feat(session-verify): 添加 TOTP 支持 (#34)

* chore(deps): add pyotp

* feat(auth): implement TOTP verification

feat(auth): implement TOTP verification and email verification services

- Added TOTP keys management with a new database model `TotpKeys`.
- Introduced `EmailVerification` and `LoginSession` models for email verification.
- Created `verification_service` to handle email verification logic and TOTP processes.
- Updated user response models to include session verification methods.
- Implemented routes for TOTP creation, verification, and fallback to email verification.
- Enhanced login session management to support new location checks and verification methods.
- Added migration script to create `totp_keys` table in the database.

* feat(config): update config example

* docs(totp): complete creating TOTP flow

* refactor(totp): resolve review

* feat(api): forbid unverified request

* fix(totp): trace session by token id to avoid other sessions are forbidden

* chore(linter): make pyright happy

* fix(totp): only mark sessions with a specified token id

.env.example

@@ -42,7 +42,9 @@ FETCHER_SCOPES="public"
 # Logging Settings
 LOG_LEVEL="INFO"
 
-# Email Service Settings
+# Verification Settings
+ENABLE_TOTP_VERIFICATION=true
+TOTP_ISSUER="osu! server"
 ENABLE_EMAIL_VERIFICATION=false
 SMTP_SERVER="localhost"
 SMTP_PORT=587