Merge pull request 'feat(auth): bounce to /login.html on 401 so AUTH_ENABLED=true gives a real login' (#26) from feat/auth-login-redirect into main

2026-05-23 16:41:25 -04:00 · 2026-05-23 16:41:25 -04:00 · 53049d1c4d
commit 53049d1c4d
parent 0537378d82 bec4bfaf31
1 changed files with 9 additions and 0 deletions
--- a/services/web-ui/public/data.jsx
+++ b/services/web-ui/public/data.jsx
@ -20,6 +20,15 @@ async function apiFetch(path, opts = {}) {
    headers: { 'Content-Type': 'application/json', ...(opts.headers || {}) },
    ...opts,
  });
+  // 401 from any API call means there's no live session. Bounce to the
+  // login screen instead of leaving the app in a half-loaded state.
+  // While AUTH_ENABLED=false the server returns a synthetic /auth/me with
+  // 200 so this branch never fires; flipping AUTH_ENABLED=true is what
+  // activates the redirect end-to-end.
+  if (res.status === 401 && !location.pathname.endsWith('/login.html')) {
+    location.replace('/login.html');
+    throw new Error('Unauthenticated — redirecting to login');
+  }
  if (!res.ok) throw new Error(res.status + ' ' + res.statusText);
  return res.json();
 }