@access-dlsu/leapify 0.260605.2 → 0.260608.2

package/dist/client/index.cjs

@@ -1,476 +1,575 @@
-'use strict';
-
-require('../chunk-Q7SFCCGT.cjs');
-var client = require('better-auth/client');
-
-var AUTH_TOKEN_KEY = "better-auth.session_token";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+let better_auth_client = require("better-auth/client");
+//#region src/client/auth.ts
+/**
+* Better Auth client helper for Leapify API consumers.
+*
+* This module is **browser-safe** — no Cloudflare, Drizzle, or Hono deps.
+* It wraps Better Auth's client SDK with the bearer plugin so that tokens
+* can be stored and retrieved as plain strings (no cookie dependency on
+* the consumer's frontend).
+*
+* @example
+* // lib/auth.ts (frontend)
+* import { createLeapifyAuthClient, signInWithGoogleRedirect } from 'leapify/client'
+*
+* export const authClient = createLeapifyAuthClient(process.env.NEXT_PUBLIC_API_URL!)
+*
+* // Redirect-based Google sign-in:
+* await signInWithGoogleRedirect(authClient, '/dashboard')
+*/
+const AUTH_TOKEN_KEY = "better-auth.session_token";
+/**
+* Create a Better Auth client bound to the Leapify Worker URL.
+*
+* It uses the 'Bearer' auth type to send the stored session token
+* in the Authorization header.
+*/
 function createLeapifyAuthClient(baseUrl) {
-  return client.createAuthClient({
-    baseURL: baseUrl,
-    fetchOptions: {
-      auth: {
-        type: "Bearer",
-        token: () => {
-          if (typeof window !== "undefined") {
-            return localStorage.getItem(AUTH_TOKEN_KEY) || "";
-          }
-          return "";
-        }
-      }
-    }
-  });
+	return (0, better_auth_client.createAuthClient)({
+		baseURL: baseUrl,
+		fetchOptions: { auth: {
+			type: "Bearer",
+			token: () => {
+				if (typeof window !== "undefined") return localStorage.getItem(AUTH_TOKEN_KEY) || "";
+				return "";
+			}
+		} }
+	});
 }
+/**
+* Sign in with Google via OAuth redirect flow.
+*
+* Redirects the browser to Google's OAuth page. After authentication,
+* Google redirects back to the Better Auth callback endpoint, which
+* creates a session and redirects to `callbackURL`.
+*
+* Call `syncCookieSessionToStorage()` on app init to restore the
+* session from the cookie after a redirect-based sign-in.
+*
+* @param authClient - Client created by createLeapifyAuthClient
+* @param callbackURL - Path or URL to redirect to after successful auth (e.g. '/dashboard')
+*
+* @example
+* import { signInWithGoogleRedirect } from 'leapify/client'
+*
+* document.getElementById('google-btn').onclick = () => {
+*   signInWithGoogleRedirect(authClient, '/dashboard')
+* }
+*/
 async function signInWithGoogleRedirect(authClient, callbackURL) {
-  await authClient.signIn.social({
-    provider: "google",
-    callbackURL
-  });
+	await authClient.signIn.social({
+		provider: "google",
+		callbackURL
+	});
 }
+/**
+* Sync a cookie-based Better Auth session into localStorage.
+*
+* After an OAuth redirect flow, Better Auth stores the session in an
+* HTTP-only cookie. This function reads that session via `getSession()`
+* and stores the token in localStorage so that subsequent API calls
+* using the Bearer token work correctly.
+*
+* Call this once on app initialization, before `initializeSession()`.
+*
+* @param authClient - Client created by createLeapifyAuthClient
+*
+* @example
+* import { syncCookieSessionToStorage, initializeSession } from 'leapify/client'
+*
+* // On app mount:
+* await syncCookieSessionToStorage(authClient)
+* const user = await initializeSession(API_URL, getToken)
+*/
 async function syncCookieSessionToStorage(authClient) {
-  try {
-    const result = await authClient.getSession();
-    const data = result?.data;
-    const token = data?.session?.token;
-    if (token) {
-      localStorage.setItem(AUTH_TOKEN_KEY, token);
-    }
-  } catch {
-  }
+	try {
+		const token = ((await authClient.getSession())?.data)?.session?.token;
+		if (token) localStorage.setItem(AUTH_TOKEN_KEY, token);
+	} catch {}
 }
+/**
+* Get the current bearer token from storage, or null for guests.
