From fe8193bc261e02e46e924acdb1b445838b0f1e1b Mon Sep 17 00:00:00 2001
From: Pavlo Kulyk <pkulyk@devforth.io>
Date: Thu, 14 May 2026 16:14:38 +0300
Subject: [PATCH 1/3] fix: set response status to 401 for unauthorized access
 in AdminForthRestAPI and prevent redirect to login on 401 status for login
 path in callApi function

---
 adminforth/modules/restApi.ts     | 2 ++
 adminforth/spa/src/utils/utils.ts | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/adminforth/modules/restApi.ts b/adminforth/modules/restApi.ts
index a8311a7bd..639920835 100644
--- a/adminforth/modules/restApi.ts
+++ b/adminforth/modules/restApi.ts
@@ -718,6 +718,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
 
         if (!userRecord) {
+          response.status = 401
           return { error: INVALID_MESSAGE };
         }
 
@@ -748,6 +749,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             });
           } 
         } else {
+          response.status = 401
           return { error: INVALID_MESSAGE };
         }
           
diff --git a/adminforth/spa/src/utils/utils.ts b/adminforth/spa/src/utils/utils.ts
index 37accb1f1..b64b1e0d9 100644
--- a/adminforth/spa/src/utils/utils.ts
+++ b/adminforth/spa/src/utils/utils.ts
@@ -141,7 +141,7 @@ export async function callApi({path, method, body, headers, silentError = false,
   const fullPath = `${import.meta.env.VITE_ADMINFORTH_PUBLIC_PATH || ''}${path}`;
   try {
     const r = await fetch(fullPath, options);
-    if (r.status == 401 ) {
+    if (r.status == 401 && !path.includes('/login')) {
       useUserStore().unauthorize();
       useCoreStore().resetAdminUser();
       await redirectToLogin();

From 28a1391fb6789a2819dcbe2afbae4b4f4ad05508 Mon Sep 17 00:00:00 2001
From: Pavlo Kulyk <pkulyk@devforth.io>
Date: Fri, 15 May 2026 11:07:23 +0300
Subject: [PATCH 2/3] fix: update response handling to use setStatus for
 unauthorized access in AdminForthRestAPI

---
 adminforth/modules/restApi.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/adminforth/modules/restApi.ts b/adminforth/modules/restApi.ts
index 639920835..dbab95a5e 100644
--- a/adminforth/modules/restApi.ts
+++ b/adminforth/modules/restApi.ts
@@ -718,7 +718,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
 
         if (!userRecord) {
-          response.status = 401
+          response.setStatus(401, 'Unauthorized');
           return { error: INVALID_MESSAGE };
         }
 
@@ -749,7 +749,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             });
           } 
         } else {
-          response.status = 401
+          response.setStatus(401, 'Unauthorized');
           return { error: INVALID_MESSAGE };
         }
           

From 4235a9121311e0c46a673fc19ea472671a84216c Mon Sep 17 00:00:00 2001
From: Pavlo Kulyk <pkulyk@devforth.io>
Date: Fri, 15 May 2026 11:23:57 +0300
Subject: [PATCH 3/3] fix: update setStatus method to accept optional message
 parameter in IAdminForthHttpResponse

---
 adminforth/modules/restApi.ts | 4 ++--
 adminforth/types/Back.ts      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/adminforth/modules/restApi.ts b/adminforth/modules/restApi.ts
index dbab95a5e..2ad0b8861 100644
--- a/adminforth/modules/restApi.ts
+++ b/adminforth/modules/restApi.ts
@@ -718,7 +718,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
 
         if (!userRecord) {
-          response.setStatus(401, 'Unauthorized');
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
 
@@ -749,7 +749,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
             });
           } 
         } else {
-          response.setStatus(401, 'Unauthorized');
+          response.setStatus(401);
           return { error: INVALID_MESSAGE };
         }
           
diff --git a/adminforth/types/Back.ts b/adminforth/types/Back.ts
index 78a480c35..a241da95c 100644
--- a/adminforth/types/Back.ts
+++ b/adminforth/types/Back.ts
@@ -36,7 +36,7 @@ export interface IConfigValidator {
 
 export interface IAdminForthHttpResponse {
     setHeader: (key: string, value: string) => void,
-    setStatus: (code: number, message: string) => void,
+    setStatus: (code: number, message?: string) => void,
     blobStream: () => Writable,
 };