fix(auth): resolve login bootloop after httpOnly cookie migration

- client.ts: Skip 401 redirect for /accounts/me and /login page
- auth.ts: Return success: false instead of throwing on 401
- Login.tsx: Redirect to dashboard if already authenticated

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>

Author: Clément VALENTIN

apps/web/src/api/auth.ts

@@ -11,7 +11,12 @@ export const authApi = {
   },
 
   getMe: async () => {
-    return apiClient.get<User>('accounts/me')
+    try {
+      return await apiClient.get<User>('accounts/me')
+    } catch {
+      // 401 is expected when not logged in - return success: false instead of throwing
+      return { success: false, data: null, error: { message: 'Not authenticated' } }
+    }
   },
 
   getCredentials: async () => {

apps/web/src/api/client.ts

@@ -63,9 +63,16 @@ class APIClient {
       (response) => response,
       async (error: AxiosError<APIResponse>) => {
         if (error.response?.status === 401) {
-          // Cookie expired/invalid, redirect to login
-          // The httpOnly cookie will be cleared by the server on next request
-          window.location.href = '/login'
+          // Don't redirect if:
+          // 1. Already on login page (would cause loop)
+          // 2. Checking auth status (normal to get 401 if not logged in)
+          const isLoginPage = window.location.pathname === '/login'
+          const isAuthCheck = error.config?.url?.includes('accounts/me')
+
+          if (!isLoginPage && !isAuthCheck) {
+            // Session expired during normal use, redirect to login
+            window.location.href = '/login'
+          }
         }
         return Promise.reject(error)
       }

apps/web/src/pages/Login.tsx

@@ -1,4 +1,4 @@
-import { useState } from 'react'
+import { useState, useEffect } from 'react'
 import { Link, useNavigate, useLocation } from 'react-router-dom'
 import { useAuth } from '@/hooks/useAuth'
 import { LogIn, Eye, EyeOff } from 'lucide-react'
@@ -11,13 +11,20 @@ export default function Login() {
   const [email, setEmail] = useState('')
   const [password, setPassword] = useState('')
   const [showPassword, setShowPassword] = useState(false)
-  const { login, loginLoading, loginError } = useAuth()
+  const { login, loginLoading, loginError, isAuthenticated, isLoading } = useAuth()
   const navigate = useNavigate()
   const location = useLocation()
 
   // Récupérer l'URL de redirection depuis le state ou utiliser /dashboard par défaut
   const from = (location.state as LocationState)?.from || '/dashboard'
 
+  // Redirect if already authenticated
+  useEffect(() => {
+    if (isAuthenticated && !isLoading) {
+      navigate(from, { replace: true })
+    }
+  }, [isAuthenticated, isLoading, navigate, from])
+
   const handleSubmit = async (e: React.FormEvent) => {
     e.preventDefault()
     login({ email, password }, {