+* Pass this to `createLeapifyClient` as the `getToken` option.
+*
+* @example
+* import { createLeapifyClient } from 'leapify/client'
+* import { createLeapifyAuthClient, getLeapifyToken } from 'leapify/client'
+*
+* const authClient = createLeapifyAuthClient(API_URL)
+* const api = createLeapifyClient(API_URL, () => getLeapifyToken(authClient))
+*/
 async function getLeapifyToken(authClient) {
-  if (typeof window !== "undefined") {
-    return localStorage.getItem(AUTH_TOKEN_KEY);
-  }
-  return null;
+	if (typeof window !== "undefined") return localStorage.getItem(AUTH_TOKEN_KEY);
+	return null;
 }
+/**
+* Sign out the current user.
+*/
 async function signOut(authClient) {
-  const result = await authClient.signOut();
-  if (typeof window !== "undefined") {
-    localStorage.removeItem(AUTH_TOKEN_KEY);
-  }
-  return result;
+	const result = await authClient.signOut();
+	if (typeof window !== "undefined") localStorage.removeItem(AUTH_TOKEN_KEY);
+	return result;
 }
-
-// src/client/turnstile.ts
-var TURNSTILE_VERIFY_PATH = "/.well-known/leapify/turnstile/verify";
+//#endregion
+//#region src/client/turnstile.ts
+const TURNSTILE_VERIFY_PATH = "/.well-known/leapify/turnstile/verify";
 function getTurnstileSiteKey() {
-  const config = window.__CONFIG__;
-  return config?.turnstileSiteKey;
+	return window.__CONFIG__?.turnstileSiteKey;
 }
 function loadTurnstileScript() {
-  return new Promise((resolve, reject) => {
-    if (typeof window.turnstile !== "undefined") {
-      resolve();
-      return;
-    }
-    const script = document.createElement("script");
-    script.src = "https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit";
-    script.async = true;
-    script.defer = true;
-    script.onload = () => resolve();
-    script.onerror = () => reject(new Error("Failed to load Turnstile script"));
-    document.head.appendChild(script);
-  });
+	return new Promise((resolve, reject) => {
+		if (typeof window.turnstile !== "undefined") {
+			resolve();
+			return;
+		}
+		const script = document.createElement("script");
+		script.src = "https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit";
+		script.async = true;
+		script.defer = true;
+		script.onload = () => resolve();
+		script.onerror = () => reject(/* @__PURE__ */ new Error("Failed to load Turnstile script"));
+		document.head.appendChild(script);
+	});
 }
 function executeTurnstile(siteKey) {
-  let widgetId;
-  const cleanup = () => {
-    if (widgetId && typeof window.turnstile?.remove === "function") {
-      window.turnstile.remove(widgetId);
-    }
-    const el = document.getElementById("leapify-turnstile-container");
-    el?.remove();
-  };
-  return new Promise((resolve) => {
-    const container = document.createElement("div");
-    container.id = "leapify-turnstile-container";
-    container.style.display = "none";
-    document.body.appendChild(container);
-    const timer = setTimeout(() => {
-      cleanup();
-      resolve("");
-    }, 3e3);
-    widgetId = window.turnstile.render(`#${container.id}`, {
-      sitekey: siteKey,
-      callback: (token) => {
-        clearTimeout(timer);
-        cleanup();
-        resolve(token);
-      }
-    });
-  });
+	let widgetId;
+	const cleanup = () => {
+		if (widgetId && typeof window.turnstile?.remove === "function") window.turnstile.remove(widgetId);
+		document.getElementById("leapify-turnstile-container")?.remove();
+	};
+	return new Promise((resolve) => {
+		const container = document.createElement("div");
+		container.id = "leapify-turnstile-container";
+		container.style.display = "none";
+		document.body.appendChild(container);
+		const timer = setTimeout(() => {
+			cleanup();
+			resolve("");
+		}, 3e3);
+		widgetId = window.turnstile.render(`#${container.id}`, {
+			sitekey: siteKey,
+			callback: (token) => {
+				clearTimeout(timer);
+				cleanup();
+				resolve(token);
+			}
+		});
+	});
 }
+/**
+* Solve a Turnstile challenge and obtain a signed cookie from the backend.
