SourceBox-LLC
diff --git a/‎backend/app/api/cameras.py‎
Lines changed: 20 additions & 16 deletions b/‎backend/app/api/cameras.py‎
Lines changed: 20 additions & 16 deletions
diff --git a/‎backend/app/api/hls.py‎
Lines changed: 24 additions & 2 deletions b/‎backend/app/api/hls.py‎
Lines changed: 24 additions & 2 deletions
diff --git a/‎backend/app/core/auth.py‎
Lines changed: 13 additions & 12 deletions b/‎backend/app/core/auth.py‎
Lines changed: 13 additions & 12 deletions
diff --git a/‎backend/app/models/models.py‎
Lines changed: 14 additions & 0 deletions b/‎backend/app/models/models.py‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎frontend/src/components/HlsPlayer.jsx‎
Lines changed: 14 additions & 43 deletions b/‎frontend/src/components/HlsPlayer.jsx‎
Lines changed: 14 additions & 43 deletions
diff --git a/‎frontend/src/components/Layout.jsx‎
Lines changed: 5 additions & 24 deletions b/‎frontend/src/components/Layout.jsx‎
Lines changed: 5 additions & 24 deletions
diff --git a/‎frontend/src/hooks/usePlanInfo.jsx‎
Lines changed: 59 additions & 0 deletions b/‎frontend/src/hooks/usePlanInfo.jsx‎
Lines changed: 59 additions & 0 deletions
@@ -209,16 +209,18 @@ async def get_all_settings(
     user: AuthUser = Depends(require_view), db: Session = Depends(get_db)
 ):
     """Get all settings for the user's organization."""
+    vals = Setting.get_many(db, user.org_id, {
+        "scheduled_recording": "false",
+        "scheduled_start": "06:00",
+        "scheduled_end": "17:00",
+        "continuous_24_7": "false",
+    })
     return {
         "recording": {
-            "scheduled_recording": Setting.get(
-                db, user.org_id, "scheduled_recording", "false"
-            )
-            == "true",
-            "scheduled_start": Setting.get(db, user.org_id, "scheduled_start", "06:00"),
-            "scheduled_end": Setting.get(db, user.org_id, "scheduled_end", "17:00"),
-            "continuous_24_7": Setting.get(db, user.org_id, "continuous_24_7", "false")
-            == "true",
+            "scheduled_recording": vals["scheduled_recording"] == "true",
+            "scheduled_start": vals["scheduled_start"],
+            "scheduled_end": vals["scheduled_end"],
+            "continuous_24_7": vals["continuous_24_7"] == "true",
         },
     }
 
@@ -228,15 +230,17 @@ async def get_recording_settings(
     user: AuthUser = Depends(require_view), db: Session = Depends(get_db)
 ):
     """Get recording settings."""
+    vals = Setting.get_many(db, user.org_id, {
+        "scheduled_recording": "false",
+        "scheduled_start": "06:00",
+        "scheduled_end": "17:00",
+        "continuous_24_7": "false",
+    })
     return {
-        "scheduled_recording": Setting.get(
-            db, user.org_id, "scheduled_recording", "false"
-        )
-        == "true",
-        "scheduled_start": Setting.get(db, user.org_id, "scheduled_start", "06:00"),
-        "scheduled_end": Setting.get(db, user.org_id, "scheduled_end", "17:00"),
-        "continuous_24_7": Setting.get(db, user.org_id, "continuous_24_7", "false")
-        == "true",
+        "scheduled_recording": vals["scheduled_recording"] == "true",
+        "scheduled_start": vals["scheduled_start"],
+        "scheduled_end": vals["scheduled_end"],
+        "continuous_24_7": vals["continuous_24_7"] == "true",
     }
 
 
 
@@ -37,6 +37,7 @@
 # playlist periodically even if the CloudNode hasn't pushed an update,
 # so that segment URLs never expire while still in the playlist.
 _PLAYLIST_CACHE_MAX_AGE = 300.0  # 5 minutes — well within 15-min URL expiry
+_CACHE_MAX_CAMERAS = 500  # Evict oldest entries above this limit
 
