bearerToken() || config('auth.defaults.guard') === 'reverse-proxy-guard') { return $next($request); } $user = Auth::user(); $now = Carbon::now(); $inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at)); // Fetch all setting values $settingService = resolve('App\Services\SettingService'); $kickUserAfterXSecond = intval($settingService->get('kickUserAfter')) * 60; // If user has been inactive longer than the allowed inactivity period if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) { $user->last_seen_at = $now->format('Y-m-d H:i:s'); $user->save(); Log::notice('Inactive user detected, authentication rejected'); if (method_exists('Illuminate\Support\Facades\Auth', 'logout')) { Auth::logout(); } return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED); } return $next($request); } }