fix(app): stabilize auth bootstrap and direct backend integration

WebApp/src/lib/app/api.js

@@ -2,6 +2,17 @@
 // @ts-nocheck
 import { getAppState } from './store';
 
+const rawBackendUrl = import.meta.env.VITE_BACKEND_URL ?? 'http://localhost:3000';
+const backendUrl = rawBackendUrl.replace(/\/+$/, '');
+
+const toBackendUrl = (path) => {
+	if (/^https?:\/\//i.test(path)) {
+		return path;
+	}
+
+	return `${backendUrl}${path.startsWith('/') ? path : `/${path}`}`;
+};
+
 const request = async (path, options = {}) => {
 	const { deviceToken } = getAppState();
 	const headers = { 'Content-Type': 'application/json' };
@@ -10,8 +21,9 @@ const request = async (path, options = {}) => {
 		headers.Authorization = `Bearer ${deviceToken}`;
 	}
 
-	const response = await fetch(path, {
+	const response = await fetch(toBackendUrl(path), {
 		...options,
+		credentials: 'include',
 		headers: {
 			...headers,
 			...(options.headers || {})
@@ -26,6 +38,8 @@ const request = async (path, options = {}) => {
 	return data;
 };
 
+export const getBackendUrl = () => backendUrl;
+
 export const api = {
 	request,
 	auth: {