fix(auth): add automatic token refresh on 401 responses

The client session was too short because access tokens (15 min) weren't
being automatically refreshed using the refresh token (7 days). Now the
ApiClient intercepts 401 responses, attempts token refresh, and retries
the original request. This extends effective session duration to 7 days.

Closes #6

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

1 files changed, 4 insertions, 15 deletions

diff --git a/src/client/stores/sync.tsx b/src/client/stores/sync.tsx
index aea5c16..9b46302 100644
--- a/src/client/stores/sync.tsx
+++ b/src/client/stores/sync.tsx
@@ -108,15 +108,9 @@ interface PullResponse {
 }
 
 async function pushToServer(data: SyncPushData): Promise<SyncPushResult> {
-	const authHeader = apiClient.getAuthHeader();
-	if (!authHeader) {
-		throw new Error("Not authenticated");
-	}
-
-	const res = await fetch("/api/sync/push", {
+	const res = await apiClient.authenticatedFetch("/api/sync/push", {
 		method: "POST",
 		headers: {
-			...authHeader,
 			"Content-Type": "application/json",
 		},
 		body: JSON.stringify(data),
@@ -135,14 +129,9 @@ async function pushToServer(data: SyncPushData): Promise<SyncPushResult> {
 async function pullFromServer(
 	lastSyncVersion: number,
 ): Promise<SyncPullResult> {
-	const authHeader = apiClient.getAuthHeader();
-	if (!authHeader) {
-		throw new Error("Not authenticated");
-	}
-
-	const res = await fetch(`/api/sync/pull?lastSyncVersion=${lastSyncVersion}`, {
-		headers: authHeader,
-	});
+	const res = await apiClient.authenticatedFetch(
+		`/api/sync/pull?lastSyncVersion=${lastSyncVersion}`,
+	);
 
 	if (!res.ok) {
 		const errorBody = (await res.json().catch(() => ({}))) as {