From c6ee79735ea8980da19e27bc48f579bb0010042c Mon Sep 17 00:00:00 2001
From: GbArc <gabriel.arczynski@devtactics.net>
Date: Thu, 6 Feb 2025 10:59:31 +0100
Subject: [PATCH 1/3] recording user last activity timestamp

---
 lib/travis/api/v3/access_control/user.rb | 1 +
 lib/travis/api/v3/models/user.rb         | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/lib/travis/api/v3/access_control/user.rb b/lib/travis/api/v3/access_control/user.rb
index 5633faca3a..48f61c57f3 100644
--- a/lib/travis/api/v3/access_control/user.rb
+++ b/lib/travis/api/v3/access_control/user.rb
@@ -7,6 +7,7 @@ class AccessControl::User < AccessControl::Generic
     def initialize(user)
       user                = Models::User.find(user.id) if user.is_a? ::User
       @user               = user
+      user.touch()
       @access_permissions = user.permissions.where(user_id: user.id)
       super()
     end
diff --git a/lib/travis/api/v3/models/user.rb b/lib/travis/api/v3/models/user.rb
index 54df28c545..90052dc7c9 100644
--- a/lib/travis/api/v3/models/user.rb
+++ b/lib/travis/api/v3/models/user.rb
@@ -87,6 +87,10 @@ def installation
       @installation = Models::Installation.find_by(owner_type: 'User', owner_id: id, removed_by_id: nil)
     end
 
+    def touch
+      update(last_activity_at: Time.now) if last_activity_at.nil? || Time.now.utc - last_activity_at > 300
+    end
+
     def github?
       vcs_type == 'GithubUser'
     end

From e1cb4c892b99353bd87ad5d3ac8ab21f04f336ec Mon Sep 17 00:00:00 2001
From: GbArc <gabriel.arczynski@devtactics.net>
Date: Wed, 12 Feb 2025 11:57:44 +0100
Subject: [PATCH 2/3] specs + v2 touch

---
 lib/travis/api/app/endpoint.rb | 1 +
 lib/travis/model/user.rb       | 4 ++++
 spec/lib/model/user_spec.rb    | 9 +++++++++
 spec/v3/service_spec.rb        | 3 +++
 4 files changed, 17 insertions(+)

diff --git a/lib/travis/api/app/endpoint.rb b/lib/travis/api/app/endpoint.rb
index a74704dbc7..94ff8771ad 100644
--- a/lib/travis/api/app/endpoint.rb
+++ b/lib/travis/api/app/endpoint.rb
@@ -117,6 +117,7 @@ def authorizer
       end
 
       def auth_for_repo(id, type)
+        current_user&.touch
         permission = authorizer.for_repo(id, type)
         halt 403, { error: { message: "We're sorry, but you're not authorized to perform this request" } } unless permission
       rescue Travis::API::V3::AuthorizerError
diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb
index 990f6c3d97..b03667bd3a 100644
--- a/lib/travis/model/user.rb
+++ b/lib/travis/model/user.rb
@@ -47,6 +47,10 @@ def with_email(email_address)
     end
   end
 
+  def touch
+    update(last_activity_at: Time.now) if last_activity_at.nil? || Time.now.utc - last_activity_at > 300
+  end
+
   def token
     tokens.first.try(:token)
   end
diff --git a/spec/lib/model/user_spec.rb b/spec/lib/model/user_spec.rb
index cef7996e18..c598d83a14 100644
--- a/spec/lib/model/user_spec.rb
+++ b/spec/lib/model/user_spec.rb
@@ -86,6 +86,15 @@ def user(payload)
     end
   end
 
+  describe 'last activity' do
+    it 'contains last activity' do
+      user.save!
+      expect(user.last_activity_at).to be_nil
+      user.touch
+      expect(user.last_activity_at).to_not be_nil
+    end
+  end
+
   describe 'avatar_url' do
     it "returns avatar url if it's present" do
       user.avatar_url = 'foo'
diff --git a/spec/v3/service_spec.rb b/spec/v3/service_spec.rb
index 0d4fb65d00..11f329a256 100644
--- a/spec/v3/service_spec.rb
+++ b/spec/v3/service_spec.rb
@@ -37,6 +37,7 @@ module Routes
   context 'when forcing authentication' do
     before { Travis.config.force_authentication = true }
     after { Travis.config.force_authentication = false }
+    before { User.last.update!(last_activity_at: nil) }
 
     it 'does not allow access without authentication' do
       get '/v3/examples'
@@ -44,8 +45,10 @@ module Routes
     end
 
     it 'does allow access with authentication' do
+      expect(User.last.last_activity_at).to be_nil
       get '/v3/examples', {}, auth_headers
       expect(last_response.status).to eq 200
+      expect(User.last.last_activity_at).to_not be_nil
     end
 
     it 'does allow access with log token' do

From 975c2d5f87ec2945e816cbcec5369921771b49e3 Mon Sep 17 00:00:00 2001
From: GbArc <gabriel.arczynski@devtactics.net>
Date: Fri, 14 Feb 2025 13:03:49 +0100
Subject: [PATCH 3/3] ()

---
 lib/travis/api/v3/access_control/user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/travis/api/v3/access_control/user.rb b/lib/travis/api/v3/access_control/user.rb
index 48f61c57f3..1b37698f4d 100644
--- a/lib/travis/api/v3/access_control/user.rb
+++ b/lib/travis/api/v3/access_control/user.rb
@@ -7,7 +7,7 @@ class AccessControl::User < AccessControl::Generic
     def initialize(user)
       user                = Models::User.find(user.id) if user.is_a? ::User
       @user               = user
-      user.touch()
+      user.touch
       @access_permissions = user.permissions.where(user_id: user.id)
       super()
     end