+*
+* Loads the Turnstile script (if not already loaded), executes an invisible
+* challenge, and posts the token to the backend verify endpoint. The server
+* sets a signed cookie that bypasses Turnstile for subsequent requests.
+*
+* Call once on app initialization before any API requests.
+*
+* @param baseUrl - The Leapify Worker URL. If omitted, uses the current origin.
+* @param siteKey - Turnstile site key. If omitted, reads from window.__CONFIG__.
+* @returns `true` if the challenge was solved and cookie was set.
+*/
 async function solveTurnstileChallenge(baseUrl, siteKey) {
-  siteKey = siteKey ?? getTurnstileSiteKey();
-  if (!siteKey) return false;
-  const base = baseUrl?.replace(/\/$/, "") ?? "";
-  try {
-    await loadTurnstileScript();
-    const token = await executeTurnstile(siteKey);
-    if (!token) return false;
-    const res = await fetch(`${base}${TURNSTILE_VERIFY_PATH}`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ token }),
-      credentials: "include"
-    });
-    return res.ok;
-  } catch {
-    return false;
-  }
+	siteKey = siteKey ?? getTurnstileSiteKey();
+	if (!siteKey) return false;
+	const base = baseUrl?.replace(/\/$/, "") ?? "";
+	try {
+		await loadTurnstileScript();
+		const token = await executeTurnstile(siteKey);
+		if (!token) return false;
+		return (await fetch(`${base}${TURNSTILE_VERIFY_PATH}`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify({ token }),
+			credentials: "include"
+		})).ok;
+	} catch {
+		return false;
+	}
 }
-
-// src/client/session.ts
+//#endregion
+//#region src/client/session.ts
+/**
+* Initialize a browser session: restore existing token and fetch profile.
+*
+* @param baseUrl - The Leapify Worker URL.
+* @param getToken - Async function returning the current session token, or null.
+* @returns The authenticated user profile, or null if not signed in.
+*/
 async function initializeSession(baseUrl, getToken) {
-  const token = await getToken();
-  if (!token) return null;
-  const base = baseUrl.replace(/\/$/, "");
-  const res = await fetch(`${base}/api/users/me`, {
-    headers: { Authorization: `Bearer ${token}` }
-  });
-  if (!res.ok) return null;
-  const body = await res.json().catch(() => ({}));
-  return body.data ?? null;
+	const token = await getToken();
+	if (!token) return null;
+	const base = baseUrl.replace(/\/$/, "");
+	const res = await fetch(`${base}/api/users/me`, { headers: { Authorization: `Bearer ${token}` } });
+	if (!res.ok) return null;
+	return (await res.json().catch(() => ({}))).data ?? null;
 }
-
-// src/client/index.ts
+//#endregion
+//#region src/client/index.ts
+/**
+* Read the runtime config injected by the worker into HTML pages.
+* Returns null if not running in a browser or config not injected.
+*/
 function getClientConfig() {
-  if (typeof window === "undefined") return null;
-  const config = window.__CONFIG__;
-  if (!config || typeof config !== "object") return null;
-  return config;
+	if (typeof window === "undefined") return null;
+	const config = window.__CONFIG__;
+	if (!config || typeof config !== "object") return null;
+	return config;
 }
+/**
+* Structured error thrown by all client methods on non-2xx responses.
