From 358818cef964e44eef6c559ce54e31fb4d0214f7 Mon Sep 17 00:00:00 2001
From: "alexei.dolgolyov" <dolgolyov.alexei@gmail.com>
Date: Sat, 28 Mar 2026 13:35:44 +0300
Subject: [PATCH] fix: redirect to login on 401, fix static file serving

- Add auth guard in API client: 401 responses redirect to /login
- Fix go:embed with all: prefix to include _app/ directory
- Move jsonContentType middleware to /api routes only
- Use http.ServeContent for correct MIME type detection
---
 web/src/lib/api.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web/src/lib/api.ts b/web/src/lib/api.ts
index 46791cf..f6755c1 100644
--- a/web/src/lib/api.ts
+++ b/web/src/lib/api.ts
@@ -46,6 +46,13 @@ async function request<T>(path: string, init?: RequestInit): Promise<T> {
 		headers
 	});
 
+	// Redirect to login on 401 (expired/missing token).
+	if (res.status === 401 && typeof window !== 'undefined' && !path.includes('/auth/')) {
+		localStorage.removeItem('auth_token');
+		window.location.href = '/login';
+		throw new ApiError('Authentication required', 401);
+	}
+
 	let envelope: ApiEnvelope<T>;
 	try {
 		envelope = await res.json();