Phase 1 MVP - Complete implementation

- Login with JWT and refresh token rotation
- Dashboard with projects cards
- ProjectView with TreeView navigation
- DocumentView with markdown editor and auto-save
- Tag management (create, assign, remove)
- Dark mode CSS variables
- Security fixes applied (logout to backend, createDocument endpoint)

src/composables/useApi.ts

@@ -0,0 +1,88 @@
+import { useAuthStore } from '@/stores/auth'
+import router from '@/router'
+
+const BASE_URL = import.meta.env.VITE_API_BASE_URL || 'http://localhost:8000/api/v1'
+
+export function useApi() {
+  const authStore = useAuthStore()
+
+  async function refreshAccessToken(): Promise<string | null> {
+    try {
+      const response = await fetch(`${BASE_URL}/auth/refresh`, {
+        method: 'POST',
+        credentials: 'include'  // Include cookies for refresh token
+      })
+      if (response.ok) {
+        const data = await response.json()
+        authStore.token = data.access_token
+        localStorage.setItem('access_token', data.access_token)
+        return data.access_token
+      }
+    } catch {
+      // Refresh failed
+    }
+    return null
+  }
+
+  async function request<T>(endpoint: string, options: RequestInit = {}, retryCount = 0): Promise<T> {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      ...(options.headers as Record<string, string> || {})
+    }
+
+    if (authStore.token) {
+      headers['Authorization'] = `Bearer ${authStore.token}`
+    }
+
+    const response = await fetch(`${BASE_URL}${endpoint}`, {
+      ...options,
+      headers,
+      body: options.body ? JSON.stringify(options.body) : undefined
+    })
+
+    if (response.status === 401) {
+      // Try to refresh token once
+      if (retryCount === 0 && !endpoint.includes('/auth/')) {
+        const newToken = await refreshAccessToken()
+        if (newToken) {
+          // Retry original request with new token
+          headers['Authorization'] = `Bearer ${newToken}`
+          const retryResponse = await fetch(`${BASE_URL}${endpoint}`, {
+            ...options,
+            headers,
+            body: options.body ? JSON.stringify(options.body) : undefined
+          })
+          if (retryResponse.ok) {
+            if (retryResponse.status === 204) {
+              return {} as T
+            }
+            return retryResponse.json()
+          }
+        }
+      }
+      authStore.logout()
+      router.push('/login')
+      throw new Error('Unauthorized')
+    }
+
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ detail: 'Request failed' }))
+      throw new Error(error.detail || `HTTP ${response.status}`)
+    }
+
+    if (response.status === 204) {
+      return {} as T
+    }
+
+    return response.json()
+  }
+
+  return {
+    get: <T>(endpoint: string) => request<T>(endpoint, { method: 'GET' }),
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    post: <T>(endpoint: string, body?: any) => request<T>(endpoint, { method: 'POST', body }),
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    put: <T>(endpoint: string, body?: any) => request<T>(endpoint, { method: 'PUT', body }),
+    delete: <T>(endpoint: string) => request<T>(endpoint, { method: 'DELETE' })
+  }
+}