+*
+* @example
+* import { LeapifyApiError } from 'leapify/client'
+*
+* try {
+*   await api.toggleBookmark(eventId)
+* } catch (err) {
+*   if (err instanceof LeapifyApiError && err.code === 'UNAUTHORIZED') {
+*     // redirect to sign-in
+*   }
+* }
+*/
 var LeapifyApiError = class extends Error {
-  constructor(status, code, message) {
-    super(message);
-    this.status = status;
-    this.code = code;
-    this.name = "LeapifyApiError";
-  }
+	status;
+	code;
+	constructor(status, code, message) {
+		super(message);
+		this.status = status;
+		this.code = code;
+		this.name = "LeapifyApiError";
+	}
 };
-var LEAPIFY_ERROR_CODES = {
-  UNAUTHORIZED: "UNAUTHORIZED",
-  DOMAIN_RESTRICTED: "DOMAIN_RESTRICTED",
-  FORBIDDEN: "FORBIDDEN",
-  NOT_FOUND: "NOT_FOUND",
-  CONFLICT: "CONFLICT",
-  TOO_MANY_REQUESTS: "TOO_MANY_REQUESTS",
-  SERVICE_UNAVAILABLE: "SERVICE_UNAVAILABLE",
-  INTERNAL_ERROR: "INTERNAL_ERROR"
+const LEAPIFY_ERROR_CODES = {
+	UNAUTHORIZED: "UNAUTHORIZED",
+	DOMAIN_RESTRICTED: "DOMAIN_RESTRICTED",
+	FORBIDDEN: "FORBIDDEN",
+	NOT_FOUND: "NOT_FOUND",
+	CONFLICT: "CONFLICT",
+	TOO_MANY_REQUESTS: "TOO_MANY_REQUESTS",
+	SERVICE_UNAVAILABLE: "SERVICE_UNAVAILABLE",
+	INTERNAL_ERROR: "INTERNAL_ERROR"
 };
 async function buildHeaders(getToken, extra = {}) {
-  const headers = {
-    "Content-Type": "application/json",
-    ...extra
-  };
-  if (getToken) {
-    const token = await getToken();
-    if (token) headers["Authorization"] = `Bearer ${token}`;
-  }
-  return headers;
+	const headers = {
+		"Content-Type": "application/json",
+		...extra
+	};
+	if (getToken) {
+		const token = await getToken();
+		if (token) headers["Authorization"] = `Bearer ${token}`;
+	}
+	return headers;
 }
 async function parseResponse(res) {
-  if (res.status === 204) return void 0;
-  const body = await res.json().catch(() => ({}));
-  if (!res.ok) {
-    const err = body?.error;
-    throw new LeapifyApiError(
-      res.status,
-      err?.code ?? "UNKNOWN",
-      err?.message ?? res.statusText
-    );
-  }
-  return body.data;
+	if (res.status === 204) return void 0;
+	const body = await res.json().catch(() => ({}));
+	if (!res.ok) {
+		const err = body?.error;
+		throw new LeapifyApiError(res.status, err?.code ?? "UNKNOWN", err?.message ?? res.statusText);
+	}
+	return body.data;
 }
+/**
+* Creates a typed Leapify API client bound to a base URL.
+*
+* @param baseUrl - The deployed Leapify Worker URL (e.g. `https://api.leap.yourdomain.com`).
+* @param getToken - Optional async function that returns a session token string,
+*   or null for guest requests. Use `getLeapifyToken()` from this module.
+*
+* @example
+* // lib/api.ts
+* import { createLeapifyClient, getLeapifyToken } from 'leapify/client'
+*
+* export const api = createLeapifyClient(
+*   process.env.NEXT_PUBLIC_API_URL!,
+*   () => getLeapifyToken(),
+* )
+*/
 function createLeapifyClient(baseUrl, getToken) {
-  const base = baseUrl.replace(/\/$/, "");
-  async function get(path, init) {
-    const headers = await buildHeaders(getToken, init?.headers);
-    const res = await fetch(`${base}${path}`, { ...init, method: "GET", headers });
-    return parseResponse(res);
-  }
-  async function post(path, body) {
-    const headers = await buildHeaders(getToken);
-    const res = await fetch(`${base}${path}`, {
-      method: "POST",
-      headers,
-      ...body !== void 0 ? { body: JSON.stringify(body) } : {}
-    });
-    return parseResponse(res);
-  }
-  async function postFormData(path, formData) {
-    const headers = {};
-    if (getToken) {
-      const token = await getToken();
-      if (token) headers["Authorization"] = `Bearer ${token}`;
-    }
-    const res = await fetch(`${base}${path}`, {
-      method: "POST",
-      headers,
-      body: formData
-    });
-    return parseResponse(res);
-  }
-  async function patch(path, body) {
-    const headers = await buildHeaders(getToken);
-    const res = await fetch(`${base}${path}`, {
-      method: "PATCH",
-      headers,
-      body: JSON.stringify(body)
-    });
-    return parseResponse(res);
-  }
-  async function del(path) {
-    const headers = await buildHeaders(getToken);
-    const res = await fetch(`${base}${path}`, { method: "DELETE", headers });
-    return parseResponse(res);
-  }
-  return {
-    // ── Site Config ────────────────────────────────────────────────────────
-    /**
-     * GET /config
-     * Returns site-wide configuration. Check `maintenanceMode` and
-     * `comingSoonUntil` on app load to gate the UI appropriately.