 # Track playlist update count per camera to trigger periodic Tigris cleanup.
 # Old segments pile up on Tigris since batch uploads have no confirm step.
@@ -50,6 +51,27 @@
 # {(user_id, camera_id): monotonic_timestamp_of_last_log}
 _ACCESS_LOG_INTERVAL = 300.0  # 5 minutes
 _last_access_logged: dict[tuple[str, str], float] = {}
+_ACCESS_LOG_MAX_ENTRIES = 10000  # Evict stale entries above this limit
+
+
+def _evict_caches():
+    """Evict stale entries from module-level caches to prevent unbounded growth."""
+    now = time.monotonic()
+
+    # Evict expired playlist caches
+    if len(_playlist_cache) > _CACHE_MAX_CAMERAS:
+        # Sort by timestamp, keep newest
+        sorted_entries = sorted(_playlist_cache.items(), key=lambda x: x[1][1])
+        for camera_id, _ in sorted_entries[:len(sorted_entries) - _CACHE_MAX_CAMERAS]:
+            del _playlist_cache[camera_id]
+            _playlist_update_count.pop(camera_id, None)
+
+    # Evict stale access log entries (older than 2x the log interval)
+    if len(_last_access_logged) > _ACCESS_LOG_MAX_ENTRIES:
+        cutoff = now - (_ACCESS_LOG_INTERVAL * 2)
+        stale_keys = [k for k, ts in _last_access_logged.items() if ts < cutoff]
+        for k in stale_keys:
+            del _last_access_logged[k]
 
 
 def _maybe_log_access(
@@ -308,11 +330,11 @@ async def update_hls_playlist(
         )
         _playlist_cache[camera_id] = (rewritten, time.monotonic())
 
-        # Periodically clean up old segments on Tigris. Batch uploads
-        # don't have a confirm step, so segments pile up indefinitely.
+        # Periodically clean up old segments on Tigris and evict stale caches.
         count = _playlist_update_count.get(camera_id, 0) + 1
         _playlist_update_count[camera_id] = count
         if count % settings.CLEANUP_INTERVAL == 0:
+            _evict_caches()
             asyncio.ensure_future(
                 _cleanup_old_segments(node.org_id, camera_id)
             )
 
@@ -1,6 +1,8 @@
 import httpx
 from fastapi import Depends, HTTPException, Request, status
+from sqlalchemy.orm import Session
 from app.core.config import settings
+from app.core.database import get_db
 from clerk_backend_api.security import AuthenticateRequestOptions
 from app.core.clerk import clerk
 
@@ -197,20 +199,19 @@ async def require_admin(user: AuthUser = Depends(get_current_user)) -> AuthUser:
     return user
 
 
-async def require_active_billing(user: AuthUser = Depends(require_admin)) -> AuthUser:
+async def require_active_billing(
+    user: AuthUser = Depends(require_admin),
+    db: Session = Depends(get_db),
+) -> AuthUser:
     """Admin + payment must not be past due.  Use for write operations
     (create node, create key, etc.) so past-due orgs can still read
-    their data but can't provision new resources."""
-    from app.core.database import get_db, SessionLocal
+    their data but can't provision new resources.
+    Reuses the request's existing DB session instead of opening a new one."""
     from app.models.models import Setting
 
-    db = SessionLocal()
-    try:
-        if Setting.get(db, user.org_id, "payment_past_due", "false") == "true":
-            raise HTTPException(
-                status_code=status.HTTP_402_PAYMENT_REQUIRED,
-                detail="Your payment is past due. Please update your billing information before making changes.",
-            )
-    finally:
-        db.close()
+    if Setting.get(db, user.org_id, "payment_past_due", "false") == "true":
+        raise HTTPException(
+            status_code=status.HTTP_402_PAYMENT_REQUIRED,
+            detail="Your payment is past due. Please update your billing information before making changes.",
+        )
     return user
@@ -94,6 +94,20 @@ def get(db, org_id: str, key: str, default: str = None) -> str:
         setting = db.query(Setting).filter_by(org_id=org_id, key=key).first()
         return setting.value if setting else default
 
+    @staticmethod
+    def get_many(db, org_id: str, keys_defaults: dict) -> dict:
+        """Fetch multiple settings in a single query.
+        keys_defaults: {key: default_value, ...}
+        Returns: {key: value, ...}
+        """
+        rows = (
+            db.query(Setting)
+            .filter(Setting.org_id == org_id, Setting.key.in_(keys_defaults.keys()))
+            .all()
+        )
+        found = {row.key: row.value for row in rows}
+        return {k: found.get(k, default) for k, default in keys_defaults.items()}
+
     @staticmethod
     def set(db, org_id: str, key: str, value: str):
         setting = db.query(Setting).filter_by(org_id=org_id, key=key).first()
 
