing, sidebar layout - Pages: Dashboard, Catalog (tabbed Products/Categories/Taxes), Users, Vendor Settings - Shared UI: Table, Modal, FormField, Btn, PageHeader components - Multi-stage Dockerfile; docker-compose with Postgres healthcheck - Seed script with demo vendor and owner account - INSTRUCTIONS.md, ROADMAP.md, .claude/launch.json for dev server config Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-20 23:18:04 -05:00			`const BASE = "/api/v1";`

			`function getToken(): string \| null {`
			`return localStorage.getItem("accessToken");`
			`}`

			`export function setTokens(accessToken: string, refreshToken: string) {`
			`localStorage.setItem("accessToken", accessToken);`
			`localStorage.setItem("refreshToken", refreshToken);`
			`}`

			`export function clearTokens() {`
			`localStorage.removeItem("accessToken");`
			`localStorage.removeItem("refreshToken");`
			`}`

			`async function request<T>(`
			`path: string,`
			`options: RequestInit = {}`
			`): Promise<T> {`
			`const token = getToken();`
			`const headers: Record<string, string> = {`
			`"Content-Type": "application/json",`
			`...(options.headers as Record<string, string>),`
			`};`
			if (token) headers["Authorization"] = `Bearer ${token}`;

			const res = await fetch(`${BASE}${path}`, { ...options, headers });

			`if (!res.ok) {`
			`const body = await res.json().catch(() => ({}));`
			const message = body?.error?.message ?? `HTTP ${res.status}`;
			`throw new Error(message);`
			`}`

			`return res.json() as Promise<T>;`
			`}`

			`export const api = {`
			`get: <T>(path: string) => request<T>(path),`
			`post: <T>(path: string, body: unknown) =>`
			`request<T>(path, { method: "POST", body: JSON.stringify(body) }),`
			`put: <T>(path: string, body: unknown) =>`
			`request<T>(path, { method: "PUT", body: JSON.stringify(body) }),`
			`patch: <T>(path: string, body: unknown) =>`
			`request<T>(path, { method: "PATCH", body: JSON.stringify(body) }),`
			`delete: <T>(path: string) => request<T>(path, { method: "DELETE" }),`
			`};`