Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Idle Session Timeout for increased security #191

Open
AntGod6123 opened this issue Nov 4, 2023 · 0 comments
Open

feat: Idle Session Timeout for increased security #191

AntGod6123 opened this issue Nov 4, 2023 · 0 comments
Labels
new-feature New features or options.

Comments

@AntGod6123
Copy link

AntGod6123 commented Nov 4, 2023
edited
Loading

Currently, ZeroUI continues to stay logged in despite losing connection to the Zerotier Controller. Adding code to ZeroUI for Idle Session Timeout will force users to log back in if Idle long enough or a connection is lost. This would increase security of the Zerotier Controller through the ZeroUI GUI.

Possible solution to implement for the required files below:

settings.html

<div class="form-group">
  <label for="idle-session-timeout">Idle Session Timeout (minutes)</label>
  <input type="number" id="idle-session-timeout" class="form-control" />
</div>

settings.js

// settings.js

function handleIdleSessionTimeoutInput() {
  // Get the idle session timeout value from the input field
  const idleSessionTimeout = document.querySelector('#idle-session-timeout').value;

  // Save the idle session timeout value to the settings
  saveSetting('idleSessionTimeout', idleSessionTimeout);
}

document.querySelector('#idle-session-timeout').addEventListener('change', handleIdleSessionTimeoutInput);

core.js

// core.js

function checkIdleSessionTimeout() {
  // Get the idle session timeout from the settings
  const idleSessionTimeout = getSetting('idleSessionTimeout');

  // Get the last time the user interacted with the application
  const lastUserInteraction = new Date().getTime() - getLastUserInteractionTime();

  // If the user has been idle for longer than the timeout period, log out the user
  if (lastUserInteraction > idleSessionTimeout * 60 * 1000) {
    logout();
  }
}

// Call the checkIdleSessionTimeout() function every 60 seconds
setInterval(checkIdleSessionTimeout, 60 * 1000);

ui.js

// ui.js

// Add event listeners for all user interactions
document.addEventListener('mousemove', clearIdleSessionTimeoutTimer);
document.addEventListener('mousedown', clearIdleSessionTimeoutTimer);
document.addEventListener('keyup', clearIdleSessionTimeoutTimer);

// Clear the idle session timeout timer whenever the user interacts with the application
function clearIdleSessionTimeoutTimer() {
  clearTimeout(idleSessionTimeoutTimer);
  idleSessionTimeoutTimer = setTimeout(checkIdleSessionTimeout, 60 * 1000);
}

I have not tested this, understandably I am not a coder but am hoping this helps get it started and can be tested/debugged.
@AntGod6123 AntGod6123 added the new-feature New features or options. label Nov 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new-feature New features or options.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AntGod6123