From c4c06be1486381c0e39b5724b8bbbc946c5eab3d Mon Sep 17 00:00:00 2001
From: Kyle Pope <kyle.a.pope@outlook.com>
Date: Sat, 28 Feb 2026 01:43:18 +0800
Subject: [PATCH] Fix login error vanishing: exclude auth endpoints from 401
 interceptor

The global axios 401 interceptor was firing window.location.href =
'/login' on every 401 response, including POST /auth/login with wrong
credentials. This caused a full page reload to /login, which remounted
the entire React tree and reset all LockScreen state (loginError,
username, password) before the user could see the error alert.

Fix: skip the redirect for /auth/* endpoints, which legitimately
return 401 for invalid credentials. The interceptor still redirects
to /login for expired sessions on protected API calls.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 frontend/src/lib/api.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/frontend/src/lib/api.ts b/frontend/src/lib/api.ts
index c169e2d..acf70c0 100644
--- a/frontend/src/lib/api.ts
+++ b/frontend/src/lib/api.ts
@@ -13,7 +13,11 @@ api.interceptors.response.use(
   (response) => response,
   (error) => {
     if (error.response?.status === 401) {
-      window.location.href = '/login';
+      const url = error.config?.url || '';
+      // Don't redirect on auth endpoints — they legitimately return 401
+      if (!url.startsWith('/auth/')) {
+        window.location.href = '/login';
+      }
     }
     return Promise.reject(error);
   }