Admin: Letzte Aktivität pro User (nur echte Aktionen, kein Polling)
This commit is contained in:
@@ -7,6 +7,23 @@ require('./db');
|
||||
const app = express();
|
||||
app.use(express.json({ limit: '10mb' }));
|
||||
|
||||
// ── Aktivitäts-Tracking: nur bei echten Aktionen (POST/PUT/DELETE) ─────────────
|
||||
app.use((req, res, next) => {
|
||||
if (['POST','PUT','DELETE'].includes(req.method)) {
|
||||
const auth = req.headers.authorization;
|
||||
if (auth?.startsWith('Bearer ')) {
|
||||
try {
|
||||
const jwt = require('jsonwebtoken');
|
||||
const p = jwt.verify(auth.slice(7), process.env.JWT_SECRET || 'dev-secret');
|
||||
if (p?.id) {
|
||||
db.prepare("UPDATE users SET last_active_at=datetime('now','localtime') WHERE id=?").run(p.id);
|
||||
}
|
||||
} catch {}
|
||||
}
|
||||
}
|
||||
next();
|
||||
});
|
||||
|
||||
// ── Security Headers ──────────────────────────────────────────────────────────
|
||||
app.use((_req, res, next) => {
|
||||
res.setHeader('Content-Security-Policy', [
|
||||
|
||||
Reference in New Issue
Block a user