-     * Use `now` (server unix epoch) for timestamp comparisons.
-     */
-    getConfig() {
-      return get("/api/config");
-    },
-    /**
-     * PATCH /api/config/:key — admin only.
-     * Upserts a site config value. Requires admin or super_admin role.
-     */
-    updateConfig(key, value) {
-      return patch(`/api/config/${encodeURIComponent(key)}`, { value });
-    },
-    // ── Events ─────────────────────────────────────────────────────────────
-    /**
-     * GET /api/classes
-     * Returns all published classes. Response is ETag-cached for 7 days.
-     */
-    getEvents() {
-      return get("/api/classes");
-    },
-    /**
-     * GET /api/classes/admin — admin only.
-     * Returns all classes regardless of status.
-     */
-    getAdminEvents() {
-      return get("/api/classes/admin");
-    },
-    /**
-     * POST /api/classes/admin/publish — admin only.
-     * Batch publish queued classes immediately or schedule them for later.
-     */
-    batchPublish(ids, releaseAt) {
-      return post("/api/classes/admin/publish", { ids, releaseAt });
-    },
-    /**
-     * GET /api/classes/:slug
-     * Returns a single published class by slug.
-     */
-    getEvent(slug) {
-      return get(`/api/classes/${encodeURIComponent(slug)}`);
-    },
-    /**
-     * GET /api/classes/:slug/slots
-     * Returns real-time slot availability. CF edge caches this for 5 seconds.
-     * Poll every 8–10 seconds on class detail pages.
-     */
-    getSlots(slug) {
-      return get(`/api/classes/${encodeURIComponent(slug)}/slots`);
-    },
-    /**
-     * POST /api/classes/:slug/reconcile — admin only.
-     * Corrects slot count for a single event by fetching the real Google Forms response count.
-     */
-    reconcileEvent(slug) {
-      return post(`/api/classes/${encodeURIComponent(slug)}/reconcile`);
-    },
-    /**
-     * POST /api/classes — admin only.
-     * Creates a new class. Auto-generates slug from title.
-     */
-    createEvent(data) {
-      return post("/api/classes", data);
-    },
-    /**
-     * PATCH /api/classes/:slug — admin only.
-     * Updates an existing class by slug.
-     */
-    updateEvent(slug, data) {
-      return patch(`/api/classes/${encodeURIComponent(slug)}`, data);
-    },
-    /**
-     * DELETE /api/classes/:slug — admin only.
-     * Deletes a class.
-     */
-    deleteEvent(slug) {
-      return del(`/api/classes/${encodeURIComponent(slug)}`);
-    },
-    // ── Themes ─────────────────────────────────────────────────────────────
-    /**
-     * GET /api/themes
-     * Returns all themes.
-     */
-    getThemes() {
-      return get("/api/themes");
-    },
-    /**
-     * POST /api/themes — admin only.
-     */
-    createTheme(data) {
-      return post("/api/themes", data);
-    },
-    /**
-     * PATCH /api/themes/:id — admin only.
-     */
-    updateTheme(id, data) {
-      return patch(`/api/themes/${encodeURIComponent(id)}`, data);
-    },
-    /**
-     * DELETE /api/themes/:id — admin only.
-     */
-    deleteTheme(id) {
-      return del(`/api/themes/${encodeURIComponent(id)}`);
-    },
-    // ── Organizations ──────────────────────────────────────────────────────
-    /**
-     * GET /api/organizations
-     * Returns all organizations.
-     */
-    getOrganizations() {
-      return get("/api/organizations");
-    },
-    /**
-     * POST /api/organizations — admin only.
-     */
-    createOrganization(data) {
-      return post("/api/organizations", data);
-    },
-    /**
-     * PATCH /api/organizations/:id — admin only.
-     */
-    updateOrganization(id, data) {
-      return patch(`/api/organizations/${encodeURIComponent(id)}`, data);
-    },
-    /**
-     * DELETE /api/organizations/:id — admin only.
-     */
-    deleteOrganization(id) {
-      return del(`/api/organizations/${encodeURIComponent(id)}`);
-    },
-    // ── Users ──────────────────────────────────────────────────────────────
-    /**
-     * GET /api/users/me
-     * Returns the authenticated user's profile, or null for guests.
