fix(auth): prevent login redirect loop and concurrent refresh calls

- Added check to avoid redirecting to `/login` if already on the login page.
- Prevented multiple simultaneous `refreshUser` calls by adding an `isLoading` guard.
- Improved `useEffect` cleanup in `auth-provider` to handle components unmounting.

frontend/src/lib/api.ts

@@ -53,7 +53,10 @@ api.interceptors.response.use(
 			} catch (refreshError) {
 				// If refresh fails, we might want to redirect to login on the client
 				if (typeof window !== "undefined") {
-					window.location.href = "/login";
+					// On évite de rediriger vers login si on y est déjà pour éviter les boucles
+					if (!window.location.pathname.includes("/login")) {
+						window.location.href = "/login";
+					}
 				}
 				return Promise.reject(refreshError);
 			}

frontend/src/providers/auth-provider.tsx

@@ -26,6 +26,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
 	const router = useRouter();
 
 	const refreshUser = React.useCallback(async () => {
+		// Éviter de lancer plusieurs refresh en même temps
+		if (!isLoading) setIsLoading(true);
 		try {
 			const userData = await UserService.getMe();
 			setUser(userData);
@@ -34,11 +36,26 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
 		} finally {
 			setIsLoading(false);
 		}
-	}, []);
+	}, [isLoading]);
 
 	React.useEffect(() => {
-		refreshUser();
-	}, [refreshUser]);
+		let isMounted = true;
+		const initAuth = async () => {
+			try {
+				const userData = await UserService.getMe();
+				if (isMounted) setUser(userData);
+			} catch (_error) {
+				if (isMounted) setUser(null);
+			} finally {
+				if (isMounted) setIsLoading(false);
+			}
+		};
+
+		initAuth();
+		return () => {
+			isMounted = false;
+		};
+	}, []);
 
 	const login = async (email: string, password: string) => {
 		try {