search

un / inbox

Modern email for teams and professionals. A replacement for outdated email technology and tools. Alt to hey.com, front.com, missiveapp.com
https://uninbox.com
Other
1.28k stars 90 forks source link

security(web): add lastLoginAt #94

Closed McPizza0 closed 4 months ago

McPizza0 commented 5 months ago

we should save the last time a user has logged in to the database this could be done when we create a session for the user

the data would be used to check for active/inactive users by combining lastLoginAt with a check on active sessions

skushagra9 commented 5 months ago

Its the extension in the security page right ?

McPizza0 commented 5 months ago

no this is more database/backend

skushagra9 commented 5 months ago

got it thanks

babblebey commented 4 months ago

Project here is some great stuff @McPizza0 😉

The changes looks like it should be made in the following files

Of course after modifying the database schema adding the new field lastLoginAt of datetime/timestamp type with no defaults in...

packages/database/schema.ts

This field will get an initial value at execution of the signupRouter after the lucia session can be confirmed as successfully created session.

Then the field can get updated at login, when the passwordRouter or passkeyRouter shoots after the session can be confirmed as successfully created session.

Correct me if I'm off here 🫣

the data would be used to check for active/inactive users by combining lastLoginAt with a check on active sessions

How'd you mean here though?? Is this some thoughts around the use case of this field?? Or you're looking to include this in the implementation??? 🤔

McPizza0 commented 4 months ago

@babblebey ! yes you got the idea right re: checking active; this would just be done manually - not a feature in app a lightweight product analytics

babblebey commented 4 months ago

Great! I'd like to take a dig at this, if you assign me 😉

Thanks 😁

McPizza0 commented 4 months ago

Epic!