feat(session-verify): 添加 TOTP 支持 (#34)

* chore(deps): add pyotp * feat(auth): implement TOTP verification feat(auth): implement TOTP verification and email verification services - Added TOTP keys management with a new database model `TotpKeys`. - Introduced `EmailVerification` and `LoginSession` models for email verification. - Created `verification_service` to handle email verification logic and TOTP processes. - Updated user response models to include session verification methods. - Implemented routes for TOTP creation, verification, and fallback to email verification. - Enhanced login session management to support new location checks and verification methods. - Added migration script to create `totp_keys` table in the database. * feat(config): update config example * docs(totp): complete creating TOTP flow * refactor(totp): resolve review * feat(api): forbid unverified request * fix(totp): trace session by token id to avoid other sessions are forbidden * chore(linter): make pyright happy * fix(totp): only mark sessions with a specified token id
2025-09-21 19:50:11 +08:00
parent 7b4ff1224d
commit 1527e23b43
25 changed files with 684 additions and 235 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -297,41 +297,47 @@ STORAGE_SETTINGS='{
        "日志设置",
    ]

-    # 邮件服务设置
+    # 验证服务设置
+    enable_totp_verification: Annotated[bool, Field(default=True, description="是否启用TOTP双因素验证"), "验证服务设置"]
+    totp_issuer: Annotated[
+        str | None,
+        Field(default=None, description="TOTP 认证器中的发行者名称"),
+        "验证服务设置",
+    ]
    enable_email_verification: Annotated[
        bool,
        Field(default=False, description="是否启用邮件验证功能"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    smtp_server: Annotated[
        str,
        Field(default="localhost", description="SMTP 服务器地址"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    smtp_port: Annotated[
        int,
        Field(default=587, description="SMTP 服务器端口"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    smtp_username: Annotated[
        str,
        Field(default="", description="SMTP 用户名"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    smtp_password: Annotated[
        str,
        Field(default="", description="SMTP 密码"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    from_email: Annotated[
        str,
        Field(default="noreply@example.com", description="发件人邮箱"),
-        "邮件服务设置",
+        "验证服务设置",
    ]
    from_name: Annotated[
        str,
        Field(default="osu! server", description="发件人名称"),
-        "邮件服务设置",
+        "验证服务设置",
    ]

    # 监控配置