zero-ui icon indicating copy to clipboard operation
zero-ui copied to clipboard

Published 20 hours ago verified publisher icon dec0dOS

feat: Idle Session Timeout for increased security

Open AntGod6123 opened this issue 2 years ago • 0 comments

Currently, ZeroUI continues to stay logged in despite losing connection to the Zerotier Controller. Adding code to ZeroUI for Idle Session Timeout will force users to log back in if Idle long enough or a connection is lost. This would increase security of the Zerotier Controller through the ZeroUI GUI.

Possible solution to implement for the required files below:

settings.html

<div class="form-group">
  <label for="idle-session-timeout">Idle Session Timeout (minutes)</label>
  <input type="number" id="idle-session-timeout" class="form-control" />
</div>

settings.js

// settings.js

function handleIdleSessionTimeoutInput() {
  // Get the idle session timeout value from the input field
  const idleSessionTimeout = document.querySelector('#idle-session-timeout').value;

  // Save the idle session timeout value to the settings
  saveSetting('idleSessionTimeout', idleSessionTimeout);
}

document.querySelector('#idle-session-timeout').addEventListener('change', handleIdleSessionTimeoutInput);

core.js

// core.js

function checkIdleSessionTimeout() {
  // Get the idle session timeout from the settings
  const idleSessionTimeout = getSetting('idleSessionTimeout');

  // Get the last time the user interacted with the application
  const lastUserInteraction = new Date().getTime() - getLastUserInteractionTime();

  // If the user has been idle for longer than the timeout period, log out the user
  if (lastUserInteraction > idleSessionTimeout * 60 * 1000) {
    logout();
  }
}

// Call the checkIdleSessionTimeout() function every 60 seconds
setInterval(checkIdleSessionTimeout, 60 * 1000);

ui.js

// ui.js

// Add event listeners for all user interactions
document.addEventListener('mousemove', clearIdleSessionTimeoutTimer);
document.addEventListener('mousedown', clearIdleSessionTimeoutTimer);
document.addEventListener('keyup', clearIdleSessionTimeoutTimer);

// Clear the idle session timeout timer whenever the user interacts with the application
function clearIdleSessionTimeoutTimer() {
  clearTimeout(idleSessionTimeoutTimer);
  idleSessionTimeoutTimer = setTimeout(checkIdleSessionTimeout, 60 * 1000);
}

I have not tested this, understandably I am not a coder but am hoping this helps get it started and can be tested/debugged.

AntGod6123 avatar Nov 04 '23 14:11 AntGod6123