@@ -1,6 +1,6 @@
 import { useEffect, useRef, useState } from "react"
 import Hls from "hls.js"
-import { useAuth } from "@clerk/clerk-react"
+import { useSharedToken } from "../hooks/useSharedToken.jsx"
 
 // Set to true to connect directly to CloudNode on localhost:8080
 // Set to false to use backend proxy with authentication
@@ -9,7 +9,7 @@ const LOCAL_TEST_MODE = import.meta.env.VITE_LOCAL_HLS === "true"
 function HlsPlayer({ cameraId, cameraName }) {
     const videoRef = useRef(null)
     const hlsRef = useRef(null)
-    const { getToken } = useAuth()
+    const { getCurrentToken, refreshNow } = useSharedToken()
     const [loading, setLoading] = useState(true)
     const [error, setError] = useState(null)
     const [isLive, setIsLive] = useState(false)
@@ -29,14 +29,10 @@ function HlsPlayer({ cameraId, cameraName }) {
                     ? `http://localhost:8080/hls/${cameraId}/stream.m3u8`
                     : `${API_URL}/api/cameras/${cameraId}/stream.m3u8`
 
-                // Pre-fetch the auth token BEFORE creating hls.js.
-                // xhrSetup is called synchronously — an async callback
-                // would return a Promise that hls.js never awaits, so
-                // the request would fire without the Authorization header.
-                let authToken = null
-                if (!LOCAL_TEST_MODE) {
-                    authToken = await getToken()
-                }
+                // Get the current shared auth token. xhrSetup reads the
+                // latest token on each request via getCurrentToken(), so
+                // no per-player refresh interval is needed.
+                let authToken = LOCAL_TEST_MODE ? null : getCurrentToken()
 
                 if (Hls.isSupported()) {
                     const hls = new Hls({
@@ -45,8 +41,10 @@ function HlsPlayer({ cameraId, cameraName }) {
                             // Presigned Tigris URLs already carry auth in the query
                             // string — sending an Authorization header to Tigris
                             // triggers a CORS preflight that Tigris rejects.
-                            if (authToken && url.startsWith(ownOrigin)) {
-                                xhr.setRequestHeader("Authorization", `Bearer ${authToken}`)
+                            // Read the latest shared token on each request.
+                            const token = LOCAL_TEST_MODE ? null : getCurrentToken()
+                            if (token && url.startsWith(ownOrigin)) {
+                                xhr.setRequestHeader("Authorization", `Bearer ${token}`)
                             }
                         },
 
@@ -83,29 +81,6 @@ function HlsPlayer({ cameraId, cameraName }) {
 
                     hlsRef.current = hls
 
-                    // Refresh the auth token every 30 seconds so it never
-                    // reaches Clerk's 60s expiry. If a refresh fails, the
-                    // next attempt is only 30s away (not 50s).
-                    const tokenRefreshInterval = setInterval(async () => {
-                        try {
-                            authToken = await getToken()
-                        } catch (e) {
-                            console.warn("[HlsPlayer] Token refresh failed:", e)
-                        }
-                    }, 30000)
-
-                    // Store interval ID for cleanup
-                    hls._tokenRefreshInterval = tokenRefreshInterval
-
-                    // Helper: refresh token immediately (called on auth failures)
-                    const refreshTokenNow = async () => {
-                        try {
-                            authToken = await getToken()
-                        } catch (e) {
-                            console.warn("[HlsPlayer] Urgent token refresh failed:", e)
-                        }
-                    }
-
                     hls.loadSource(playlistUrl)
                     hls.attachMedia(video)
 
@@ -163,11 +138,10 @@ function HlsPlayer({ cameraId, cameraName }) {
                             switch (data.type) {
                                 case Hls.ErrorTypes.NETWORK_ERROR:
                                     // Network errors are often caused by an expired
-                                    // auth token (401). Refresh the token immediately
-                                    // before retrying, so the next request uses a
-                                    // fresh token instead of the stale one.
+                                    // auth token (401). Refresh the shared token
+                                    // immediately before retrying.
                                     console.warn("[HlsPlayer] Network error, refreshing token and retrying:", data.details)
-                                    refreshTokenNow().then(() => {
+                                    refreshNow().then(() => {
                                         hls.startLoad()
                                     })
                                     break
@@ -196,17 +170,14 @@ function HlsPlayer({ cameraId, cameraName }) {
 
