// In dev, Vite proxies /api/* but doesn't inject the key, so we send it
// from the browser. In production the nginx proxy injects it server-side.
const DEV_KEY = import.meta.env.VITE_FOOTBALL_API_KEY

export function apiFetch(path) {
  const headers = DEV_KEY ? { 'X-Auth-Token': DEV_KEY } : {}
  return fetch(`/api${path}`, { headers }).then((res) => {
    if (!res.ok) throw new Error(`API error: ${res.status} ${res.statusText}`)
    return res.json()
  })
}