From 4fcc0fdb2d1a46861bddd0535e7d31390d629400 Mon Sep 17 00:00:00 2001
From: wanghongjun <1445693971@qq.com>
Date: Wed, 11 Feb 2026 16:16:38 +0800
Subject: [PATCH] =?UTF-8?q?=E9=95=BF=E6=97=B6=E9=97=B4=E4=B8=8D=E8=AE=BF?=
 =?UTF-8?q?=E9=97=AE=E8=87=AA=E5=8A=A8=E5=A4=B1=E6=95=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Kernel.php                         |  1 +
 app/Http/Middleware/CheckSessionTimeout.php | 36 +++++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 app/Http/Middleware/CheckSessionTimeout.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 95542d8..25f6cf0 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -45,6 +45,7 @@ class Kernel extends HttpKernel
             \App\Http\Middleware\ApiResponseMiddleware::class,
             \App\Http\Middleware\LanguageSwitcher::class,
             \App\Http\Middleware\CheckPermission::class,//用户权限中间件
+            \App\Http\Middleware\CheckSessionTimeout::class,//用户登录状态自动失效
         ],
     ];
 
diff --git a/app/Http/Middleware/CheckSessionTimeout.php b/app/Http/Middleware/CheckSessionTimeout.php
new file mode 100644
index 0000000..5d16537
--- /dev/null
+++ b/app/Http/Middleware/CheckSessionTimeout.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Services\ApiResponseService;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class CheckSessionTimeout
+{
+    /**
+     * @param Request $request
+     * @param Closure $next
+     * @return Response
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (Auth::guard('sanctum')->check()) {
+            if (session()->has('last_activity')) {
+                $expire_period = 30 * 60; // 30 minutes in seconds
+                if (time() - session('last_activity') > $expire_period) {
+                    $user = Auth::guard('sanctum')->user();
+                    $user->tokens()->delete();
+                    return (new ApiResponseService())->error(
+                        __('middleware.check.login_invalid'),
+                        400
+                    );
+                }
+            }
+            session(['last_activity' => time()]); // 更新最后活动时间
+        }
+        return $next($request);
+    }
+}