feat(frontend) : admin middleware, fix avatar upload, centralize IRI extraction, remove Nitro proxy

- Add admin middleware protecting /admin page (ROLE_ADMIN check) - Fix useAvatarService to use useApi() with FormData detection - Create extractIdFromIri() utility, replace manual IRI parsing - Remove redundant Nitro devProxy (Vite proxy handles dev) Tickets: T-014, T-015, T-017, T-021 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 15:24:47 +01:00
parent fd3097cc26
commit 455121132d
8 changed files with 41 additions and 30 deletions
--- a/frontend/composables/useApi.ts
+++ b/frontend/composables/useApi.ts
@@ -177,13 +177,16 @@ export function useApi(): ApiClient {
  ) {
    const needsJsonBody = method === 'POST' || method === 'PUT'
    const needsMergePatch = method === 'PATCH'
+    const isFormData = typeof FormData !== 'undefined' && options.body instanceof FormData

    const headers = new Headers(options.headers as HeadersInit | undefined)

-    if (needsMergePatch && !headers.has('Content-Type')) {
-      headers.set('Content-Type', 'application/merge-patch+json')
-    } else if (needsJsonBody && !headers.has('Content-Type')) {
-      headers.set('Content-Type', 'application/json')
+    if (!isFormData) {
+      if (needsMergePatch && !headers.has('Content-Type')) {
+        headers.set('Content-Type', 'application/merge-patch+json')
+      } else if (needsJsonBody && !headers.has('Content-Type')) {
+        headers.set('Content-Type', 'application/json')
+      }
    }

    return client<T>(url, { ...options, method, headers })
--- a/frontend/composables/useAvatarService.ts
+++ b/frontend/composables/useAvatarService.ts
@@ -5,11 +5,13 @@ export function useAvatarService() {
        const formData = new FormData()
        formData.append('file', file, 'avatar.png')

-        return $fetch(`/api/users/${userId}/avatar`, {
-            method: 'POST',
-            body: formData,
-            credentials: 'include',
-        })
+        return api.post<{ avatarUrl: string }>(
+            `/users/${userId}/avatar`,
+            formData as unknown as Record<string, unknown>,
+            {
+                toastSuccessKey: 'profile.avatarUpdated',
+            }
+        )
    }

    async function remove(userId: number): Promise<void> {