Fix: Don't send Authorization header for auth endpoints

src/composables/useApi.ts

@@ -30,7 +30,9 @@ export function useApi() {
       ...(options.headers as Record<string, string> || {})
     }
 
-    if (authStore.token) {
+    // Only add Authorization header for non-auth endpoints
+    // Auth endpoints (login, register, refresh) should NOT receive the old token
+    if (authStore.token && !endpoint.includes('/auth/')) {
       headers['Authorization'] = `Bearer ${authStore.token}`
     }