feat: consolidate frontend API layer, add query-client, and harden backend Fase 1

Frontend: - Consolidate duplicate API layers into single src/lib/axios.ts per app - Remove src/lib/api-client.ts and src/utils/api.ts (admin) - Add src/lib/query-client.ts with TanStack Query config per app - Update all imports and auto-import config Backend: - Fix organisations.billing_status default to 'trial' - Fix user_invitations.invited_by_user_id to nullOnDelete - Add MeResource with separated app_roles and pivot-based org roles - Add cross-org check to EventPolicy view() and update() - Restrict EventPolicy create/update to org_admin/event_manager (not org_member) - Attach creator as org_admin on organisation store - Add query scopes to Event and UserInvitation models - Improve factories with Dutch test data - Expand test suite from 29 to 41 tests (90 assertions) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 17:35:34 +02:00
parent 611c311854
commit 0d24506c89
36 changed files with 454 additions and 118 deletions
--- a/apps/app/src/composables/useEvents.ts
+++ b/apps/app/src/composables/useEvents.ts
@@ -1,5 +1,5 @@
 import { computed, ref } from 'vue'
-import { apiClient } from '@/lib/api-client'
+import { apiClient } from '@/lib/axios'
 import { useCurrentOrganisationId } from '@/composables/useOrganisationContext'
 import type { ApiResponse, Event, Pagination } from '@/types/events'

--- a/apps/app/src/lib/api-client.ts
+++ b/apps/app/src/lib/api-client.ts
@@ -2,11 +2,6 @@ import axios from 'axios'
 import { parse } from 'cookie-es'
 import type { AxiosInstance, InternalAxiosRequestConfig } from 'axios'

-/**
- * Single axios instance for the Laravel API (`VITE_API_URL`, e.g. …/api/v1).
- * Auth: Bearer token from cookie `accessToken` (set by login).
- * Use composables built on this client for real API calls; Vuexy `useApi` remains for demos/mocks.
- */
 const apiClient: AxiosInstance = axios.create({
  baseURL: import.meta.env.VITE_API_URL,
  headers: {
--- a/apps/app/src/lib/query-client.ts
+++ b/apps/app/src/lib/query-client.ts
@@ -0,0 +1,12 @@
+import type { VueQueryPluginOptions } from '@tanstack/vue-query'
+
+export const queryClientConfig: VueQueryPluginOptions = {
+  queryClientConfig: {
+    defaultOptions: {
+      queries: {
+        staleTime: 1000 * 60 * 5, // 5 minutes
+        retry: 1,
+      },
+    },
+  },
+}
--- a/apps/app/src/main.ts
+++ b/apps/app/src/main.ts
@@ -1,5 +1,6 @@
 import { createApp } from 'vue'
 import { VueQueryPlugin } from '@tanstack/vue-query'
+import { queryClientConfig } from '@/lib/query-client'

 import App from '@/App.vue'
 import { registerPlugins } from '@core/utils/plugins'
@@ -14,13 +15,7 @@ const app = createApp(App)
 // Register plugins
 registerPlugins(app)

-app.use(VueQueryPlugin, {
-  queryClientConfig: {
-    defaultOptions: {
-      queries: { staleTime: 1000 * 60 * 5, retry: 1 },
-    },
-  },
-})
+app.use(VueQueryPlugin, queryClientConfig)

 // Mount vue app
 app.mount('#app')
--- a/apps/app/src/pages/login.vue
+++ b/apps/app/src/pages/login.vue
@@ -10,7 +10,7 @@ import authV2MaskDark from '@images/pages/misc-mask-dark.png'
 import authV2MaskLight from '@images/pages/misc-mask-light.png'
 import { VNodeRenderer } from '@layouts/components/VNodeRenderer'
 import { themeConfig } from '@themeConfig'
-import { apiClient } from '@/lib/api-client'
+import { apiClient } from '@/lib/axios'
 import { emailValidator, requiredValidator } from '@core/utils/validators'

 definePage({
@@ -54,7 +54,7 @@ async function handleLogin() {
    })

    if (data.success && data.data) {
-      // Store token in cookie (api-client reads from accessToken cookie)
+      // Store token in cookie (axios interceptor reads from accessToken cookie)
      document.cookie = `accessToken=${data.data.token}; path=/`

      // Store user data in cookie if needed