FIX - HUB AUTH: prevent request-access login loop

src/app/LauncherApp.tsx

@@ -809,7 +809,7 @@ export function LauncherApp() {
     return (
       <AccessRequestScreen
         onSubmit={createAccessRequest}
-        onLogin={() => redirectToLogin(authSession?.authenticated ? "/auth/login?prompt=login" : authSession?.loginUrl)}
+        onLogin={() => redirectToLogin(authSession?.authenticated ? "/auth/login?prompt=login" : authSession?.loginUrl, { returnTo: "/" })}
       />
     );
   }
@@ -1551,22 +1551,26 @@ function membershipRoleLabel(role: ClientMembership["role"]) {
   }[role];
 }
 
-function buildLoginRedirectUrl(loginUrl?: string) {
+function buildLoginRedirectUrl(loginUrl?: string, options: { returnTo?: string | null } = {}) {
   const url = new URL(loginUrl || "/auth/login", window.location.origin);
 
-  if (!url.searchParams.has("returnTo")) {
+  if (options.returnTo === null) {
-    const returnTo = `${window.location.pathname}${window.location.search}${window.location.hash}`;
+    url.searchParams.delete("returnTo");
+  } else if (!url.searchParams.has("returnTo")) {
+    const returnTo = options.returnTo ?? `${window.location.pathname}${window.location.search}${window.location.hash}`;
 
     if (returnTo && returnTo !== "/") {
       url.searchParams.set("returnTo", returnTo);
+    } else if (options.returnTo === "/") {
+      url.searchParams.set("returnTo", "/");
     }
   }
 
   return url.origin === window.location.origin ? `${url.pathname}${url.search}${url.hash}` : url.toString();
 }
 
-function redirectToLogin(loginUrl?: string) {
+function redirectToLogin(loginUrl?: string, options?: { returnTo?: string | null }) {
-  const redirectUrl = buildLoginRedirectUrl(loginUrl);
+  const redirectUrl = buildLoginRedirectUrl(loginUrl, options);
   const now = Date.now();
 
   if (lastAuthRedirect && now - lastAuthRedirect.startedAt < 1500) {