import { API_URL } from "@/config";


// Auth fetch wrapper
export const authFetch = async (url, options = {}, retry = true) => {
  const res = await fetch(url, {
    ...options,
    credentials: "include", // cookie goes automatically
  });

  if (res.status === 401 && retry) {
    // attempt refresh
    try {
      const refreshRes = await fetch(`${API_URL}/refresh`, {
        method: "POST",
        credentials: "include",
      });

      if (!refreshRes.ok) throw new Error("Refresh failed");

      // Retry original request once after refresh
      return authFetch(url, options, false);
    } catch (err) {
      console.error("Refresh token failed:", err);
      return res;
    }
  }

  return res;
};

// Refresh token function (HttpOnly cookie flow)
export async function refreshAccessToken() {
  try {
    const res = await fetch(`${API_URL}/refresh`, {
      method: "POST",
      credentials: "include", // send HttpOnly cookies
    });

    if (!res.ok) {
      throw new Error("Failed to refresh token");
    }

    // Typically the server just updates the cookie
    // It may return a new access token too, but we don’t store it client-side.
    return true; 
  } catch (err) {
    console.error("Refresh token failed:", err);
    return false;
  }
}