feat: implement sliding session window with automatic token refresh on user activity

elainefan331 · elainefan331 · commit e0136d112518 · 2026-02-14T08:27:24.000+08:00
diff --git a/backend/src/middleware/auth.middleware.js b/backend/src/middleware/auth.middleware.js
@@ -2,22 +2,23 @@ const jwt = require("jsonwebtoken");
 const { User } = require("../models");
 
 const JWT_SECRET = process.env.JWT_SECRET;
-const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "3600";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || 14400; // default 4 hours
+const MAX_SESSION_DURATION = process.env.MAX_SESSION_DURATION || "86400"; // 24 hours default
 
-const setTokenCookie = (res, user) => {
+const setTokenCookie = (res, user, isNewSession = true) => {
   // create safe user object for token
   const safeUser = {
     id: user.id,
     email: user.email,
     username: user.username,
   };
 
-  // Add session start time for new logins
+  // Add
   const payload = {
     data: safeUser,
   };
 
-  // If this is a new session, add the session start time
+  // Add: If this is a new session, add the session start time
   if (isNewSession) {
     payload.sessionStart = Math.floor(Date.now() / 1000); // Unix timestamp
   } else {
@@ -26,7 +27,11 @@ const setTokenCookie = (res, user) => {
   }
 
   // sign JWT token
-  const token = jwt.sign({ data: safeUser }, JWT_SECRET, {
+  // const token = jwt.sign({ data: safeUser }, JWT_SECRET, {
+  //   expiresIn: parseInt(JWT_EXPIRES_IN),
+  // });
+  // replace with
+  const token = jwt.sign(payload, JWT_SECRET, {
     expiresIn: parseInt(JWT_EXPIRES_IN),
   });
 
@@ -67,14 +72,11 @@ const restoreUser = (req, res, next) => {
       // extract user id from token payload
       const { id } = jwtPayload.data;
 
-      // Check maximum session duration (e.g., 24 hours)
-      const MAX_SESSION_DURATION = parseInt(
-        process.env.MAX_SESSION_DURATION || "86400"
-      ); // 24 hours default
+      // Add: Check maximum session duration
       const currentTime = Math.floor(Date.now() / 1000);
       const sessionAge = currentTime - jwtPayload.sessionStart;
 
-      if (sessionAge > MAX_SESSION_DURATION) {
+      if (sessionAge > parseInt(MAX_SESSION_DURATION)) {
         // Session has exceeded maximum duration
         res.clearCookie("token");
         return next();
@@ -88,7 +90,7 @@ const restoreUser = (req, res, next) => {
         },
       });
 
-      // refresh token - issue new token with extended expiration
+      // Add: refresh token - issue new token with extended expiration
       if (req.user) {
         req.user.sessionStart = jwtPayload.sessionStart; // Pass along the original session start
         setTokenCookie(res, req.user, false);
diff --git a/src/components/User/Dashboard/DatasetOrganizer/LLMPanel.tsx b/src/components/User/Dashboard/DatasetOrganizer/LLMPanel.tsx
@@ -1,4 +1,3 @@
-// src/components/DatasetOrganizer/LLMPanel.tsx
 import { Close, ContentCopy, Download, AutoAwesome } from "@mui/icons-material";
 import {
   Box,
@@ -179,6 +178,8 @@ const LLMPanel: React.FC<LLMPanelProps> = ({ files, onClose }) => {
 FILE STRUCTURE AND METADATA:
 ${fileSummary}
 
+all _sourcePath are relative to the root path /Users/elaine/Downloads
+
 Please generate a Python script that:
 1. Reads the source files
 2. Renames and reorganizes them according to BIDS specification
