From d21f41d7c399e80a89ff7cc39cdd4ebaeb05c886 Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Mon, 2 Mar 2026 09:40:58 -0800
Subject: [PATCH] fix: auto-redirect to login on 401 Unauthorized

When API returns 401, clear stored tokens and redirect to /login
instead of showing an error message.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 it0-web-admin/src/infrastructure/api/api-client.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/it0-web-admin/src/infrastructure/api/api-client.ts b/it0-web-admin/src/infrastructure/api/api-client.ts
index 1b2cc14..2e14145 100644
--- a/it0-web-admin/src/infrastructure/api/api-client.ts
+++ b/it0-web-admin/src/infrastructure/api/api-client.ts
@@ -42,6 +42,13 @@ export async function apiClient<T>(endpoint: string, options: RequestOptions = {
   });
 
   if (!response.ok) {
+    if (response.status === 401 && typeof window !== 'undefined') {
+      localStorage.removeItem('access_token');
+      localStorage.removeItem('refresh_token');
+      localStorage.removeItem('current_tenant');
+      window.location.href = '/login';
+      throw new Error('Session expired');
+    }
     const errorData = await response.json().catch(() => null);
     const message = errorData?.message || `${response.status} ${response.statusText}`;
     throw new Error(message);