fix: prevent 401 redirect loop on login and register pages

The API client redirected to /login on any 401 response, including the
GET /auth/me call made by AuthProvider on the login page itself. This
caused an infinite hard-navigation reload loop.

Skip the redirect when already on /login or /register — the AuthContext
route guards handle unauthenticated routing for those pages.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

frontend/src/api/client.ts

@@ -56,7 +56,10 @@ class ApiClient {
 
     if (!response.ok) {
       if (response.status === 401) {
-        window.location.href = '/login';
+        const path = window.location.pathname;
+        if (path !== '/login' && path !== '/register') {
+          window.location.href = '/login';
+        }
         throw { status: 401, message: 'Session expired' } satisfies ApiError;
       }
 

frontend/src/api/syntheses.ts

@@ -45,7 +45,10 @@ export async function fetchFile(path: string): Promise<Response> {
 
   if (!response.ok) {
     if (response.status === 401) {
-      window.location.href = '/login';
+      const path = window.location.pathname;
+      if (path !== '/login' && path !== '/register') {
+        window.location.href = '/login';
+      }
     }
     const errorBody = await response.json().catch(() => ({ error: 'Unknown error' }));
     throw {