[V5] Suggestion for API guard (token)

[Reptiluka]

Hi !
I know as described in the docs, few things will be added like auto-deletion of the tokens, but I got an idea to add :

Do you think it can be useful to add a field in the api_tokens table named "last_used" of maybe, keep in note the expiration time in another field, and update the expires_at field.

As each auth.use('api').attempt create a new token, and at the same time a new row in the database, it could be cool to delete non-used key after a certain time.

Example, I want to put a very long expiration time , 6 months, but if my user connect with his key in 2 month, I want to refresh the expiration time for another 6 month (from the time where the user logged in)

I dont want especially disconnect my user after a certain time, but I don't want to store X key from a user, if they don't use it, and if he use multiple device I need X key so I can't delete his older keys, and if I dont put expiring time, I can have a "key leaks" like a memory leaks and the key will be in the database forever.

Thanks for reading :)

[thetutlage]

All of this is very specific to your app and not something that should be added to the package itself. You can still create last_used column inside the database and update it using a middleware. Just make sure, the middleware is running after the auth middleware.