fix(central-ui): resolve CentralUI-020..025 — auth-ping idle logout, DebugView race, push-handler disposal guard, JS-interop catch narrowing, claim-constant helper, SessionExpiry tests

src/ScadaLink.CentralUI/wwwroot/js/session-expiry.js

@@ -0,0 +1,23 @@
+// CentralUI-020: client-side helper for the SessionExpiry component's
+// idle-logout check. Pings the given URL and reports the HTTP status code so
+// the Blazor component can redirect to /login once the server reports 401.
+//
+// `redirect: "manual"` ensures a 302 (should the endpoint ever start
+// redirecting) is reported as an opaque status rather than being followed
+// transparently — the component only ever wants to see the real outcome.
+export async function ping(url) {
+    try {
+        const resp = await fetch(url, {
+            method: "GET",
+            credentials: "same-origin",
+            cache: "no-store",
+            redirect: "manual",
+            headers: { "X-Requested-With": "XMLHttpRequest" }
+        });
+        return resp.status;
+    } catch {
+        // Network failure: report 0 so the caller treats it as inconclusive
+        // and retries on the next poll rather than logging the user out.
+        return 0;
+    }
+}