import Foundation /// Authentifizierter HTTP-Transport. Setzt automatisch den `Authorization: Bearer`- /// Header, refreshed bei `401` einmal proaktiv und wiederholt den Request. /// /// Eine Instanz pro App-Backend (z.B. memoro-api, cards-api). Beim Init /// die Basis-URL des jeweiligen App-Servers übergeben, nicht die mana-auth-URL. public actor AuthenticatedTransport { private let baseURL: URL private let session: URLSession private let auth: AuthClient public init(baseURL: URL, auth: AuthClient, session: URLSession = .shared) { self.baseURL = baseURL self.session = session self.auth = auth } /// Führt einen authentifizierten Request aus. Bei `401` wird der /// Access-Token einmal refreshed und der Call wiederholt. public func request( path: String, method: String = "GET", body: Data? = nil, contentType: String = "application/json" ) async throws -> (Data, HTTPURLResponse) { let token = try await auth.freshAccessToken() let response = try await send(path: path, method: method, body: body, contentType: contentType, token: token) if response.1.statusCode == 401 { let refreshed = try await auth.refreshAccessToken() return try await send(path: path, method: method, body: body, contentType: contentType, token: refreshed) } return response } private func send( path: String, method: String, body: Data?, contentType: String, token: String ) async throws -> (Data, HTTPURLResponse) { var request = URLRequest(url: baseURL.appending(path: path)) request.httpMethod = method request.setValue("Bearer \(token)", forHTTPHeaderField: "Authorization") if let body { request.httpBody = body request.setValue(contentType, forHTTPHeaderField: "Content-Type") } do { let (data, response) = try await session.data(for: request) guard let http = response as? HTTPURLResponse else { throw AuthError.networkFailure("Keine HTTP-Antwort") } return (data, http) } catch let error as URLError { throw AuthError.networkFailure(error.localizedDescription) } } }