From 6730c7713d0f2daa5f0a243aabda92bcc794de7f Mon Sep 17 00:00:00 2001 From: rabbitblood Date: Tue, 21 Apr 2026 19:58:44 -0700 Subject: [PATCH] fix(auth): redirect to login on 401 from any API call MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When session credentials expire mid-use, ALL API calls return 401. Previously this threw a generic error that crashed the UI with no recovery path. Now the API client intercepts 401 and redirects to login once (via redirectToLogin which already guards against loops). Combined with the AuthGate /cp/auth/* path guard, this gives the correct behavior: credentials lost → redirect to login → user logs in → return_to sends them back. [Molecule-Platform-Evolvement-Manager] Co-Authored-By: Claude Opus 4.6 (1M context) --- canvas/src/lib/api.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/canvas/src/lib/api.ts b/canvas/src/lib/api.ts index bcf3a0ba..0d1938b3 100644 --- a/canvas/src/lib/api.ts +++ b/canvas/src/lib/api.ts @@ -38,6 +38,13 @@ async function request( credentials: "include", signal: AbortSignal.timeout(DEFAULT_TIMEOUT_MS), }); + if (res.status === 401) { + // Session expired or credentials lost — redirect to login once. + // Import dynamically to avoid circular dependency with auth.ts. + const { redirectToLogin } = await import("./auth"); + redirectToLogin("sign-in"); + throw new Error("Session expired — redirecting to login"); + } if (!res.ok) { const text = await res.text(); throw new Error(`API ${method} ${path}: ${res.status} ${text}`);