mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-06-21 12:09:31 -04:00
a55d167b91
When a console or stream tab is backgrounded or the machine sleeps past the auth hash TTL, the baked-in auth= on nph-zms <img> URLs expires. The browser keeps reconnecting with the stale hash, producing a burst of 403s from zms while the session-backed page still renders. Detect the tab becoming visible again (visibilitychange/pageshow) and probe auth once against the navBar status endpoint before letting streams reconnect: on success refresh the global auth_hash and repaint; on a dead session (401) go straight to login instead of retrying. Route the navBar poll, console table query, and per-stream error paths through a shared decision so 401/403 ends in a single login redirect rather than a retry storm. Put the auth functions (goToLogin, revalidateAuth, onAuthVisible) and the pure authFailureAction/loginRedirectUrl helpers in web/js/auth-helpers.js as named globals; skin.js only wires the visibility listeners. Node unit tests cover the pure helpers (tests/js/auth-helpers.test.js). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>