-     * Use `profile.role` to gate admin UI.
-     */
-    getMe() {
-      return get("/api/users/me");
-    },
-    // ── Admin: User Management ────────────────────────────────────────────
-    /**
-     * GET /api/users — admin only.
-     * Returns all registered users.
-     */
-    getUsers() {
-      return get("/api/users");
-    },
-    /**
-     * PATCH /api/users/:id/role — admin only.
-     * Changes a user's role.
-     */
-    updateUserRole(id, role) {
-      return patch(`/api/users/${encodeURIComponent(id)}/role`, { role });
-    },
-    /**
-     * POST /api/users/by-email — admin only.
-     * Finds or creates a user by email and sets their role.
-     */
-    upsertUserByEmail(email, role) {
-      return post("/api/users/by-email", { email, role });
-    },
-    // ── Bookmarks ──────────────────────────────────────────────────────────
-    /**
-     * GET /api/users/me/bookmarks
-     * Returns the authenticated user's bookmarked events.
-     * Returns an empty array for unauthenticated users.
-     */
-    getBookmarks() {
-      return get("/api/users/me/bookmarks");
-    },
-    /**
-     * POST /api/users/me/bookmarks/:eventId
-     * Toggles a bookmark on/off. Requires authentication.
-     * Returns `{ bookmarked: true }` (201) on add, `{ bookmarked: false }` (200) on remove.
-     */
-    toggleBookmark(eventId) {
-      return post(
-        `/api/users/me/bookmarks/${encodeURIComponent(eventId)}`
-      );
-    },
-    /**
-     * DELETE /api/users/me/bookmarks/:eventId
-     * Removes a bookmark. Requires authentication.
-     */
-    deleteBookmark(eventId) {
-      return del(
-        `/api/users/me/bookmarks/${encodeURIComponent(eventId)}`
-      );
-    },
-    // ── FAQs ───────────────────────────────────────────────────────────────
-    /**
-     * GET /api/faqs
-     * Returns all active FAQs. Cached in KV for 10 minutes.
-     * The `answer` field is markdown — render with a markdown library.
-     */
-    getFaqs() {
-      return get("/api/faqs");
-    },
-    /**
-     * POST /api/faqs — admin only.
-     * Creates a new FAQ item.
-     */
-    createFaq(data) {
-      return post("/api/faqs", data);
-    },
-    /**
-     * PATCH /api/faqs/:id — admin only.
-     * Updates an existing FAQ item.
-     */
-    updateFaq(id, data) {
-      return patch(`/api/faqs/${encodeURIComponent(id)}`, data);
-    },
-    /**
-     * DELETE /api/faqs/:id — admin only.
-     * Soft-deletes a FAQ (sets isActive: false).
-     */
-    deleteFaq(id) {
-      return del(`/api/faqs/${encodeURIComponent(id)}`);
-    },
-    // ── Uploads ────────────────────────────────────────────────────────────
-    /**
-     * POST /api/uploads/images — admin only.
-     * Uploads an image file to R2. Accepts multipart/form-data.
-     * Returns the public URL, storage key, size, and content type.
-     */
-    uploadImage(file) {
-      const formData = new FormData();
-      formData.append("file", file);
-      return postFormData("/api/uploads/images", formData);
-    },
-    // ── Health ─────────────────────────────────────────────────────────────
-    /**
-     * GET /health
-     * Public health check. Returns provider availability status.
