2FAuth/app/Http/Middleware/KickOutInactiveUser.php

<?php

namespace App\Http\Middleware;

use Closure;
use Carbon\Carbon;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
use App\Facades\Settings;

class KickOutInactiveUser
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string $guards
     * @return mixed
     */
    public function handle($request, Closure $next, ...$guards)
    {
        // We do not track activity of:
        // - Guest
        // - User authenticated against a bearer token
        // - User authenticated via a reverse-proxy
        if (Auth::guest() || $request->bearerToken() || config('auth.defaults.guard') === 'reverse-proxy-guard') {
            return $next($request);
        }
     
        $user = Auth::user();
        $now = Carbon::now();
        $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));

        // Fetch all setting values
        $kickUserAfterXSecond = intval(Settings::get('kickUserAfter')) * 60;

        // If user has been inactive longer than the allowed inactivity period
        if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
     
            $user->last_seen_at = $now->format('Y-m-d H:i:s');
            $user->save();
            
            Log::info('Inactive user detected, authentication rejected');
            if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {
                Auth::logout();
            }
     
            return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);
        }

        return $next($request);
    }
}
Add auto-lock option 2020-10-08 15:38:36 +02:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Carbon\Carbon;`
			`use Illuminate\Http\Response;`
			`use Illuminate\Support\Facades\Auth;`
Add logs 2021-10-15 23:46:21 +02:00			`use Illuminate\Support\Facades\Log;`
Set SettingService behind a Facade 2022-07-30 17:51:02 +02:00			`use App\Facades\Settings;`
Add auto-lock option 2020-10-08 15:38:36 +02:00
Fix inactivity middleware trying to logout stateless request 2021-11-17 23:37:16 +01:00			`class KickOutInactiveUser`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param \Closure $next`
Fix multiple issues detected by static analysis 2022-09-07 17:54:27 +02:00			`* @param string $guards`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`* @return mixed`
			`*/`
Fix multiple issues detected by static analysis 2022-09-07 17:54:27 +02:00			`public function handle($request, Closure $next, ...$guards)`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`{`
Fix and complete reverse-proxy support & Adjust front-end views 2022-03-24 14:58:30 +01:00			`// We do not track activity of:`
			`// - Guest`
			`// - User authenticated against a bearer token`
			`// - User authenticated via a reverse-proxy`
			`if (Auth::guest() \|\| $request->bearerToken() \|\| config('auth.defaults.guard') === 'reverse-proxy-guard') {`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`return $next($request);`
			`}`

Fix inactivity middleware trying to logout stateless request 2021-11-17 23:37:16 +01:00			`$user = Auth::user();`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`$now = Carbon::now();`
Update and complete phpunit tests 2020-10-09 13:35:03 +02:00			`$inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));`
Add auto-lock option 2020-10-08 15:38:36 +02:00
			`// Fetch all setting values`
Set SettingService behind a Facade 2022-07-30 17:51:02 +02:00			`$kickUserAfterXSecond = intval(Settings::get('kickUserAfter')) * 60;`
Update and complete phpunit tests 2020-10-09 13:35:03 +02:00
			`// If user has been inactive longer than the allowed inactivity period`
			`if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {`

Add auto-lock option 2020-10-08 15:38:36 +02:00			`$user->last_seen_at = $now->format('Y-m-d H:i:s');`
			`$user->save();`
Fix inactivity middleware trying to logout stateless request 2021-11-17 23:37:16 +01:00
Add logs for common Auth actions 2022-10-18 17:34:56 +02:00			`Log::info('Inactive user detected, authentication rejected');`
Fix test error on kick-out inactive user 2022-05-10 00:59:07 +02:00			`if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) {`
			`Auth::logout();`
			`}`
Add auto-lock option 2020-10-08 15:38:36 +02:00
Fix #73 - CSRF token mismatch 2022-05-14 13:45:12 +02:00			`return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT);`
Add auto-lock option 2020-10-08 15:38:36 +02:00			`}`

			`return $next($request);`
			`}`
Disable inactivity tracking for user authenticated against bearer token 2021-10-29 21:51:58 +02:00			`}`