From 7236fc146480a04ebe129cceb4f5465959f96f16 Mon Sep 17 00:00:00 2001
From: jaleonardo <32501234+apps-caraga@users.noreply.github.com>
Date: Sun, 22 Oct 2023 13:50:50 +0800
Subject: [PATCH 1/3] Update DbAuthMiddleware.php

Add new property dbAuth.refreshSession to indicate whether the session data will be updated every x minutes. Also new session key (updatedAt) to record the time of creation/updating of session
---
 .../Middleware/DbAuthMiddleware.php           | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
index fb6aba9f..16e749f3 100644
--- a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
+++ b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
@@ -128,6 +128,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                             session_regenerate_id(true);
                         }
                         unset($user[$passwordColumnName]);
+                        $user['updatedAt'] = time();
                         $_SESSION['user'] = $user;
                         return $this->responder->success($user);
                     }
@@ -176,6 +177,24 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         }
         if ($method == 'GET' && $path == 'me') {
             if (isset($_SESSION['user'])) {
+                $updateAfter = $this->getProperty('updateSessionData',0) * 60; 
+                $passwordColumnName = $this->getProperty('passwordColumn','password');
+                if($updateAfter > 0 && (time() > ($_SESSION['user']['updatedAt'] + $updateAfter))){
+                    $tableName = $this->getProperty('loginTable','users');
+                    $table = $this->reflection->getTable($tableName);
+                    $pkName = $table->getPk()->getName();
+                    $returnedColumns = $this->getProperty('returnedColumns','');
+                    if(!$returnedColumns){
+                        $columnNames = $table->getColumnNames();
+                    }else{
+                        $columnNames = array_map('trim',explode(',',$returnedColumns));
+                        $columnNames = array_values(array_unique($columnNames));
+                    }
+                    $user = $this->db->selectSingle($table,$columnNames,$_SESSION['user'][$pkName]);
+                    unset($user[$passwordColumnName]);
+                    $user['updatedAt'] = time();
+                    $_SESSION['user'] = $user;
+                }
                 return $this->responder->success($_SESSION['user']);
             }
             return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

From 1f9b1c4ef9db85e20f51f08d03a13622440d4165 Mon Sep 17 00:00:00 2001
From: jaleonardo <32501234+apps-caraga@users.noreply.github.com>
Date: Sun, 22 Oct 2023 17:31:06 +0800
Subject: [PATCH 2/3] Readme description for new property
 (dbAuth.updateSession)

dbAuth.updateSessionData - Defaults to zero (session data is not updated). If value is > 0, this will be the number of minutes to check after which the session data is updated when the /me end-point  is called
---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index ce119d3c..870790e3 100644
--- a/README.md
+++ b/README.md
@@ -718,6 +718,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "dbAuth.loginAfterRegistration": 1 or zero if registered users should be logged in after registration ("")
 - "dbAuth.passwordLength": Minimum length that the password must have ("12")
 - "dbAuth.sessionName": The name of the PHP session that is started ("")
+- "dbAuth.updateSessionData": Number of minutes after which the session data is updated when calling /me end-point (0)
 - "wpAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
 - "wpAuth.wpDirectory": The folder/path where the Wordpress install can be found (".")
 - "wpAuth.usernameFormField": The name of the form field that holds the username ("username")

From 15f2482a196f38a120cde07dd4aa73e99fe39c7b Mon Sep 17 00:00:00 2001
From: jaleonardo <32501234+apps-caraga@users.noreply.github.com>
Date: Tue, 24 Oct 2023 13:44:58 +0800
Subject: [PATCH 3/3] Update DbAuthMiddleware.php

Updated loginAfterRegistration block to include updatedAt key to the session
---
 src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
index 16e749f3..35227262 100644
--- a/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
+++ b/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php
@@ -111,6 +111,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                             session_regenerate_id(true);
                         }
                         unset($user[$passwordColumnName]);
+                        $user['updatedAt'] = time();
                         $_SESSION['user'] = $user;
                         return $this->responder->success($user);
                     } else {