Dolo/BetiX
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0280278978d2ab2870f9da601ef1b56738f71071
BetiX/app/Http/Controllers/Settings/SecurityController.php
Dolo 0280278978
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (8.4) (push) Has been cancelled
Details
tests / ci (8.5) (push) Has been cancelled
Details
Initialer Laravel Commit für BetiX
2026-04-04 18:01:50 +02:00

71 lines
2.2 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Controllers\Settings;
use App\Http\Controllers\Controller;
use Illuminate\Contracts\Pagination\LengthAwarePaginator;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;
use Inertia\Inertia;
use Inertia\Response;
class SecurityController extends Controller
{
/**
* Render the Security center page.
*/
public function index(Request $request): Response
{
// Provide a light payload; sessions loaded via separate endpoint
return Inertia::render('settings/Security', [
'twoFactorEnabled' => (bool) optional($request->user())->hasEnabledTwoFactorAuthentication(),
]);
}
/**
* List active sessions for the current user (from database sessions table).
*/
public function sessions(Request $request)
{
$userId = Auth::id();
$rows = DB::table('sessions')
->where('user_id', $userId)
->orderByDesc('last_activity')
->limit(100)
->get(['id', 'ip_address', 'user_agent', 'last_activity']);
// Format response
$data = $rows->map(function ($r) use ($request) {
$isCurrent = $request->session()->getId() === $r->id;
return [
'id' => $r->id,
'ip' => $r->ip_address,
'user_agent' => $r->user_agent,
'last_activity' => $r->last_activity,
'current' => $isCurrent,
];
})->values();
return response()->json(['data' => $data]);
}
/**
* Revoke a specific session by ID (current user's session only)
*/
public function revoke(Request $request, string $id)
{
$userId = Auth::id();
$session = DB::table('sessions')->where('id', $id)->first();
if (! $session || $session->user_id != $userId) {
abort(404);
}
// Prevent revoking current session via this endpoint to avoid lockouts
if ($request->session()->getId() === $id) {
return response()->json(['message' => 'Cannot revoke current session via API.'], 422);
}
DB::table('sessions')->where('id', $id)->delete();
return response()->json(['message' => 'Session revoked']);
}
}
Reference in New Issue View Git Blame Copy Permalink