feat: Idle Session Timeout for increased security #191
Description
Currently, ZeroUI continues to stay logged in despite losing connection to the Zerotier Controller. Adding code to ZeroUI for Idle Session Timeout will force users to log back in if Idle long enough or a connection is lost. This would increase security of the Zerotier Controller through the ZeroUI GUI.
Possible solution to implement for the required files below:
settings.html
<div class="form-group">
<label for="idle-session-timeout">Idle Session Timeout (minutes)</label>
<input type="number" id="idle-session-timeout" class="form-control" />
</div>
settings.js
// settings.js
function handleIdleSessionTimeoutInput() {
// Get the idle session timeout value from the input field
const idleSessionTimeout = document.querySelector('#idle-session-timeout').value;
// Save the idle session timeout value to the settings
saveSetting('idleSessionTimeout', idleSessionTimeout);
}
document.querySelector('#idle-session-timeout').addEventListener('change', handleIdleSessionTimeoutInput);
core.js
// core.js
function checkIdleSessionTimeout() {
// Get the idle session timeout from the settings
const idleSessionTimeout = getSetting('idleSessionTimeout');
// Get the last time the user interacted with the application
const lastUserInteraction = new Date().getTime() - getLastUserInteractionTime();
// If the user has been idle for longer than the timeout period, log out the user
if (lastUserInteraction > idleSessionTimeout * 60 * 1000) {
logout();
}
}
// Call the checkIdleSessionTimeout() function every 60 seconds
setInterval(checkIdleSessionTimeout, 60 * 1000);
ui.js
// ui.js
// Add event listeners for all user interactions
document.addEventListener('mousemove', clearIdleSessionTimeoutTimer);
document.addEventListener('mousedown', clearIdleSessionTimeoutTimer);
document.addEventListener('keyup', clearIdleSessionTimeoutTimer);
// Clear the idle session timeout timer whenever the user interacts with the application
function clearIdleSessionTimeoutTimer() {
clearTimeout(idleSessionTimeoutTimer);
idleSessionTimeoutTimer = setTimeout(checkIdleSessionTimeout, 60 * 1000);
}
I have not tested this, understandably I am not a coder but am hoping this helps get it started and can be tested/debugged.