fix: Trust PHP auth check, skip redundant REST API call

admin-spa/src/App.tsx

@@ -405,29 +405,22 @@ function AuthWrapper() {
   const location = useLocation();
 
   useEffect(() => {
-    // Check if config was updated (e.g., after login)
-    if (window.WNW_CONFIG?.isAuthenticated !== isAuthenticated) {
+    console.log('[AuthWrapper] Initial config:', {
+      standaloneMode: window.WNW_CONFIG?.standaloneMode,
+      isAuthenticated: window.WNW_CONFIG?.isAuthenticated,
+      currentUser: window.WNW_CONFIG?.currentUser
+    });
+
+    // In standalone mode, trust the initial PHP auth check
+    // No need for additional API call since PHP already verified the session
+    if (window.WNW_CONFIG?.standaloneMode) {
       setIsAuthenticated(window.WNW_CONFIG.isAuthenticated);
       setIsChecking(false);
-      return;
+    } else {
+      // In wp-admin mode, always authenticated
+      setIsChecking(false);
     }
-
-    if (window.WNW_CONFIG?.standaloneMode) {
-      fetch(window.WNW_CONFIG.restUrl + '/auth/check', {
-        credentials: 'include',
-      })
-        .then(res => res.json())
-        .then(data => {
-          setIsAuthenticated(data.authenticated);
-          if (data.authenticated && data.user) {
-            window.WNW_CONFIG.currentUser = data.user;
-            window.WNW_CONFIG.isAuthenticated = true;
-          }
-        })
-        .catch(() => setIsAuthenticated(false))
-        .finally(() => setIsChecking(false));
-    }
-  }, [location.pathname, isAuthenticated]);
+  }, []);
 
   if (isChecking) {
     return (