feat(backend): added latest_login_at field in users

Author: edospadoni

backend/database/schema.sql

@@ -87,6 +87,7 @@ CREATE TABLE IF NOT EXISTS users (
     created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
     updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
     logto_synced_at TIMESTAMP WITH TIME ZONE,
+    latest_login_at TIMESTAMP WITH TIME ZONE,
     active BOOLEAN DEFAULT TRUE
 );
 
@@ -98,6 +99,7 @@ CREATE INDEX IF NOT EXISTS idx_users_organization_id ON users(organization_id);
 CREATE INDEX IF NOT EXISTS idx_users_active ON users(active);
 CREATE INDEX IF NOT EXISTS idx_users_logto_synced ON users(logto_synced_at);
 CREATE INDEX IF NOT EXISTS idx_users_created_at ON users(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_users_latest_login_at ON users(latest_login_at DESC);
 
 -- Systems table - updated to reference customers table
 CREATE TABLE IF NOT EXISTS systems (

backend/entities/local_users.go

@@ -93,7 +93,7 @@ func (r *LocalUserRepository) Create(req *models.CreateLocalUserRequest) (*model
 func (r *LocalUserRepository) GetByID(id string) (*models.LocalUser, error) {
 	query := `
 		SELECT u.id, u.logto_id, u.username, u.email, u.name, u.phone, u.organization_id, u.user_role_ids, u.custom_data,
-		       u.created_at, u.updated_at, u.logto_synced_at, u.active,
+		       u.created_at, u.updated_at, u.logto_synced_at, u.latest_login_at, u.active,
 		       COALESCE(d.name, r.name, c.name) as organization_name,
 		       COALESCE(d.id, r.id, c.id) as organization_local_id
 		FROM users u
@@ -110,7 +110,7 @@ func (r *LocalUserRepository) GetByID(id string) (*models.LocalUser, error) {
 	err := r.db.QueryRow(query, id).Scan(
 		&user.ID, &user.LogtoID, &user.Username, &user.Email, &user.Name, &user.Phone,
 		&user.OrganizationID, &userRoleIDsJSON, &customDataJSON,
-		&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.Active,
+		&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.LatestLoginAt, &user.Active,
 		&user.OrganizationName, &user.OrganizationLocalID,
 	)
 
@@ -149,7 +149,7 @@ func (r *LocalUserRepository) GetByID(id string) (*models.LocalUser, error) {
 func (r *LocalUserRepository) GetByLogtoID(logtoID string) (*models.LocalUser, error) {
 	query := `
 		SELECT u.id, u.logto_id, u.username, u.email, u.name, u.phone, u.organization_id, u.user_role_ids, u.custom_data,
-		       u.created_at, u.updated_at, u.logto_synced_at, u.active,
+		       u.created_at, u.updated_at, u.logto_synced_at, u.latest_login_at, u.active,
 		       COALESCE(d.name, r.name, c.name) as organization_name,
 		       COALESCE(d.id, r.id, c.id) as organization_local_id
 		FROM users u
@@ -166,7 +166,7 @@ func (r *LocalUserRepository) GetByLogtoID(logtoID string) (*models.LocalUser, e
 	err := r.db.QueryRow(query, logtoID).Scan(
 		&user.ID, &user.LogtoID, &user.Username, &user.Email, &user.Name, &user.Phone,
 		&user.OrganizationID, &userRoleIDsJSON, &customDataJSON,
-		&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.Active,
+		&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.LatestLoginAt, &user.Active,
 		&user.OrganizationName, &user.OrganizationLocalID,
 	)
 
@@ -292,6 +292,28 @@ func (r *LocalUserRepository) Delete(id string) error {
 	return nil
 }
 
