Made changes to the host details area to add notes

Reconfigured JWT session timeouts
2025-11-16 03:41:43 +00:00 · 2025-10-01 08:38:40 +01:00
parent f254b54404
commit 5d8a1e71d6
13 changed files with 1004 additions and 299 deletions
--- a/backend/src/middleware/auth.js
+++ b/backend/src/middleware/auth.js
@@ -1,9 +1,13 @@
 const jwt = require("jsonwebtoken");
 const { PrismaClient } = require("@prisma/client");
+const {
+	validate_session,
+	update_session_activity,
+} = require("../utils/session_manager");

 const prisma = new PrismaClient();

-// Middleware to verify JWT token
+// Middleware to verify JWT token with session validation
 const authenticateToken = async (req, res, next) => {
 	try {
 		const authHeader = req.headers.authorization;
@@ -19,35 +23,40 @@ const authenticateToken = async (req, res, next) => {
 			process.env.JWT_SECRET || "your-secret-key",
 		);

-		// Get user from database
-		const user = await prisma.users.findUnique({
-			where: { id: decoded.userId },
-			select: {
-				id: true,
-				username: true,
-				email: true,
-				role: true,
-				is_active: true,
-				last_login: true,
-				created_at: true,
-				updated_at: true,
-			},
-		});
+		// Validate session and check inactivity timeout
+		const validation = await validate_session(decoded.sessionId, token);

-		if (!user || !user.is_active) {
-			return res.status(401).json({ error: "Invalid or inactive user" });
+		if (!validation.valid) {
+			const error_messages = {
+				"Session not found": "Session not found",
+				"Session revoked": "Session has been revoked",
+				"Session expired": "Session has expired",
+				"Session inactive":
+					validation.message || "Session timed out due to inactivity",
+				"Token mismatch": "Invalid token",
+				"User inactive": "User account is inactive",
+			};
+
+			return res.status(401).json({
+				error: error_messages[validation.reason] || "Authentication failed",
+				reason: validation.reason,
+			});
 		}

-		// Update last login
+		// Update session activity timestamp
+		await update_session_activity(decoded.sessionId);
+
+		// Update last login (only on successful authentication)
 		await prisma.users.update({
-			where: { id: user.id },
+			where: { id: validation.user.id },
 			data: {
 				last_login: new Date(),
 				updated_at: new Date(),
 			},
 		});

-		req.user = user;
+		req.user = validation.user;
+		req.session_id = decoded.sessionId;
 		next();
 	} catch (error) {
 		if (error.name === "JsonWebTokenError") {