From f8588a57a33b31edd6753f201bf1e8ab10cc0147 Mon Sep 17 00:00:00 2001
From: oabrivard <olivier@abrivard.fr>
Date: Fri, 3 Apr 2026 00:02:40 +0200
Subject: [PATCH] fix: skip 401 redirect for auth endpoints to prevent login
 interference
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The API client's 401 handler was intercepting responses from /auth/*
endpoints (login, register, me), throwing "Session expired" before the
actual response could reach the caller. This prevented the login form
from working — the AuthProvider's me() call returned 401, threw, and
the error propagated into the login flow.

Now the 401 redirect only triggers for non-auth API calls (where it
genuinely indicates an expired session). Auth endpoints handle their
own error responses normally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 frontend/src/api/client.ts    | 7 ++-----
 frontend/src/api/syntheses.ts | 5 +----
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/frontend/src/api/client.ts b/frontend/src/api/client.ts
index c11096f..5e31bbf 100644
--- a/frontend/src/api/client.ts
+++ b/frontend/src/api/client.ts
@@ -55,11 +55,8 @@ class ApiClient {
     });
 
     if (!response.ok) {
-      if (response.status === 401) {
-        const path = window.location.pathname;
-        if (path !== '/login' && path !== '/register') {
-          window.location.href = '/login';
-        }
+      if (response.status === 401 && !url.includes('/auth/')) {
+        window.location.href = '/login';
         throw { status: 401, message: 'Session expired' } satisfies ApiError;
       }
 
diff --git a/frontend/src/api/syntheses.ts b/frontend/src/api/syntheses.ts
index 5483aef..fa5f7c7 100644
--- a/frontend/src/api/syntheses.ts
+++ b/frontend/src/api/syntheses.ts
@@ -45,10 +45,7 @@ export async function fetchFile(path: string): Promise<Response> {
 
   if (!response.ok) {
     if (response.status === 401) {
-      const path = window.location.pathname;
-      if (path !== '/login' && path !== '/register') {
-        window.location.href = '/login';
-      }
+      window.location.href = '/login';
     }
     const errorBody = await response.json().catch(() => ({ error: 'Unknown error' }));
     throw {