bearerToken() || config('auth.defaults.guard') === 'reverse-proxy-guard') { return $next($request); } $user = Auth::user(); $now = Carbon::now(); $inactiveFor = (int) $now->diffInSeconds(Carbon::parse($user->last_seen_at), true); // Fetch all setting values $kickUserAfterXSecond = intval($user->preferences['kickUserAfter']) * 60; // If user has been inactive longer than the allowed inactivity period if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) { $user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->save(); Log::info(sprintf('User ID #%s detected as inactive, authentication rejected', $user->id)); Auth::guard('web-guard')->logout(); return response()->json(['message' => 'inactivity detected'], Response::HTTP_I_AM_A_TEAPOT); } return $next($request); } }