Initial commit

app/Http/Middleware/ProfileSessionTimeout.php

@@ -0,0 +1,106 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Config;
+
+/**
+ * Profile-Based Session Timeout Middleware
+ *
+ * Enforces session timeouts based on the active profile type from platform configuration.
+ * This overrides the default SESSION_LIFETIME from .env with profile-specific timeouts.
+ *
+ * Configuration: config/timebank_cc.php -> 'profile_timeouts'
+ */
+class ProfileSessionTimeout
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // Skip timeout check for guests
+        if (!Auth::check()) {
+            return $next($request);
+        }
+
+        // Get active profile from session
+        $activeProfileType = session('activeProfileType');
+        $activeProfileId = session('activeProfileId');
+
+        // Get profile-specific timeout from config
+        $timeoutMinutes = $this->getProfileTimeout($activeProfileType);
+
+        // Get last activity timestamp
+        $lastActivity = session('last_activity_at');
+
+        // If this is the first request, set last activity and continue
+        if (!$lastActivity) {
+            session(['last_activity_at' => now()->timestamp]);
+            return $next($request);
+        }
+
+        // Calculate idle time in minutes
+        $idleMinutes = (now()->timestamp - $lastActivity) / 60;
+
+        // Check if session has timed out
+        if ($idleMinutes > $timeoutMinutes) {
+            // Log the timeout for debugging
+            \Log::info('Session timeout', [
+                'user_id' => Auth::id(),
+                'profile_type' => $activeProfileType,
+                'profile_id' => $activeProfileId,
+                'idle_minutes' => round($idleMinutes, 2),
+                'timeout_limit' => $timeoutMinutes,
+            ]);
+
+            // Clear session and logout
+            Auth::logout();
+            $request->session()->invalidate();
+            $request->session()->regenerateToken();
+
+            // Redirect to login with timeout message
+            return redirect()->route('login')
+                ->with('status', __('Your session has expired due to inactivity. Please log in again.'));
+        }
+
+        // Update last activity timestamp
+        session(['last_activity_at' => now()->timestamp]);
+
+        return $next($request);
+    }
+
+    /**
+     * Get the timeout duration in minutes for the given profile type
+     *
+     * @param string|null $profileType
+     * @return int Timeout in minutes
+     */
+    protected function getProfileTimeout(?string $profileType): int
+    {
+        // Get profile_timeouts from platform config
+        $profileTimeouts = timebank_config('profile_timeouts', []);
+
+        // If profile type is set and has a specific timeout, use it
+        if ($profileType && isset($profileTimeouts[$profileType])) {
+            return (int) $profileTimeouts[$profileType];
+        }
+
+        // Otherwise, use the default timeout from platform config
+        $defaultTimeout = timebank_config('profile_timeout_default', 120);
+
+        // If still not set, fall back to SESSION_LIFETIME from .env
+        if (!$defaultTimeout) {
+            $defaultTimeout = Config::get('session.lifetime', 120);
+        }
+
+        return (int) $defaultTimeout;
+    }
+}