Implement session inactivity expiration handling.

2025-01-03 21:22:02 -05:00 · 2025-01-03 21:22:02 -05:00 · e9269a24fc
commit e9269a24fc
parent b9b7b23e9e
4 changed files with 32 additions and 1 deletions
--- a/src/Socialbox/Classes/Configuration.php
+++ b/src/Socialbox/Classes/Configuration.php
@ -123,6 +123,9 @@
            // Server Policies
            // The maximum number of signing keys a peer can register onto the server at once
            $config->setDefault('policies.max_signing_keys', 20);
+            // The amount of time in seconds it takes before a session is considered expired due to inactivity
+            // Default: 12hours
+            $config->setDefault('policies.session_inactivity_expires', 43200);

            // Storage configuration
            $config->setDefault('storage.path', '/etc/socialbox'); // The main path for file storage
--- a/src/Socialbox/Classes/Configuration/PoliciesConfiguration.php
+++ b/src/Socialbox/Classes/Configuration/PoliciesConfiguration.php
@ -5,10 +5,12 @@
    class PoliciesConfiguration
    {
        private int $maxSigningKeys;
+        private int $sessionInactivityExpires;

        public function __construct(array $data)
        {
            $this->maxSigningKeys = $data['max_signing_keys'];
+            $this->sessionInactivityExpires = $data['session_inactivity_expires'];
        }

        /**
@ -18,4 +20,12 @@
        {
            return $this->maxSigningKeys;
        }
+
+        /**
+         * @return int
+         */
+        public function getSessionInactivityExpires(): int
+        {
+            return $this->sessionInactivityExpires;
+        }
    }
--- a/src/Socialbox/Objects/Database/SessionRecord.php
+++ b/src/Socialbox/Objects/Database/SessionRecord.php
@ -3,6 +3,7 @@
    namespace Socialbox\Objects\Database;

    use DateTime;
+    use Socialbox\Classes\Configuration;
    use Socialbox\Enums\Flags\SessionFlags;
    use Socialbox\Enums\SessionState;
    use Socialbox\Interfaces\SerializableInterface;
@ -165,6 +166,12 @@
         */
        public function getState(): SessionState
        {
+            $expires = time() + Configuration::getPoliciesConfiguration()->getSessionInactivityExpires();
+            if($this->lastRequest !== null && $this->lastRequest->getTimestamp() > $expires)
+            {
+                return SessionState::EXPIRED;
+            }
+
            return $this->state;
        }

--- a/src/Socialbox/Socialbox.php
+++ b/src/Socialbox/Socialbox.php
@ -409,7 +409,18 @@
            // Verify if the session is active
            if($session->getState() !== SessionState::ACTIVE)
            {
-                self::returnError(403, StandardError::FORBIDDEN, 'Session is not active');
+                self::returnError(403, StandardError::FORBIDDEN, 'Session is not active (' . $session->getState()->value . ')');
+                return;
+            }
+
+            try
+            {
+                SessionManager::updateLastRequest($session->getUuid());
+            }
+            catch (DatabaseOperationException $e)
+            {
+                Logger::getLogger()->error('Failed to update the last request time for the session', $e);
+                self::returnError(500, StandardError::INTERNAL_SERVER_ERROR, 'Failed to update the session', $e);
                return;
            }