feat(session-verify): 添加 TOTP 支持 (#34)

* chore(deps): add pyotp

* feat(auth): implement TOTP verification

feat(auth): implement TOTP verification and email verification services

- Added TOTP keys management with a new database model `TotpKeys`.
- Introduced `EmailVerification` and `LoginSession` models for email verification.
- Created `verification_service` to handle email verification logic and TOTP processes.
- Updated user response models to include session verification methods.
- Implemented routes for TOTP creation, verification, and fallback to email verification.
- Enhanced login session management to support new location checks and verification methods.
- Added migration script to create `totp_keys` table in the database.

* feat(config): update config example

* docs(totp): complete creating TOTP flow

* refactor(totp): resolve review

* feat(api): forbid unverified request

* fix(totp): trace session by token id to avoid other sessions are forbidden

* chore(linter): make pyright happy

* fix(totp): only mark sessions with a specified token id

app/models/api_me.py

@@ -1,18 +0,0 @@
-"""
-APIMe 响应模型 - 对应 osu! 的 APIMe 类型
-"""
-
-from __future__ import annotations
-
-from app.database.lazer_user import UserResp
-
-
-class APIMe(UserResp):
-    """
-    /me 端点的响应模型
-    对应 osu! 的 APIMe 类型，继承 APIUser(UserResp) 并包含 session_verified 字段
-
-    session_verified 字段已经在 UserResp 中定义，这里不需要重复定义
-    """
-
-    pass

app/models/totp.py

@@ -0,0 +1,16 @@
+from __future__ import annotations
+
+from enum import Enum
+from typing import TypedDict
+
+
+class StartCreateTotpKeyResp(TypedDict):
+    secret: str
+    uri: str
+
+
+class FinishStatus(str, Enum):
+    INVALID = "invalid"
+    SUCCESS = "success"
+    FAILED = "failed"
+    TOO_MANY_ATTEMPTS = "too_many_attempts"