feat: add support for ssh check periods

internal/handlers/authentication.go

@@ -149,6 +149,10 @@ func (h *AuthenticationHandlers) Callback(c echo.Context) error {
 		return logError(err)
 	}
 
+	if err := h.repository.SetAccountLastAuthenticated(ctx, account.ID); err != nil {
+		return logError(err)
+	}
+
 	if state.Flow == "s" {
 		sshActionReq, err := h.repository.GetSSHActionRequest(ctx, state.Key)
 		if err != nil || sshActionReq == nil {

internal/handlers/ssh_action.go

@@ -29,6 +29,7 @@ type SSHActionHandlers struct {
 type sshActionRequestData struct {
 	SrcMachineID uint64 `param:"src_machine_id"`
 	DstMachineID uint64 `param:"dst_machine_id"`
+	CheckPeriod  string `param:"check_period"`
 }
 
 func (h *SSHActionHandlers) StartAuth(c echo.Context) error {
@@ -44,6 +45,32 @@ func (h *SSHActionHandlers) StartAuth(c echo.Context) error {
 		return logError(err)
 	}
 
+	if data.CheckPeriod != "" {
+		checkPeriod, err := time.ParseDuration(data.CheckPeriod)
+		if err != nil {
+			return logError(err)
+		}
+
+		machine, err := h.repository.GetMachine(ctx, data.SrcMachineID)
+		if err != nil {
+			return logError(err)
+		}
+
+		if machine.User.Account != nil && machine.User.Account.LastAuthenticated != nil {
+			sinceLastAuthentication := time.Since(*machine.User.Account.LastAuthenticated)
+
+			if sinceLastAuthentication < checkPeriod {
+				resp := &tailcfg.SSHAction{
+					Accept:                   true,
+					AllowAgentForwarding:     true,
+					AllowLocalPortForwarding: true,
+				}
+
+				return binder.WriteResponse(c, http.StatusOK, resp)
+			}
+		}
+	}
+
 	key := util.RandStringBytes(8)
 	request := &domain.SSHActionRequest{
 		Key:          key,