Admin: Letzte Aktivität pro User (nur echte Aktionen, kein Polling)
This commit is contained in:
@@ -250,6 +250,8 @@ if (msgCols2.length && !msgCols2.includes('read_by_recipient')) {
|
||||
const userCols2 = db.prepare("PRAGMA table_info(users)").all().map(r => r.name);
|
||||
if (!userCols2.includes('preferences'))
|
||||
db.exec("ALTER TABLE users ADD COLUMN preferences TEXT DEFAULT NULL");
|
||||
if (!userCols2.includes('last_active_at'))
|
||||
db.exec("ALTER TABLE users ADD COLUMN last_active_at DATETIME DEFAULT NULL");
|
||||
|
||||
// ── Login-Sicherheit ──────────────────────────────────────────────────────────
|
||||
// Spalten für Account-Lockout in users-Tabelle
|
||||
|
||||
@@ -7,6 +7,23 @@ require('./db');
|
||||
const app = express();
|
||||
app.use(express.json({ limit: '10mb' }));
|
||||
|
||||
// ── Aktivitäts-Tracking: nur bei echten Aktionen (POST/PUT/DELETE) ─────────────
|
||||
app.use((req, res, next) => {
|
||||
if (['POST','PUT','DELETE'].includes(req.method)) {
|
||||
const auth = req.headers.authorization;
|
||||
if (auth?.startsWith('Bearer ')) {
|
||||
try {
|
||||
const jwt = require('jsonwebtoken');
|
||||
const p = jwt.verify(auth.slice(7), process.env.JWT_SECRET || 'dev-secret');
|
||||
if (p?.id) {
|
||||
db.prepare("UPDATE users SET last_active_at=datetime('now','localtime') WHERE id=?").run(p.id);
|
||||
}
|
||||
} catch {}
|
||||
}
|
||||
}
|
||||
next();
|
||||
});
|
||||
|
||||
// ── Security Headers ──────────────────────────────────────────────────────────
|
||||
app.use((_req, res, next) => {
|
||||
res.setHeader('Content-Security-Policy', [
|
||||
|
||||
@@ -31,7 +31,7 @@ router.post('/restore', authenticate, requireAdmin, upload.single('database'), (
|
||||
|
||||
// GET /api/admin/users – alle Benutzer mit Statistiken
|
||||
router.get('/users', authenticate, requireAdmin, (req, res) => {
|
||||
const users = db.prepare("SELECT id, username, role, created_at FROM users ORDER BY role DESC, username").all();
|
||||
const users = db.prepare("SELECT id, username, role, created_at, last_active_at FROM users ORDER BY role DESC, username").all();
|
||||
const stats = users.map(u => {
|
||||
const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c;
|
||||
const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c;
|
||||
|
||||
@@ -1499,6 +1499,22 @@ function UserManagement({ toast }) {
|
||||
border:`1px solid ${u.role==='admin'?'rgba(255,230,109,0.3)':'rgba(78,205,196,0.3)'}`,
|
||||
borderRadius:4, padding:'1px 6px',
|
||||
}}>{u.role}</span>
|
||||
{u.last_active_at && (
|
||||
<span style={{
|
||||
marginLeft:6, fontSize:9, fontFamily:'monospace',
|
||||
color:'rgba(255,255,255,0.35)',
|
||||
}}>
|
||||
● {(() => {
|
||||
const d = new Date(u.last_active_at.replace(' ','T'));
|
||||
const now = new Date();
|
||||
const diff = Math.floor((now - d) / 60000);
|
||||
if (diff < 2) return 'gerade eben';
|
||||
if (diff < 60) return `vor ${diff} min`;
|
||||
if (diff < 1440) return `vor ${Math.floor(diff/60)} h`;
|
||||
return d.toLocaleDateString('de-DE', {day:'2-digit',month:'2-digit',hour:'2-digit',minute:'2-digit'});
|
||||
})()}
|
||||
</span>
|
||||
)}
|
||||
</div>
|
||||
<div style={{display:'flex',gap:5}}>
|
||||
<button onClick={()=>{setResetId(u.id);setResetPw('');}}
|
||||
|
||||
Reference in New Issue
Block a user