const api = {
	fetch: async function (url, options = { method: "GET" }) {
		const session_id = (document.cookie.match(
			/^(?:.*;)?\s*session_id\s*=\s*([^;]+)(?:.*)?$/,
		) || [, null])[1];

		// TODO: this wasn't really intended to be persisted in a cookie
		const session_secret = (document.cookie.match(
			/^(?:.*;)?\s*session_secret\s*=\s*([^;]+)(?:.*)?$/,
		) || [, null])[1];

		const headers = {
			Accept: "application/json",
			"x-session_id": session_id,
			"x-totp": await otp_totp(session_secret),
			...(options.headers ?? {}),
		};

		const fetch_options = {
			method: options.method,
			headers,
		};

		if (options.json) {
			headers["Content-Type"] = "application/json";
			fetch_options.body = JSON.stringify(options.json);
		}

		const response = await fetch(`/api${url}`, fetch_options);

		return response;
	},
};