Implement login with email/phone + OTP verification flow

Login page:
- Email/phone tabs with auto-detect from input
- Calls LogInWithEmail or LogInWithPhoneNumber API
- On 206 (Partial Content): shows OTP step, sends OTP, then verifies
- On 200: stores JWT in localStorage, decodes user info
- OTP step with resend button and back navigation
- Console logs throughout all auth flows

API client:
- Added authFetch() for raw status code handling (200/206)
- Added loginWithEmail, loginWithPhone, sendEmailOTP, sendPhoneOTP,
  verifyEmail, verifyPhone, isEmail, isPhoneNumber
- apiFetch now accepts 206 as non-error

app/utils/api.js

@@ -9,13 +9,18 @@ async function apiFetch(endpoint, options = {}) {
     ...options.headers,
   };
 
+  console.log('[API] Request:', `${API_BASE}${endpoint}`, options.method || 'GET');
+
   const res = await fetch(`${API_BASE}${endpoint}`, {
     ...options,
     headers,
   });
 
-  if (!res.ok) {
+  console.log('[API] Response:', res.status, endpoint);
+
+  if (!res.ok && res.status !== 206) {
     const text = await res.text().catch(() => '');
+    console.error('[API] Error:', res.status, text);
     throw new Error(`API ${res.status}: ${text || res.statusText}`);
   }
 
@@ -24,7 +29,6 @@ async function apiFetch(endpoint, options = {}) {
 
   try {
     const json = JSON.parse(text);
-    // API wraps responses in { data, errors, isSuccess, isFailure, statusCode }
     if (json && typeof json === 'object' && 'data' in json) {
       return json.data;
     }
@@ -34,6 +38,32 @@ async function apiFetch(endpoint, options = {}) {
   }
 }
 
+// Raw fetch for auth (no token, returns full response for status code handling)
+async function authFetch(endpoint, body) {
+  console.log('[Auth] Request:', `${API_BASE}${endpoint}`);
+
+  const res = await fetch(`${API_BASE}${endpoint}`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+
+  console.log('[Auth] Response status:', res.status, endpoint);
+
+  const text = await res.text();
+  let data = null;
+  try {
+    data = text ? JSON.parse(text) : null;
+    if (data && typeof data === 'object' && 'data' in data) {
+      data = data.data;
+    }
+  } catch {
+    data = text;
+  }
+
+  return { status: res.status, data, ok: res.ok || res.status === 206 };
+}
+
 // ─── Rent Properties ───
 
 export async function getRentProperties() {
@@ -112,3 +142,52 @@ export async function bookReservation(data) {
 export async function getTerms() {
   return apiFetch('/Terms/GetTerms');
 }
+
+// ─── Auth ───
+
+export async function loginWithEmail(credential, password) {
+  return authFetch('/Auth/LogInWithEmail', {
+    credential,
+    password,
+    device: 0,
+    appVersion: '1.0',
+  });
+}
+
+export async function loginWithPhone(credential, password) {
+  return authFetch('/Auth/LogInWithPhoneNumber', {
+    credential,
+    password,
+    device: 0,
+    appVersion: '1.0',
+  });
+}
+
+export async function sendEmailOTP() {
+  console.log('[Auth] Sending email OTP...');
+  return apiFetch('/Auth/SendEmailOTP', { method: 'POST' });
+}
+
+export async function sendPhoneOTP() {
+  console.log('[Auth] Sending phone OTP...');
+  return apiFetch('/Auth/SendPhoneNumberOTP', { method: 'POST' });
+}
+
+export async function verifyEmail(code) {
+  console.log('[Auth] Verifying email with code:', code);
+  return authFetch(`/Auth/VerifyEmail?code=${encodeURIComponent(code)}`, {});
+}
+
+export async function verifyPhone(code) {
+  console.log('[Auth] Verifying phone with code:', code);
+  return authFetch(`/Auth/VerifyPhoneNumber?code=${encodeURIComponent(code)}`, {});
+}
+
+// Helpers
+export function isEmail(value) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value);
+}
+
+export function isPhoneNumber(value) {
+  return /^\+?\d{7,15}$/.test(value.replace(/[\s\-()]/g, ''));
+}