fix(session): redirect to sign-in when session expires silently

[mallya-m]

What does this PR do?

Fixes silent 401 failures on the dashboard. When any API call returns 401 (session expired), the user now sees a toast "Session expired. Please sign in again." and is redirected to the sign-in page.

Related issue

Closes #930

Changes made

• Added src/app/dashboard/layout.tsx scoped to /dashboard routes
• Uses useSession({ required: true }) as primary session guard
• Global fetch interceptor detects 401 responses from any API call
• Shows sonner toast (already in project) before redirecting
• Restores original fetch on unmount — no memory leaks
• No changes to existing components

How to test

1. Log in and open the dashboard
2. Delete the session cookie in DevTools
3. Click Refresh on any widget
4. Toast appears: "Session expired. Please sign in again."
5. Automatically redirected to /auth/signin

[vercel]

@mallya-m is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[mallya-m]

@Priyanshu-byte-coder could you please add gssoc:approved, level:intermediate, and type:bug labels?
Ready to merge .Thank you!

[Priyanshu-byte-coder]

Thanks for working on session expiry handling! The concept is right but the implementation has issues:

window.fetch monkey-patching is risky:

window.fetch = async (...args) => {
  const response = await originalFetch(...args);
  if (response.status === 401) { // intercepts ALL fetch calls

This intercepts every fetch in the dashboard including third-party API calls (GitHub, etc.). A 401 from GitHub's API would incorrectly sign the user out of DevTrack.

Better approach:

1. Use NextAuth's middleware (already in src/middleware.ts) to redirect unauthenticated users
2. For specific session-expiry UX, use useSession({ required: true, onUnauthenticated() { router.push('/auth/signin') } } without the fetch intercept

Please revise to avoid monkey-patching the global fetch.

[Priyanshu-byte-coder]

The session-expiry redirect logic is useful but the implementation monkey-patches window.fetch globally in a React component. This is a risky pattern that can cause flaky behavior and interfere with other fetches on the page.

Preferred approach: Use a custom fetch wrapper utility or an Axios interceptor in a dedicated module (e.g. src/lib/auth-fetch.ts), then import it where needed. Or use next-auth's useSession({ required: false }) combined with an error === 'TokenRevoked' check (already supported by the JWT callback) to trigger redirect without patching globals.

Please refactor to avoid patching window.fetch and rebase on main.

[github-actions]

🎉 Merged! Thanks for contributing to DevTrack.

If the project has been useful to you, a ⭐ star on the repo is the easiest way to support it — it helps DevTrack get discovered by more developers.

Keep an eye on open issues for your next contribution!