+// UpdateLatestLogin updates the latest_login_at field for a user
+func (r *LocalUserRepository) UpdateLatestLogin(userID string) error {
+	query := `UPDATE users SET latest_login_at = $2, updated_at = $2 WHERE id = $1`
+
+	now := time.Now()
+	result, err := r.db.Exec(query, userID, now)
+	if err != nil {
+		return fmt.Errorf("failed to update latest login: %w", err)
+	}
+
+	rowsAffected, err := result.RowsAffected()
+	if err != nil {
+		return fmt.Errorf("failed to get rows affected: %w", err)
+	}
+
+	if rowsAffected == 0 {
+		return fmt.Errorf("user not found")
+	}
+
+	return nil
+}
+
 // List returns paginated list of users based on hierarchical RBAC (matches other repository patterns)
 func (r *LocalUserRepository) List(userOrgRole, userOrgID, excludeUserID string, page, pageSize int) ([]*models.LocalUser, int, error) {
 	// Get all organization IDs the user can access hierarchically
@@ -343,7 +365,7 @@ func (r *LocalUserRepository) ListByOrganizations(allowedOrgIDs []string, exclud
 
 	query := fmt.Sprintf(`
 		SELECT u.id, u.logto_id, u.username, u.email, u.name, u.phone, u.organization_id, u.user_role_ids, u.custom_data,
-		       u.created_at, u.updated_at, u.logto_synced_at, u.active,
+		       u.created_at, u.updated_at, u.logto_synced_at, u.latest_login_at, u.active,
 		       COALESCE(d.name, r.name, c.name) as organization_name,
 		       COALESCE(d.id, r.id, c.id) as organization_local_id
 		FROM users u
@@ -369,7 +391,7 @@ func (r *LocalUserRepository) ListByOrganizations(allowedOrgIDs []string, exclud
 		err := rows.Scan(
 			&user.ID, &user.LogtoID, &user.Username, &user.Email, &user.Name,
 			&user.Phone, &user.OrganizationID, &userRoleIDsJSON, &customDataJSON,
-			&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.Active,
+			&user.CreatedAt, &user.UpdatedAt, &user.LogtoSyncedAt, &user.LatestLoginAt, &user.Active,
 			&user.OrganizationName, &user.OrganizationLocalID,
 		)
 		if err != nil {

backend/methods/auth.go

@@ -87,6 +87,16 @@ func ExchangeToken(c *gin.Context) {
 			ID:      localUser.ID,      // Local database ID as primary ID
 			LogtoID: localUser.LogtoID, // Logto ID for reference
 		}
+
+		// Update latest login timestamp
+		if updateErr := userService.UpdateLatestLogin(localUser.ID); updateErr != nil {
+			logger.RequestLogger(c, "auth").Warn().
+				Err(updateErr).
+				Str("operation", "update_latest_login").
+				Str("user_id", localUser.ID).
+				Msg("Failed to update latest login timestamp")
+			// Don't fail the request if this update fails
+		}
 	} else {
 		// User not in local DB, create temporary user with empty local ID
 		user = models.User{

backend/models/local_entities.go

@@ -82,6 +82,7 @@ type LocalUser struct {
 	CreatedAt     time.Time              `json:"created_at" db:"created_at"`
 	UpdatedAt     time.Time              `json:"updated_at" db:"updated_at"`
 	LogtoSyncedAt *time.Time             `json:"logto_synced_at" db:"logto_synced_at"`
+	LatestLoginAt *time.Time             `json:"latest_login_at" db:"latest_login_at"`
 	Active        bool                   `json:"active" db:"active"`
 
 	// Internal fields for database operations (not serialized to JSON)

backend/openapi.yaml

@@ -406,6 +406,12 @@ components:
           nullable: true
           description: Last Logto synchronization timestamp
           example: "2025-06-21T10:45:00Z"
+        latest_login_at:
+          type: string
+          format: date-time
+          nullable: true
+          description: Timestamp of the last successful login via /auth/exchange endpoint. NULL means user has never logged in.
+          example: "2025-06-21T15:30:45Z"
         active:
           type: boolean
           description: Whether the user is active

backend/services/local/users.go

@@ -383,6 +383,11 @@ func (s *LocalUserService) GetUserByLogtoID(logtoID string) (*models.LocalUser,
 	return s.userRepo.GetByLogtoID(logtoID)
 }
 
+// UpdateLatestLogin updates the latest_login_at timestamp for a user
+func (s *LocalUserService) UpdateLatestLogin(userID string) error {
+	return s.userRepo.UpdateLatestLogin(userID)
+}
+
 // ListUsers returns paginated users based on hierarchical RBAC (excluding specified user)
 func (s *LocalUserService) ListUsers(userOrgRole, userOrgID, excludeUserID string, page, pageSize int) ([]*models.LocalUser, int, error) {
 	return s.userRepo.List(userOrgRole, userOrgID, excludeUserID, page, pageSize)