refactor: migrate all page.server.ts files to typed API client

All server-side fetch calls now go through createApiClient() from $lib/api.server.ts, which wraps openapi-fetch with the generated OpenAPI types. This means backend changes are reflected in the frontend after running npm run generate:api. - Add stub src/lib/generated/api.ts (replaced by generate:api output) - Fix GroupController: missing /api prefix and ResponseStatusException - Root, conversations, persons, documents pages all use typed client - Error handling uses apiError.code directly (no parseBackendError needed) - Edit page load uses typed client; PUT action keeps raw fetch (multipart) - Login keeps raw fetch (explicit Authorization header, not cookie auth) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 13:39:15 +01:00
parent 5d356cd694
commit d76248cffd
11 changed files with 220 additions and 259 deletions
--- a/frontend/src/routes/login/+page.server.ts
+++ b/frontend/src/routes/login/+page.server.ts
@@ -12,19 +12,16 @@ export const actions = {
            return fail(400, { error: 'Bitte Benutzername und Passwort eingeben.' });
        }

-        // Wir bauen den Basic Auth Header
        const credentials = btoa(`${username}:${password}`);
        const authHeader = `Basic ${credentials}`;

+        // Raw fetch is intentional here: we need to pass an explicit Authorization
+        // header built from the form data, not the cookie-based auth used elsewhere.
        try {
-            // Test-Request an das Backend (z.B. an den Upload-Endpunkt oder einen speziellen /me Endpunkt)
-            // Wir nutzen hier http://localhost:8080, da beide Container im selben Netz sind (oder localhost im DevContainer)
            const baseUrl = env.API_INTERNAL_URL || 'http://localhost:8080';
            const response = await fetch(`${baseUrl}/api/users/me`, {
                method: 'GET',
-                headers: {
-                    'Authorization': authHeader
-                }
+                headers: { Authorization: authHeader }
            });

            if (response.status === 401 || response.status === 403) {
@@ -35,22 +32,18 @@ export const actions = {
                return fail(500, { error: getErrorMessage('INTERNAL_ERROR') });
            }

-            // Login erfolgreich! Wir speichern den Header in einem Cookie.
-            // (In Produktion würde man hier ein Session-Token nutzen, aber für Basic Auth müssen wir es mitschleifen)
            cookies.set('auth_token', authHeader, {
                path: '/',
-                httpOnly: true, // JavaScript kann das Cookie nicht lesen (Schutz vor XSS)
+                httpOnly: true,
                sameSite: 'strict',
-                secure: false, // Auf true setzen, wenn wir HTTPS haben
-                maxAge: 60 * 60 * 24 // 1 Tag
+                secure: false, // set to true when HTTPS is available
+                maxAge: 60 * 60 * 24
            });
-
        } catch (e) {
            console.error(e);
            return fail(500, { error: getErrorMessage('INTERNAL_ERROR') });
        }

-        // Weiterleitung zur Startseite
        return redirect(303, '/');
    }
 } satisfies Actions;