extended JS and TS template with Bearer token

added Bearer token for testing API

AGENTS.md

@@ -4,8 +4,11 @@
 APIlite is a lightweight PHP library. A class extends `TPsoft\APIlite\APIlite`, public methods become API actions, requests are processed automatically, and responses are returned as JSON.
 
 The project also generates frontend clients:
-- JavaScript client: `format=javascript` (`.js`)
+- JavaScript client: `format=javascript` (`.js`, includes `bearerSet()` helper backed by `localStorage`)
-- TypeScript client: `format=typescript` (`.ts`, real typed output)
+- TypeScript client: `format=typescript` (`.ts`, real typed output, includes `bearerSet()` helper backed by `localStorage`)
+
+The HTML help page is also interactive:
+- HTML help: `format=html` includes endpoint docs, a built-in request tester, and optional Bearer token support stored in browser `localStorage`
 
 ## Core files
 - `src/APIlite.php`: runtime, routing, docs JSON/HTML/client generation
@@ -19,7 +22,10 @@ The project also generates frontend clients:
 - Maintain both generated clients:
   - JavaScript stays plain JS.
   - TypeScript stays typed (interfaces + typed method signatures).
+  - Bearer token behavior stays aligned between JavaScript and TypeScript clients (`bearerSet()`, `apilite_bearer_token`, automatic `Authorization: Bearer ...` header).
+- Keep the HTML help page usable both as documentation and as a lightweight in-browser tester.
 - If you change output field names in JSON help, update README and templates consistently.
+- If you change request metadata or tester behavior, update `README.md` and keep `src/help.tpl.php` aligned with the actual runtime request model.
 - Prefer small, focused changes over broad rewrites.
 
 ## Verification checklist
@@ -29,9 +35,12 @@ The project also generates frontend clients:
   - `php -l src/javascript.tpl.php`
   - `php -l src/typescript.tpl.php`
   - `php -l bin/apilite-files`
+- If HTML help changes, also render it once:
+  - `php test/APIcalculator.php --html`
 - If client generation changes, test with:
   - `php test/APIcalculator.php --javascript`
   - `php test/APIcalculator.php --typescript`
 
 ## Documentation rule
 When output format names/flags/URLs change, update `README.md` in the same change set.
+When Bearer token helper/storage behavior changes, update `README.md` and keep JS/TS client docs aligned with the actual generated templates.

README.md

@@ -231,16 +231,22 @@ and there is also an HTML version available
 
 <img src="test/Example.APIcalculator.png" />
 
+The HTML documentation page also includes a built-in interactive tester. Each endpoint can be expanded with `Try it`, filled directly in the browser, and executed against the current API endpoint. If needed, you can set a shared Bearer token at the top of the page. The token is stored in `localStorage` and is sent as `Authorization: Bearer ...` for test requests made from that page.
+
 You can also download generated frontend clients:
 
 * JavaScript: `?format=javascript`
 * TypeScript (typed for Vue/TS projects): `?format=typescript`
 
+Both generated clients support a shared Bearer token helper. Call `bearerSet(token)` once, the token is stored in `localStorage` under `apilite_bearer_token`, and subsequent requests automatically send `Authorization: Bearer ...`.
+
 JavaScript usage example:
 
 ```js
 import backend from './backend.js';
 
+backend.bearerSet('your-access-token');
+
 backend.add(1, 2).then((response) => {
 	console.log(response.data);
 });
@@ -251,6 +257,8 @@ TypeScript usage example (Vue + TS):
 ```ts
 import backend from './backend';
 
+backend.bearerSet('your-access-token');
+
 backend.add(1, 2).then((response) => {
 	console.log(response.data); // typed value based on PHP return type
 });
@@ -263,3 +271,14 @@ These outputs can also be generated in command line:
 * HTML: `$> php APIcalculator.php --html`
 * JavaScript: `$> php APIcalculator.php --javascript > backend.js` (`--js` alias is available)
 * TypeScript: `$> php APIcalculator.php --typescript > backend.ts`
+
+## HTML help tester notes
+
+The built-in HTML tester currently follows the default APIlite request model:
+
+* request method is `POST`
+* endpoint action is sent as query parameter `action`
+* request fields are sent as top-level form fields
+* object and array field values are serialized as JSON strings
+
+Because the current metadata does not explicitly distinguish path params, query params and request body schemas, the HTML tester renders the parts that are reliably available today and keeps the rest minimal.

