Fix API client to use proper JSON endpoints

- Changed to /api/auth/send-code and /api/auth/verify - Properly check content-type is JSON - Check for success: true in response - Backend needs these endpoints added
2026-02-01 21:09:38 +00:00 · 2026-02-01 21:09:38 +00:00 · 56f86ccc7d
parent 257cc8e802
commit 56f86ccc7d
1 changed files with 35 additions and 59 deletions
--- a/lib/services/inou_api.dart
+++ b/lib/services/inou_api.dart
@ -44,31 +44,31 @@ class InouApi {
  Future<String?> sendLoginCode(String email) async {
    try {
      final response = await http.post(
-        Uri.parse('$baseUrl/send-code'),
+        Uri.parse('$baseUrl/api/auth/send-code'),
        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
+          'Content-Type': 'application/json',
          'Accept': 'application/json',
        },
-        body: {
+        body: jsonEncode({
          'email': email,
-          'nonce': DateTime.now().millisecondsSinceEpoch.toString(),
-        },
+        }),
      );
      
      debugPrint('send-code response: ${response.statusCode} ${response.body}');
      
-      if (response.statusCode == 200 || response.statusCode == 302) {
-        // Success - code was sent
-        return null;
+      // Check content type - must be JSON
+      final contentType = response.headers['content-type'] ?? '';
+      if (!contentType.contains('application/json')) {
+        return 'API not available (got HTML instead of JSON)';
      }
      
-      // Try to parse error from response
-      try {
-        final json = jsonDecode(response.body);
-        return json['error'] ?? 'Failed to send code';
-      } catch (_) {
-        return 'Failed to send code (${response.statusCode})';
+      final json = jsonDecode(response.body);
+      
+      if (response.statusCode == 200 && json['success'] == true) {
+        return null; // Success
      }
+      
+      return json['error'] ?? 'Failed to send code';
    } catch (e) {
      debugPrint('send-code error: $e');
      return 'Network error: ${e.toString()}';
@ -80,62 +80,38 @@ class InouApi {
  Future<String?> verifyCode(String email, String code) async {
    try {
      final response = await http.post(
-        Uri.parse('$baseUrl/verify'),
+        Uri.parse('$baseUrl/api/auth/verify'),
        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
+          'Content-Type': 'application/json',
          'Accept': 'application/json',
        },
-        body: {
+        body: jsonEncode({
          'email': email,
          'code': code,
-        },
+        }),
      );
      
-      debugPrint('verify response: ${response.statusCode}');
-      debugPrint('verify headers: ${response.headers}');
+      debugPrint('verify response: ${response.statusCode} ${response.body}');
      
-      if (response.statusCode == 200 || response.statusCode == 302) {
-        // Check for session cookie in response
-        final setCookie = response.headers['set-cookie'];
-        if (setCookie != null) {
-          // Parse session token from cookie
-          final sessionMatch = RegExp(r'session=([^;]+)').firstMatch(setCookie);
-          if (sessionMatch != null) {
-            _sessionToken = sessionMatch.group(1);
-            await _saveSession();
-            return null;
-          }
+      // Check content type - must be JSON
+      final contentType = response.headers['content-type'] ?? '';
+      if (!contentType.contains('application/json')) {
+        return 'API not available (got HTML instead of JSON)';
+      }
+      
+      final json = jsonDecode(response.body);
+      
+      if (response.statusCode == 200 && json['success'] == true) {
+        // Get session token from response
+        _sessionToken = json['token'] ?? json['session_token'];
+        _dossierId = json['dossier_id'];
+        if (_sessionToken != null) {
+          await _saveSession();
        }
-        
-        // Try to get token from JSON body
-        try {
-          final json = jsonDecode(response.body);
-          if (json['token'] != null) {
-            _sessionToken = json['token'];
-            _dossierId = json['dossier_id'];
-            await _saveSession();
-            return null;
-          }
-          if (json['session_token'] != null) {
-            _sessionToken = json['session_token'];
-            _dossierId = json['dossier_id'];
-            await _saveSession();
-            return null;
-          }
-        } catch (_) {}
-        
-        // Web redirect flow - we got success but need to handle differently
-        // For mobile, the server should return JSON with token
-        return null; // Assume success for now
+        return null; // Success
      }
      
-      // Try to parse error
-      try {
-        final json = jsonDecode(response.body);
-        return json['error'] ?? 'Invalid or expired code';
-      } catch (_) {
-        return 'Invalid or expired code';
-      }
+      return json['error'] ?? 'Invalid or expired code';
    } catch (e) {
      debugPrint('verify error: $e');
      return 'Network error: ${e.toString()}';