diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index e61fc6c0..8df21353 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -44,7 +44,7 @@ class Kernel extends HttpKernel 'api.v1' => [ 'throttle:60,1', 'bindings', - \App\Http\Middleware\LogoutInactiveUser::class, + \App\Http\Middleware\KickOutInactiveUser::class, \App\Http\Middleware\LogUserLastSeen::class, ], ]; diff --git a/app/Http/Middleware/LogoutInactiveUser.php b/app/Http/Middleware/KickOutInactiveUser.php similarity index 82% rename from app/Http/Middleware/LogoutInactiveUser.php rename to app/Http/Middleware/KickOutInactiveUser.php index 08482cd6..52a55273 100644 --- a/app/Http/Middleware/LogoutInactiveUser.php +++ b/app/Http/Middleware/KickOutInactiveUser.php @@ -9,7 +9,7 @@ use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Log; -class LogoutInactiveUser +class KickOutInactiveUser { /** * Handle an incoming request. @@ -20,12 +20,12 @@ class LogoutInactiveUser */ public function handle($request, Closure $next, $guard = null) { - // We do not track activity of non-logged-in user or user authenticated against a bearer token - if (!Auth::guard('api')->check() || $request->bearerToken()) { + // We do not track activity of guest or user authenticated against a bearer token + if (Auth::guest() || $request->bearerToken()) { return $next($request); } - $user = Auth::guard($guard)->user(); + $user = Auth::user(); $now = Carbon::now(); $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at)); @@ -38,8 +38,7 @@ public function handle($request, Closure $next, $guard = null) $user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->save(); - - Auth::logout(); + Log::notice('Inactive user detected, authentication rejected'); return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);