search

dec0dOS / zero-ui

ZeroUI - ZeroTier Controller Web UI - is a web user interface for a self-hosted ZeroTier network controller.
GNU General Public License v3.0
936 stars 149 forks source link

feat: Idle Session Timeout for increased security #191

Open AntGod6123 opened 11 months ago

AntGod6123 commented 11 months ago

Currently, ZeroUI continues to stay logged in despite losing connection to the Zerotier Controller. Adding code to ZeroUI for Idle Session Timeout will force users to log back in if Idle long enough or a connection is lost. This would increase security of the Zerotier Controller through the ZeroUI GUI.

Possible solution to implement for the required files below:

settings.html

<div class="form-group">
  <label for="idle-session-timeout">Idle Session Timeout (minutes)</label>
  <input type="number" id="idle-session-timeout" class="form-control" />
</div>

settings.js

// settings.js

function handleIdleSessionTimeoutInput() {
  // Get the idle session timeout value from the input field
  const idleSessionTimeout = document.querySelector('#idle-session-timeout').value;

  // Save the idle session timeout value to the settings
  saveSetting('idleSessionTimeout', idleSessionTimeout);
}

document.querySelector('#idle-session-timeout').addEventListener('change', handleIdleSessionTimeoutInput);

core.js

// core.js

function checkIdleSessionTimeout() {
  // Get the idle session timeout from the settings
  const idleSessionTimeout = getSetting('idleSessionTimeout');

  // Get the last time the user interacted with the application
  const lastUserInteraction = new Date().getTime() - getLastUserInteractionTime();

  // If the user has been idle for longer than the timeout period, log out the user
  if (lastUserInteraction > idleSessionTimeout * 60 * 1000) {
    logout();
  }
}

// Call the checkIdleSessionTimeout() function every 60 seconds
setInterval(checkIdleSessionTimeout, 60 * 1000);

ui.js

// ui.js

// Add event listeners for all user interactions
document.addEventListener('mousemove', clearIdleSessionTimeoutTimer);
document.addEventListener('mousedown', clearIdleSessionTimeoutTimer);
document.addEventListener('keyup', clearIdleSessionTimeoutTimer);

// Clear the idle session timeout timer whenever the user interacts with the application
function clearIdleSessionTimeoutTimer() {
  clearTimeout(idleSessionTimeoutTimer);
  idleSessionTimeoutTimer = setTimeout(checkIdleSessionTimeout, 60 * 1000);
}

I have not tested this, understandably I am not a coder but am hoping this helps get it started and can be tested/debugged.