Bennett/g0v0-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(session-verify): 添加 TOTP 支持 (#34)

Browse Source 
* chore(deps): add pyotp

* feat(auth): implement TOTP verification

feat(auth): implement TOTP verification and email verification services

- Added TOTP keys management with a new database model `TotpKeys`.
- Introduced `EmailVerification` and `LoginSession` models for email verification.
- Created `verification_service` to handle email verification logic and TOTP processes.
- Updated user response models to include session verification methods.
- Implemented routes for TOTP creation, verification, and fallback to email verification.
- Enhanced login session management to support new location checks and verification methods.
- Added migration script to create `totp_keys` table in the database.

* feat(config): update config example

* docs(totp): complete creating TOTP flow

* refactor(totp): resolve review

* feat(api): forbid unverified request

* fix(totp): trace session by token id to avoid other sessions are forbidden

* chore(linter): make pyright happy

* fix(totp): only mark sessions with a specified token id
This commit is contained in:
MingxuanGame
2025-09-21 19:50:11 +08:00
committed by GitHub
parent 7b4ff1224d
commit 1527e23b43
25 changed files with 684 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/router/notification/server.py
View File

@@ -12,7 +12,7 @@ from app.dependencies.database import (
get_redis,
with_db,
)
from app.dependencies.user import get_current_user
from app.dependencies.user import get_current_user_and_token
from app.log import logger
from app.models.chat import ChatEvent
from app.models.notification import NotificationDetail
@@ -311,7 +311,11 @@ async def chat_websocket(
await websocket.close(code=1008, reason="Missing authentication token")
return
if (user := await get_current_user(session, SecurityScopes(scopes=["chat.read"]), token_pw=auth_token)) is None:
if (
user_and_token := await get_current_user_and_token(
session, SecurityScopes(scopes=["chat.read"]), token_pw=auth_token
)
) is None:
await websocket.close(code=1008, reason="Invalid or expired token")
return
@@ -320,6 +324,7 @@ async def chat_websocket(
if login.get("event") != "chat.start":
await websocket.close(code=1008)
return
user = user_and_token[0]
user_id = user.id
server.connect(user_id, websocket)
# 使用明确的查询避免延迟加载