-
fix: restore login page accessibility and wire silent token refresh
Release / release (push) Successful in 7m12smpuchstein released this
2026-05-04 04:19:42 +02:00 | 16 commits to main since this releaseThe admin layout guard rendered only a "Redirecting to login..." placeholder
for the /admin/login child route, trapping every unauthenticated visitor.
Exempt the login route from the auth gate so the form renders correctly.Also wire the new POST /api/auth/refresh endpoint (from the dual-token
migration) into both auth.init() and the api request() 401 handler, so
sessions survive the 15-minute access-token lifetime without a hard logout.Adds a Playwright regression test asserting the login form is visible
in a clean (no-cookie) browser context.Downloads