-     */
-    healthCheck() {
-      return get("/health");
-    }
-  };
+	const base = baseUrl.replace(/\/$/, "");
+	async function get(path, init) {
+		const headers = await buildHeaders(getToken, init?.headers);
+		return parseResponse(await fetch(`${base}${path}`, {
+			...init,
+			method: "GET",
+			headers
+		}));
+	}
+	async function post(path, body) {
+		const headers = await buildHeaders(getToken);
+		return parseResponse(await fetch(`${base}${path}`, {
+			method: "POST",
+			headers,
+			...body !== void 0 ? { body: JSON.stringify(body) } : {}
+		}));
+	}
+	async function postFormData(path, formData) {
+		const headers = {};
+		if (getToken) {
+			const token = await getToken();
+			if (token) headers["Authorization"] = `Bearer ${token}`;
+		}
+		return parseResponse(await fetch(`${base}${path}`, {
+			method: "POST",
+			headers,
+			body: formData
+		}));
+	}
+	async function patch(path, body) {
+		const headers = await buildHeaders(getToken);
+		return parseResponse(await fetch(`${base}${path}`, {
+			method: "PATCH",
+			headers,
+			body: JSON.stringify(body)
+		}));
+	}
+	async function del(path) {
+		const headers = await buildHeaders(getToken);
+		return parseResponse(await fetch(`${base}${path}`, {
+			method: "DELETE",
+			headers
+		}));
+	}
+	return {
+		/**
+		* GET /config
+		* Returns site-wide configuration. Check `maintenanceMode` and
+		* `comingSoonUntil` on app load to gate the UI appropriately.
+		* Use `now` (server unix epoch) for timestamp comparisons.
+		*/
+		getConfig() {
+			return get("/api/config");
+		},
+		/**
+		* PATCH /api/config/:key — admin only.
+		* Upserts a site config value. Requires admin or super_admin role.
+		*/
+		updateConfig(key, value) {
+			return patch(`/api/config/${encodeURIComponent(key)}`, { value });
+		},
+		/**
+		* GET /api/classes
+		* Returns all published classes. Response is ETag-cached for 7 days.
+		*/
+		getEvents() {
+			return get("/api/classes");
+		},
+		/**
+		* GET /api/classes/admin — admin only.
+		* Returns all classes regardless of status.
+		*/
+		getAdminEvents() {
+			return get("/api/classes/admin");
+		},
+		/**
+		* POST /api/classes/admin/publish — admin only.
+		* Batch publish queued classes immediately or schedule them for later.
+		*/
+		batchPublish(ids, releaseAt) {
+			return post("/api/classes/admin/publish", {
+				ids,
+				releaseAt
+			});
+		},
+		/**
+		* GET /api/classes/:slug
+		* Returns a single published class by slug.
+		*/
+		getEvent(slug) {
+			return get(`/api/classes/${encodeURIComponent(slug)}`);
+		},
+		/**
+		* GET /api/classes/:slug/slots
+		* Returns real-time slot availability. CF edge caches this for 5 seconds.
+		* Poll every 8–10 seconds on class detail pages.
+		*/
+		getSlots(slug) {
+			return get(`/api/classes/${encodeURIComponent(slug)}/slots`);
+		},
+		/**
+		* POST /api/classes/:slug/reconcile — admin only.
+		* Corrects slot count for a single event by fetching the real Google Forms response count.
+		*/
+		reconcileEvent(slug) {
+			return post(`/api/classes/${encodeURIComponent(slug)}/reconcile`);
+		},
+		/**
+		* POST /api/classes — admin only.
+		* Creates a new class. Auto-generates slug from title.
+		*/
+		createEvent(data) {
+			return post("/api/classes", data);
+		},
+		/**
+		* PATCH /api/classes/:slug — admin only.
+		* Updates an existing class by slug.
+		*/
+		updateEvent(slug, data) {
+			return patch(`/api/classes/${encodeURIComponent(slug)}`, data);
+		},
+		/**
+		* DELETE /api/classes/:slug — admin only.
+		* Deletes a class.
+		*/
+		deleteEvent(slug) {
+			return del(`/api/classes/${encodeURIComponent(slug)}`);
+		},
+		/**
+		* GET /api/themes
+		* Returns all themes.
+		*/
+		getThemes() {
+			return get("/api/themes");
+		},
+		/**
+		* POST /api/themes — admin only.
+		*/
+		createTheme(data) {
+			return post("/api/themes", data);
+		},
+		/**
+		* PATCH /api/themes/:id — admin only.
+		*/
+		updateTheme(id, data) {
+			return patch(`/api/themes/${encodeURIComponent(id)}`, data);
+		},
+		/**
+		* DELETE /api/themes/:id — admin only.
+		*/
+		deleteTheme(id) {
+			return del(`/api/themes/${encodeURIComponent(id)}`);
+		},
+		/**
+		* GET /api/organizations
+		* Returns all organizations.
+		*/
+		getOrganizations() {
+			return get("/api/organizations");
+		},
+		/**
+		* POST /api/organizations — admin only.