         return () => {
             if (hlsRef.current) {
-                if (hlsRef.current._tokenRefreshInterval) {
-                    clearInterval(hlsRef.current._tokenRefreshInterval)
-                }
                 if (hlsRef.current._stallCheck) {
                     clearInterval(hlsRef.current._stallCheck)
                 }
                 hlsRef.current.destroy()
                 hlsRef.current = null
             }
         }
-    }, [cameraId, getToken])
+    }, [cameraId, getCurrentToken])
 
     if (error) {
         return (
 
@@ -1,38 +1,19 @@
 import { Outlet, Link, useLocation } from "react-router-dom"
-import { SignedIn, SignedOut, UserButton, OrganizationSwitcher, useOrganization, useAuth } from "@clerk/clerk-react"
-import { useState, useEffect } from "react"
-import { getPlanInfo } from "../services/api"
+import { SignedIn, SignedOut, UserButton, OrganizationSwitcher, useOrganization } from "@clerk/clerk-react"
+import { usePlanInfo } from "../hooks/usePlanInfo.jsx"
 import ToastContainer from "./ToastContainer.jsx"
 
 function Layout() {
   const { organization, isLoaded: orgLoaded, membership } = useOrganization()
-  const { getToken } = useAuth()
+  const { planInfo } = usePlanInfo()
   const location = useLocation()
-  const [planFeatures, setPlanFeatures] = useState([])
-
-  const [planName, setPlanName] = useState(null)
 
   const isAdmin = orgLoaded && membership?.role === "org:admin"
+  const planFeatures = planInfo?.features || []
+  const planName = planInfo?.plan || null
   const hasAdminFeature = planFeatures.includes("admin")
   const isPro = planName === "pro" || planName === "business"
 
-  useEffect(() => {
-    if (organization && isAdmin) {
-      loadPlanFeatures()
-    }
-  }, [organization])
-
-  const loadPlanFeatures = async () => {
-    try {
-      const token = await getToken()
-      const data = await getPlanInfo(() => Promise.resolve(token))
-      setPlanFeatures(data.features || [])
-      setPlanName(data.plan || null)
-    } catch (err) {
-      // Silently fail — nav still works, just hides admin link
-    }
-  }
-
   const isActive = (path) => location.pathname === path ? "nav-link active" : "nav-link"
 
   return (
 
@@ -0,0 +1,59 @@
+import { createContext, useContext, useState, useEffect, useCallback, useRef } from "react"
+import { useAuth, useOrganization } from "@clerk/clerk-react"
+import { getPlanInfo } from "../services/api"
+
+const PlanInfoContext = createContext(null)
+
+const REFRESH_INTERVAL = 60000 // 60 seconds
+
+export function PlanInfoProvider({ children }) {
+  const { getToken } = useAuth()
+  const { organization } = useOrganization()
+  const [planInfo, setPlanInfo] = useState(null)
+  const [loading, setLoading] = useState(false)
+  const lastOrgRef = useRef(null)
+
+  const loadPlanInfo = useCallback(async () => {
+    if (!organization) return
+    try {
+      setLoading(true)
+      const token = await getToken()
+      const data = await getPlanInfo(() => Promise.resolve(token))
+      setPlanInfo(data)
+    } catch (err) {
+      console.error("[PlanInfo] Failed to load:", err)
+    } finally {
+      setLoading(false)
+    }
+  }, [organization, getToken])
+
+  // Load on mount and when org changes
+  useEffect(() => {
+    if (!organization) {
+      setPlanInfo(null)
+      return
+    }
+    // Reset if org changed
+    if (lastOrgRef.current !== organization.id) {
+      lastOrgRef.current = organization.id
+      setPlanInfo(null)
+    }
+    loadPlanInfo()
+    const interval = setInterval(loadPlanInfo, REFRESH_INTERVAL)
+    return () => clearInterval(interval)
+  }, [organization, loadPlanInfo])
+
+  return (
+    <PlanInfoContext.Provider value={{ planInfo, loading, refreshPlanInfo: loadPlanInfo }}>
+      {children}
+    </PlanInfoContext.Provider>
+  )
+}
+
+export function usePlanInfo() {
+  const context = useContext(PlanInfoContext)
+  if (!context) {
+    throw new Error("usePlanInfo must be used within PlanInfoProvider")
+  }
+  return context
+}