Admin: Letzte Aktivität pro User (nur echte Aktionen, kein Polling)

This commit is contained in:
2026-05-28 19:56:36 +02:00
parent d475c8f64f
commit 8f7dbbf3c9
4 changed files with 36 additions and 1 deletions

View File

@@ -250,6 +250,8 @@ if (msgCols2.length && !msgCols2.includes('read_by_recipient')) {
const userCols2 = db.prepare("PRAGMA table_info(users)").all().map(r => r.name); const userCols2 = db.prepare("PRAGMA table_info(users)").all().map(r => r.name);
if (!userCols2.includes('preferences')) if (!userCols2.includes('preferences'))
db.exec("ALTER TABLE users ADD COLUMN preferences TEXT DEFAULT NULL"); db.exec("ALTER TABLE users ADD COLUMN preferences TEXT DEFAULT NULL");
if (!userCols2.includes('last_active_at'))
db.exec("ALTER TABLE users ADD COLUMN last_active_at DATETIME DEFAULT NULL");
// ── Login-Sicherheit ────────────────────────────────────────────────────────── // ── Login-Sicherheit ──────────────────────────────────────────────────────────
// Spalten für Account-Lockout in users-Tabelle // Spalten für Account-Lockout in users-Tabelle

View File

@@ -7,6 +7,23 @@ require('./db');
const app = express(); const app = express();
app.use(express.json({ limit: '10mb' })); app.use(express.json({ limit: '10mb' }));
// ── Aktivitäts-Tracking: nur bei echten Aktionen (POST/PUT/DELETE) ─────────────
app.use((req, res, next) => {
if (['POST','PUT','DELETE'].includes(req.method)) {
const auth = req.headers.authorization;
if (auth?.startsWith('Bearer ')) {
try {
const jwt = require('jsonwebtoken');
const p = jwt.verify(auth.slice(7), process.env.JWT_SECRET || 'dev-secret');
if (p?.id) {
db.prepare("UPDATE users SET last_active_at=datetime('now','localtime') WHERE id=?").run(p.id);
}
} catch {}
}
}
next();
});
// ── Security Headers ────────────────────────────────────────────────────────── // ── Security Headers ──────────────────────────────────────────────────────────
app.use((_req, res, next) => { app.use((_req, res, next) => {
res.setHeader('Content-Security-Policy', [ res.setHeader('Content-Security-Policy', [

View File

@@ -31,7 +31,7 @@ router.post('/restore', authenticate, requireAdmin, upload.single('database'), (
// GET /api/admin/users alle Benutzer mit Statistiken // GET /api/admin/users alle Benutzer mit Statistiken
router.get('/users', authenticate, requireAdmin, (req, res) => { router.get('/users', authenticate, requireAdmin, (req, res) => {
const users = db.prepare("SELECT id, username, role, created_at FROM users ORDER BY role DESC, username").all(); const users = db.prepare("SELECT id, username, role, created_at, last_active_at FROM users ORDER BY role DESC, username").all();
const stats = users.map(u => { const stats = users.map(u => {
const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c; const archiv = db.prepare('SELECT COUNT(*) c FROM calculations WHERE user_id=?').get(u.id).c;
const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c; const bestellung = db.prepare('SELECT COUNT(*) c FROM orders WHERE user_id=?').get(u.id).c;

View File

@@ -1499,6 +1499,22 @@ function UserManagement({ toast }) {
border:`1px solid ${u.role==='admin'?'rgba(255,230,109,0.3)':'rgba(78,205,196,0.3)'}`, border:`1px solid ${u.role==='admin'?'rgba(255,230,109,0.3)':'rgba(78,205,196,0.3)'}`,
borderRadius:4, padding:'1px 6px', borderRadius:4, padding:'1px 6px',
}}>{u.role}</span> }}>{u.role}</span>
{u.last_active_at && (
<span style={{
marginLeft:6, fontSize:9, fontFamily:'monospace',
color:'rgba(255,255,255,0.35)',
}}>
{(() => {
const d = new Date(u.last_active_at.replace(' ','T'));
const now = new Date();
const diff = Math.floor((now - d) / 60000);
if (diff < 2) return 'gerade eben';
if (diff < 60) return `vor ${diff} min`;
if (diff < 1440) return `vor ${Math.floor(diff/60)} h`;
return d.toLocaleDateString('de-DE', {day:'2-digit',month:'2-digit',hour:'2-digit',minute:'2-digit'});
})()}
</span>
)}
</div> </div>
<div style={{display:'flex',gap:5}}> <div style={{display:'flex',gap:5}}>
<button onClick={()=>{setResetId(u.id);setResetPw('');}} <button onClick={()=>{setResetId(u.id);setResetPw('');}}