src/javascript.tpl.php

@@ -7,12 +7,63 @@
 
 class <?php echo $this->apiName; ?> {
 	endpoint = <?php echo sprintf(substr($this->endpoint, 0, 4) == 'http' ? '"%s"' : '%s', $this->endpoint); ?>;
+	bearerStorageKey = 'apilite_bearer_token';
+
+	normalizeBearerToken(token) {
+		if (typeof token !== 'string') return null;
+		token = token.trim();
+		return token === '' ? null : token;
+	}
+
+	getStorage() {
+		try {
+			if (typeof window !== 'undefined' && window.localStorage) return window.localStorage;
+		} catch (error) {
+			return null;
+		}
+		return null;
+	}
+
+	getBearerToken() {
+		var storage = this.getStorage();
+		if (storage == null) return null;
+		return this.normalizeBearerToken(storage.getItem(this.bearerStorageKey));
+	}
+
+	getRequestHeaders(headers = {}) {
+		var requestHeaders = Object.assign({}, headers);
+		if (typeof requestHeaders.Authorization === 'undefined') {
+			var token = this.getBearerToken();
+			if (token != null) requestHeaders.Authorization = 'Bearer ' + token;
+		}
+		return requestHeaders;
+	}
+
+	applyHeaders(xhttp, headers) {
+		Object.keys(headers).forEach(key => {
+			var value = headers[key];
+			if (typeof value === 'undefined' || value === null) return;
+			xhttp.setRequestHeader(key, value);
+		});
+	}
+
+	bearerSet(token) {
+		var storage = this.getStorage();
+		if (storage == null) return;
+		token = this.normalizeBearerToken(token);
+		if (token == null) {
+			storage.removeItem(this.bearerStorageKey);
+			return;
+		}
+		storage.setItem(this.bearerStorageKey, token);
+	}
 
 	/* ----------------------------------------------------
 	 * General API call
 	 */
 	call(method, data, callback) {
 		var xhttp = new XMLHttpRequest();
+		var headers = this.getRequestHeaders();
 		xhttp.withCredentials = true;
 		xhttp.onreadystatechange = function() {
 			if (this.readyState === 4) {
@@ -31,6 +82,7 @@ class <?php echo $this->apiName; ?> {
 			form_data.append(key, val);
 		});
 		xhttp.open('POST', this.endpoint + '?action=' + method);
+		this.applyHeaders(xhttp, headers);
 		xhttp.send(form_data);
 	}
 

src/typescript.tpl.php

@@ -152,8 +152,72 @@ export interface APIliteHelpResponse {
 	msg: string;
 }
 
+type APIliteRequestHeaders = Partial<Record<string, string>>;
+
 class <?php echo $this->apiName; ?> {
 	endpoint: string = <?php echo sprintf(substr($this->endpoint, 0, 4) == 'http' ? '"%s"' : '%s', $this->endpoint); ?>;
+	private readonly bearerStorageKey: string = 'apilite_bearer_token';
+
+	private normalizeBearerToken(token: string | null | undefined): string | null {
+		if (typeof token !== 'string') {
+			return null;
+		}
+		const normalizedToken = token.trim();
+		return normalizedToken === '' ? null : normalizedToken;
+	}
+
+	private getStorage(): Storage | null {
+		try {
+			if (typeof window !== 'undefined' && typeof window.localStorage !== 'undefined') {
+				return window.localStorage;
+			}
+		} catch {
+			return null;
+		}
+		return null;
+	}
+
+	private getBearerToken(): string | null {
+		const storage = this.getStorage();
+		if (storage === null) {
+			return null;
+		}
+		return this.normalizeBearerToken(storage.getItem(this.bearerStorageKey));
+	}
+
+	private getRequestHeaders(headers: APIliteRequestHeaders = {}): APIliteRequestHeaders {
+		const requestHeaders: APIliteRequestHeaders = { ...headers };
+		if (typeof requestHeaders.Authorization === 'undefined') {
+			const token = this.getBearerToken();
+			if (token !== null) {
+				requestHeaders.Authorization = `Bearer ${token}`;
+			}
+		}
+		return requestHeaders;
+	}
+
+	private applyHeaders(xhttp: XMLHttpRequest, headers: APIliteRequestHeaders): void {
+		Object.keys(headers).forEach((key) => {
+			const value = headers[key];
+			if (typeof value === 'undefined' || value === null) {
+				return;
+			}
+			xhttp.setRequestHeader(key, value);
+		});
+	}
+
+	bearerSet(token: string | null): void {
+		const storage = this.getStorage();
+		if (storage === null) {
+			return;
+		}
+		const normalizedToken = this.normalizeBearerToken(token);
+		if (normalizedToken === null) {
+			storage.removeItem(this.bearerStorageKey);
+			return;
+		}
+		storage.setItem(this.bearerStorageKey, normalizedToken);
+	}
 
 	private call(
 		method: string,
@@ -161,6 +225,7 @@ class <?php echo $this->apiName; ?> {
 		callback: (response: APIliteHelpResponse | APIliteActionResponse<unknown> | APIliteErrorResponse) => void
 	): void {
 		const xhttp = new XMLHttpRequest();
+		const headers = this.getRequestHeaders();
 		xhttp.withCredentials = true;
 		xhttp.onreadystatechange = function() {
 			if (this.readyState === 4) {
@@ -191,6 +256,7 @@ class <?php echo $this->apiName; ?> {
 		});
 
 		xhttp.open('POST', this.endpoint + '?action=' + method);
+		this.applyHeaders(xhttp, headers);
 		xhttp.send(formData);
 	}