websockets + chat app (django)

frontend/src/api/Client.ts

@@ -3,8 +3,7 @@ import axios from "axios";
 // --- ENV CONFIG ---
 const API_BASE_URL =
   import.meta.env.VITE_API_BASE_URL || "http://localhost:8000";
-const REFRESH_URL =
-  import.meta.env.VITE_API_REFRESH_URL || "/api/token/refresh/";
+
 const LOGIN_PATH = import.meta.env.VITE_LOGIN_PATH || "/login";
 
 
@@ -30,6 +29,7 @@ function notifyError(detail: ApiErrorDetail) {
 function onError(handler: ApiErrorHandler) {
   const wrapped = handler as EventListener;
   window.addEventListener(ERROR_EVENT, wrapped as EventListener);
+
   return () => window.removeEventListener(ERROR_EVENT, wrapped);
 }
 
@@ -38,7 +38,7 @@ function onError(handler: ApiErrorHandler) {
 function createAxios(baseURL: string): any {
   const instance = axios.create({
     baseURL,
-    withCredentials: true, // <-- always true
+    withCredentials: true, // cookies
     headers: {
       "Content-Type": "application/json",
     },
@@ -51,12 +51,14 @@ function createAxios(baseURL: string): any {
 const apiPublic = createAxios(API_BASE_URL);
 const apiAuth = createAxios(API_BASE_URL);
 
+
 // --- REQUEST INTERCEPTOR (PUBLIC) ---
 // Ensure no Authorization header is ever sent by the public client
 apiPublic.interceptors.request.use(function (config: any) {
   if (config?.headers && (config.headers as any).Authorization) {
     delete (config.headers as any).Authorization;
   }
+
   return config;
 });
 
@@ -64,6 +66,7 @@ apiPublic.interceptors.request.use(function (config: any) {
 // Do not attach Authorization header; rely on cookies set by Django.
 apiAuth.interceptors.request.use(function (config: any) {
   (config as any)._retryCount = (config as any)._retryCount || 0;
+
   return config;
 });
 
@@ -76,16 +79,18 @@ apiAuth.interceptors.response.use(
   async function (error: any) {
     if (!error.response) {
       alert("Backend connection is unavailable. Please check your network.");
+
       notifyError({
         message: "Network error or backend unavailable",
         url: error.config?.url,
       });
+
       return Promise.reject(error);
     }
 
     const status = error.response.status;
     if (status === 401) {
-      clearTokens(); // optional: clear cookies client-side
+      ClearTokens();
       window.location.assign(LOGIN_PATH);
       return Promise.reject(error);
     }
@@ -130,35 +135,37 @@ apiPublic.interceptors.response.use(
   }
 );
 
-// --- TOKEN HELPERS (NO-OPS) ---
-// Django sets/rotates cookies server-side. Keep API surface to avoid breaking imports.
-function setTokens(_access?: string, _refresh?: string) {
-  // no-op: cookies are managed by Django
-}
-function clearTokens() {
-  // optional: try to clear auth cookies client-side; server should also clear on logout
+
+
+
+function Logout() {
   try {
-    document.cookie = "access_token=; Max-Age=0; path=/";
-    document.cookie = "refresh_token=; Max-Age=0; path=/";
-  } catch {
-    // ignore
+    const LogOutResponse = apiAuth.post("/api/logout/");
+
+    if (LogOutResponse.body.detail != "Logout successful") {
+      throw new Error("Logout failed");
+    }
+
+    ClearTokens();
+
+  } catch (error) {
+    console.error("Error during logout:", error);
   }
 }
-function getAccessToken(): string | null {
-  // no Authorization header is used; rely purely on cookies
-  return null;
+
+function ClearTokens(){
+  document.cookie = "access_token=; Max-Age=0; path=/";
+  document.cookie = "refresh_token=; Max-Age=0; path=/";
 }
 
+
 // --- EXPORT DEFAULT API WRAPPER ---
 const Client = {
   // Axios instances
   auth: apiAuth,
   public: apiPublic,
 
-  // Token helpers (kept for compatibility; now no-ops)
-  setTokens,
-  clearTokens,
-  getAccessToken,
+  Logout,
 
   // Error subscription
   onError,