# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/

class SessionTimeoutJob < ApplicationJob
  def perform
    sessions.find_each do |session|
      perform_session(session)
    end
  end

  def perform_session(session)
    return if !session.data['user_id']

    user = User.find(session.data['user_id'])
    return if !user

    timeout = get_timeout(user)
    return if session.data['ping'] > Time.zone.now - timeout.seconds

    self.class.destroy_session(user, session)
  end

  def self.destroy_session(user, session)
    PushMessages.send_to(user.id, { event: 'session_timeout' })
    session.destroy
  end

  def sessions
    ActiveRecord::SessionStore::Session.where('updated_at < ?', Time.zone.now - config.values.map(&:to_i).min.seconds)
  end

  def config
    Setting.get('session_timeout')
  end

  def get_timeout(user)
    permissions = Permission.where(id: user.permissions_with_child_ids).pluck(:name)

    timeout = -1
    config.each do |key, value|
      next if key == 'default'
      next if permissions.exclude?(key)
      next if value.to_i < timeout

      timeout = value.to_i
    end

    if timeout == -1
      timeout = config['default'].to_i
    end

    timeout
  end
end