feat(ui/auth): redirect to /login when the session times out

Previously a user idling past the 30-minute cookie expiry stayed parked on a stale page until they tried to navigate. The auth cookie's UTC expiry is now also stamped onto an expires_at claim at sign-in, and a SessionExpiry component mounted in MainLayout schedules a delay until expiry + 2s grace, then force-loads /login — at which point the standard cookie middleware confirms the session is gone and serves the login page.
2026-05-13 16:13:53 -04:00
parent 3f37584728
commit 80ec16a6d0
3 changed files with 45 additions and 1 deletions
--- a/src/ScadaLink.CentralUI/Auth/AuthEndpoints.cs
+++ b/src/ScadaLink.CentralUI/Auth/AuthEndpoints.cs
@@ -44,12 +44,15 @@ public static class AuthEndpoints
            // Map LDAP groups to roles
            var roleMappingResult = await roleMapper.MapGroupsToRolesAsync(authResult.Groups ?? []);

+            var expiresAt = DateTimeOffset.UtcNow.AddMinutes(30);
+
            // Build claims from LDAP auth + role mapping
            var claims = new List<Claim>
            {
                new(ClaimTypes.Name, authResult.Username ?? username),
                new(JwtTokenService.DisplayNameClaimType, authResult.DisplayName ?? username),
                new(JwtTokenService.UsernameClaimType, authResult.Username ?? username),
+                new("expires_at", expiresAt.ToUnixTimeSeconds().ToString()),
            };

            foreach (var role in roleMappingResult.Roles)
@@ -74,7 +77,7 @@ public static class AuthEndpoints
                new AuthenticationProperties
                {
                    IsPersistent = true,
-                    ExpiresUtc = DateTimeOffset.UtcNow.AddMinutes(30)
+                    ExpiresUtc = expiresAt
                });

            context.Response.Redirect("/");