fix: auth redirect

Author: lkstrp

.github/workflows/push-image.yaml

@@ -1,4 +1,4 @@
-name: Push Docker Image
+name: Docker Image
 
 on:
   push:

compose/compose.dev.yaml

@@ -95,7 +95,6 @@ services:
     environment:
       - DATABASE_URL=postgresql://${POSTGRES_USER:-pypsa}:${POSTGRES_PASSWORD:-devpassword}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-pypsa_dev}
       - REDIS_URL=redis://redis:6379/0
-      - DEBUG=true
     volumes:
       - ../src:/app/src
       - ../data:/data

frontend/app/src/lib/api/client.js

@@ -43,17 +43,19 @@ async function request(endpoint, options = {}, cancellationKey = null) {
 		const response = await fetch(url, config);
 
 		if (!response.ok) {
-			// Handle authentication errors
+			const error = await response.json().catch(() => ({ detail: response.statusText }));
+			const err = new Error(error.detail || `HTTP ${response.status}: ${response.statusText}`);
+			err.status = response.status;
+
+			// Handle authentication errors - but only redirect for 401, not 400
+			// 400 means auth is disabled, 401 means auth is enabled but user not logged in
 			if (response.status === 401 && !endpoint.includes('/auth/')) {
 				// Redirect to login page if not authenticated (except for auth endpoints)
 				if (typeof window !== 'undefined' && !window.location.pathname.startsWith('/login')) {
 					window.location.href = '/login';
 				}
 			}
 
-			const error = await response.json().catch(() => ({ detail: response.statusText }));
-			const err = new Error(error.detail || `HTTP ${response.status}: ${response.statusText}`);
-			err.status = response.status;
 			throw err;
 		}
 

frontend/app/src/lib/stores/auth.svelte.js

@@ -9,6 +9,7 @@ class AuthStore {
 	user = $state(null);
 	loading = $state(true);
 	error = $state(null);
+	authEnabled = $state(null); // null = unknown, true = enabled, false = disabled
 
 	/**
 	 * Initialize auth state by fetching current user
@@ -21,13 +22,21 @@ class AuthStore {
 		try {
 			const response = await auth.me();
 			this.user = response;
+			this.authEnabled = true; // Auth is enabled and user is logged in
 		} catch (err) {
-			// Not logged in or auth is disabled
-			this.user = null;
-			// Don't set error for 401/400, these are expected when not logged in
-			if (err.status && (err.status === 401 || err.status === 400)) {
+			// Check if auth is disabled (400 error)
+			if (err.status === 400) {
+				// Auth is disabled - no login required
+				this.authEnabled = false;
+				this.user = null;
+				this.error = null;
+			} else if (err.status === 401) {
+				// Auth is enabled but user is not logged in
+				this.authEnabled = true;
+				this.user = null;
 				this.error = null;
 			} else {
+				// Other error
 				console.error('Failed to fetch user:', err);
 				this.error = err.message;
 			}

frontend/app/src/routes/+layout.svelte

@@ -57,7 +57,7 @@
 		// Note: The API client's automatic 401 redirect skips /auth/ endpoints
 		// to prevent redirect loops, so we handle the redirect manually here
 		const currentPath = $page.url.pathname;
-		if (!authStore.loading && !authStore.isAuthenticated) {
+		if (!authStore.loading && authStore.authEnabled && !authStore.isAuthenticated) {
 			if (currentPath !== '/login') {
 				goto('/login');
 			}