update controllers logic
This commit is contained in:
@@ -0,0 +1,102 @@
|
||||
<?php
|
||||
|
||||
namespace App\Http\Controllers\Api\Auth;
|
||||
|
||||
use App\Config\SessionTimeout;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Services\ApplicationUrlService;
|
||||
use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
|
||||
/**
|
||||
* Session idle timeout checks (web session cookie).
|
||||
*/
|
||||
class SessionTimeoutController extends Controller
|
||||
{
|
||||
/** CI-compatible session key */
|
||||
private const SESSION_KEY = 'last_activity';
|
||||
|
||||
public function __construct(
|
||||
private ApplicationUrlService $urls,
|
||||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* CI nested routes: SessionController::getTimeoutConfig shape (URLs point at this app).
|
||||
*/
|
||||
public function getTimeoutConfig(): JsonResponse
|
||||
{
|
||||
return response()->json([
|
||||
'success' => true,
|
||||
'timeout' => SessionTimeout::TIMEOUT_DURATION,
|
||||
'warning_time' => SessionTimeout::WARNING_THRESHOLD,
|
||||
'check_interval' => SessionTimeout::CHECK_INTERVAL,
|
||||
'logout_url' => $this->urls->webLogoutUrl(),
|
||||
'keep_alive_url' => $this->urls->webSessionPingUrl(),
|
||||
'check_url' => $this->urls->webSessionCheckTimeoutUrl(),
|
||||
]);
|
||||
}
|
||||
|
||||
public function checkTimeout(Request $request): JsonResponse
|
||||
{
|
||||
$session = $request->session();
|
||||
|
||||
if (! $session->has(self::SESSION_KEY)) {
|
||||
return $this->expireSession($request);
|
||||
}
|
||||
|
||||
$lastActivity = (int) $session->get(self::SESSION_KEY);
|
||||
$elapsed = time() - $lastActivity;
|
||||
|
||||
if ($elapsed > SessionTimeout::TIMEOUT_DURATION) {
|
||||
return $this->expireSession($request);
|
||||
}
|
||||
|
||||
if ($elapsed > SessionTimeout::WARNING_THRESHOLD) {
|
||||
return response()->json([
|
||||
'status' => 'warning',
|
||||
'time_remaining' => SessionTimeout::TIMEOUT_DURATION - $elapsed,
|
||||
]);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'status' => 'active',
|
||||
'time_remaining' => SessionTimeout::TIMEOUT_DURATION - $elapsed,
|
||||
]);
|
||||
}
|
||||
|
||||
public function pingActivity(Request $request): JsonResponse
|
||||
{
|
||||
$session = $request->session();
|
||||
|
||||
if (! $session->has(self::SESSION_KEY)
|
||||
|| (time() - (int) $session->get(self::SESSION_KEY)) > SessionTimeout::TIMEOUT_DURATION) {
|
||||
return $this->expireSession($request);
|
||||
}
|
||||
|
||||
$session->put(self::SESSION_KEY, time());
|
||||
|
||||
return response()->json([
|
||||
'status' => 'active',
|
||||
'time_remaining' => SessionTimeout::TIMEOUT_DURATION,
|
||||
]);
|
||||
}
|
||||
|
||||
private function expireSession(Request $request): JsonResponse
|
||||
{
|
||||
$request->session()->flash('error', 'Your session has expired due to inactivity.');
|
||||
$request->session()->forget(self::SESSION_KEY);
|
||||
|
||||
Auth::guard('web')->logout();
|
||||
|
||||
$request->session()->invalidate();
|
||||
$request->session()->regenerateToken();
|
||||
|
||||
return response()->json([
|
||||
'status' => 'expired',
|
||||
'redirect' => $this->urls->webLoginUrl(),
|
||||
'message' => 'Your session has expired due to inactivity.',
|
||||
]);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user