Refresh session data via /me endpoint

Author: apps-caraga

README.md

@@ -708,6 +708,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "dbAuth.usernameColumn": The users table column that holds usernames ("username")
 - "dbAuth.passwordColumn": The users table column that holds passwords ("password")
 - "dbAuth.returnedColumns": The columns returned on successful login, empty means 'all' ("")
+- "dbAuth.refreshSession": Number of minutes before a session is refreshed via api.php/me endpoint, (0)
 - "dbAuth.usernameFormField": The name of the form field that holds the username ("username")
 - "dbAuth.usernamePattern": Specify regex pattern for username. Defaults to alpha-numeric charactes ("/^[A-Za-z0-9]+$/")
 - "dbAuth.usernameMaxLength": Specify maximum length of username (30)

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

@@ -156,6 +156,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                             session_regenerate_id(true);
                         }
                         unset($user[$passwordColumnName]);
+                        $_SESSION['updatedAt'] = time();
                         $_SESSION['user'] = $user;
                         return $this->responder->success($user);
                     } else {
@@ -173,6 +174,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
                             session_regenerate_id(true);
                         }
                         unset($user[$passwordColumnName]);
+                        $_SESSION['updatedAt'] = time();
                         $_SESSION['user'] = $user;
                         return $this->responder->success($user);
                     }
@@ -221,6 +223,25 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         }
         if ($method == 'GET' && $path == 'me') {
             if (isset($_SESSION['user'])) {
+                $updateAfter = $this->getProperty('refreshSession',0) * 60;//update session after x minutes
+                if($updateAfter > 0 &&( time() >($_SESSION['user']['updatedAt'] + $updateAfter))){
+                    $tableName = $this->getProperty('loginTable','users');
+                    $table = $this->reflection->getTable($tableName);
+                    $pkName = $table->getPk()->getName();
+                    $passwordColumnName = $this->getProperty('passwordColumn','');
+                    $returnedColumns = $this->getProperty('returnedColumns','');
+                    if(!$returnedColumns){
+                        $columnNames = $table->getColumnNames();
+                    }else{
+                        $columnNames = array_map)('trim',explode(',',$returnedColumns));
+                        $columnNames[] = $passwordColumnName;
+                        $columnNames  = array_values(array_unique($columnNames));
+                    }
+                    $user = $this->db->selectSingle($table,$columnNames,$_SESSION['user'][$pkName]);
+                    unset($user[$passwordColumnName]);
+                    $user['updatedAt'] = time();
+                    $_SESSION['user'] = $user;
+                }
                 return $this->responder->success($_SESSION['user']);
             }
             return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');