Fix TypeError: Invalid URL on login page when VITE_OAUTH_PORTAL_URL is unset

getLoginUrl() was calling new URL(`${undefined}/app-auth`) when no OAuth
portal is configured, crashing the app on load. Now falls back to the
local /login page when VITE_OAUTH_PORTAL_URL is not set.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

client/src/const.ts

@@ -1,11 +1,21 @@
 export { COOKIE_NAME, ONE_YEAR_MS } from "@shared/const";
 
-// Generate login URL at runtime so redirect URI reflects the current origin.
+// Generate login URL at runtime.
+// If VITE_OAUTH_PORTAL_URL is configured, use Manus OAuth flow.
+// Otherwise (production), redirect to our own email/password login page.
 export const getLoginUrl = (returnPath?: string) => {
   const oauthPortalUrl = import.meta.env.VITE_OAUTH_PORTAL_URL;
+  const base = import.meta.env.BASE_URL ?? "/";
+
+  // No OAuth portal configured — use local login page
+  if (!oauthPortalUrl) {
+    const qs = returnPath ? `?returnTo=${encodeURIComponent(returnPath)}` : "";
+    return `${base}login${qs}`;
+  }
+
+  // OAuth flow (Manus / external SSO)
   const appId = import.meta.env.VITE_APP_ID;
-  const redirectUri = `${window.location.origin}${import.meta.env.BASE_URL}api/oauth/callback`;
-  // Encode both the redirect URI and optional return path in state
+  const redirectUri = `${window.location.origin}${base}api/oauth/callback`;
   const statePayload = returnPath
     ? JSON.stringify({ redirectUri, returnPath })
     : redirectUri;