// Auth API client. Cookies (httpOnly) are managed by the browser; we just // hand back JSON and status to the callers. async function postJson(path, body) { const r = await fetch(path, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body), }) let data = null try { data = await r.json() } catch { /* 204 has no body */ } return { ok: r.ok, status: r.status, data } } export async function signup({ email, password, username, firstName, lastName }) { return postJson('/api/auth/signup', { email, password, username, first_name: firstName, last_name: lastName, }) } export async function login(email, password) { return postJson('/api/auth/login', { email, password }) } export async function logout() { await fetch('/api/auth/logout', { method: 'POST' }) } export async function fetchMe() { const r = await fetch('/api/auth/me') if (r.ok) return r.json() return null }