+		*/
+		createOrganization(data) {
+			return post("/api/organizations", data);
+		},
+		/**
+		* PATCH /api/organizations/:id — admin only.
+		*/
+		updateOrganization(id, data) {
+			return patch(`/api/organizations/${encodeURIComponent(id)}`, data);
+		},
+		/**
+		* DELETE /api/organizations/:id — admin only.
+		*/
+		deleteOrganization(id) {
+			return del(`/api/organizations/${encodeURIComponent(id)}`);
+		},
+		/**
+		* GET /api/users/me
+		* Returns the authenticated user's profile, or null for guests.
+		* Use `profile.role` to gate admin UI.
+		*/
+		getMe() {
+			return get("/api/users/me");
+		},
+		/**
+		* GET /api/users — admin only.
+		* Returns all registered users.
+		*/
+		getUsers() {
+			return get("/api/users");
+		},
+		/**
+		* PATCH /api/users/:id/role — admin only.
+		* Changes a user's role.
+		*/
+		updateUserRole(id, role) {
+			return patch(`/api/users/${encodeURIComponent(id)}/role`, { role });
+		},
+		/**
+		* POST /api/users/by-email — admin only.
+		* Finds or creates a user by email and sets their role.
+		*/
+		upsertUserByEmail(email, role) {
+			return post("/api/users/by-email", {
+				email,
+				role
+			});
+		},
+		/**
+		* GET /api/users/me/bookmarks
+		* Returns the authenticated user's bookmarked events.
+		* Returns an empty array for unauthenticated users.
+		*/
+		getBookmarks() {
+			return get("/api/users/me/bookmarks");
+		},
+		/**
+		* POST /api/users/me/bookmarks/:eventId
+		* Toggles a bookmark on/off. Requires authentication.
+		* Returns `{ bookmarked: true }` (201) on add, `{ bookmarked: false }` (200) on remove.
+		*/
+		toggleBookmark(eventId) {
+			return post(`/api/users/me/bookmarks/${encodeURIComponent(eventId)}`);
+		},
+		/**
+		* DELETE /api/users/me/bookmarks/:eventId
+		* Removes a bookmark. Requires authentication.
+		*/
+		deleteBookmark(eventId) {
+			return del(`/api/users/me/bookmarks/${encodeURIComponent(eventId)}`);
+		},
+		/**
+		* GET /api/faqs
+		* Returns all active FAQs. Cached in KV for 10 minutes.
+		* The `answer` field is markdown — render with a markdown library.
+		*/
+		getFaqs() {
+			return get("/api/faqs");
+		},
+		/**
+		* POST /api/faqs — admin only.
+		* Creates a new FAQ item.
+		*/
+		createFaq(data) {
+			return post("/api/faqs", data);
+		},
+		/**
+		* PATCH /api/faqs/:id — admin only.
+		* Updates an existing FAQ item.
+		*/
+		updateFaq(id, data) {
+			return patch(`/api/faqs/${encodeURIComponent(id)}`, data);
+		},
+		/**
+		* DELETE /api/faqs/:id — admin only.
+		* Soft-deletes a FAQ (sets isActive: false).
+		*/
+		deleteFaq(id) {
+			return del(`/api/faqs/${encodeURIComponent(id)}`);
+		},
+		/**
+		* POST /api/uploads — admin only.
+		* Uploads an image file to R2. Accepts multipart/form-data.
+		* Returns the public URL, storage key, size, and content type.
+		*/
+		uploadImage(file) {
+			const formData = new FormData();
+			formData.append("file", file);
+			return postFormData("/api/uploads", formData);
+		},
+		/**
+		* GET /health
+		* Public health check. Returns provider availability status.
+		*/
+		healthCheck() {
+			return get("/health");
+		}
+	};
 }
-
+//#endregion
 exports.LEAPIFY_ERROR_CODES = LEAPIFY_ERROR_CODES;
 exports.LeapifyApiError = LeapifyApiError;
 exports.createLeapifyAuthClient = createLeapifyAuthClient;
@@ -482,5 +581,3 @@ exports.signInWithGoogleRedirect = signInWithGoogleRedirect;
 exports.signOut = signOut;
 exports.solveTurnstileChallenge = solveTurnstileChallenge;
 exports.syncCookieSessionToStorage = syncCookieSessionToStorage;
-//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map