import axios from 'axios'; // Einheitliche Basis-URL: // - immer relativ zur aktuellen Origin // - kein absoluter http/https-Host → verhindert Mixed-Content-Probleme axios.defaults.baseURL = '/api'; console.log('Axios baseURL:', axios.defaults.baseURL); function clearStoredLogin() { localStorage.removeItem('isLoggedIn'); localStorage.removeItem('user'); localStorage.removeItem('token'); delete axios.defaults.headers.common.Authorization; } function getTokenPayload(token) { try { const payload = token.split('.')[1]; const normalized = payload.replace(/-/g, '+').replace(/_/g, '/'); const padded = normalized.padEnd(normalized.length + (4 - normalized.length % 4) % 4, '='); return JSON.parse(atob(padded)); } catch (error) { return null; } } function isTokenUsable(token) { if (!token || token === 'undefined' || token === 'null') { return false; } const payload = getTokenPayload(token); if (!payload || !payload.exp) { return true; } return payload.exp * 1000 > Date.now(); } axios.interceptors.request.use( config => { const token = localStorage.getItem('token'); config.headers = config.headers || {}; if (token) { if (isTokenUsable(token)) { config.headers.Authorization = `Bearer ${token}`; } else { clearStoredLogin(); delete config.headers.Authorization; } } return config; }, error => { return Promise.reject(error); } ); axios.interceptors.response.use( response => { return response; }, error => { const requestUrl = error.config?.url || ''; const isLoginRequest = requestUrl.includes('/auth/login'); const isLogoutRequest = requestUrl.includes('/auth/logout'); const hasStoredToken = isTokenUsable(localStorage.getItem('token')); const hadAuthHeader = !!error.config?.headers?.Authorization; if ( error.response && error.response.status === 401 && !isLoginRequest && !isLogoutRequest && (hasStoredToken || hadAuthHeader) ) { clearStoredLogin(); if (window.location.pathname !== '/auth/login') { window.location.replace('/auth/login'); } } return Promise.reject(error); } ); export default axios;