auth fixes

frontend/src/services/api.js

@@ -32,16 +32,14 @@ apiClient.interceptors.response.use(
   (response) => response,
   (error) => {
     // Handle specific error codes
-    if (error.response?.status === 401) {
-      // Unauthorized - clear token and redirect to login
+    if (error.response?.status === 401 || error.response?.status === 403) {
+      // Unauthorized or malformed token - clear token and redirect to login
+      console.log('Clearing invalid token due to auth error:', error.response?.status);
       localStorage.removeItem('authToken');
       // Use React Router navigation instead of hard redirect
       if (window.location.pathname !== '/login' && window.location.pathname !== '/register') {
         window.location.href = '/login';
       }
-    } else if (error.response?.status === 403) {
-      // Forbidden
-      toast.error('You do not have permission to perform this action');
     } else if (error.response?.status >= 500) {
       // Server error
       toast.error('Server error. Please try again later.');