feat(session-verify): 添加 TOTP 支持 (#34)

* chore(deps): add pyotp * feat(auth): implement TOTP verification feat(auth): implement TOTP verification and email verification services - Added TOTP keys management with a new database model `TotpKeys`. - Introduced `EmailVerification` and `LoginSession` models for email verification. - Created `verification_service` to handle email verification logic and TOTP processes. - Updated user response models to include session verification methods. - Implemented routes for TOTP creation, verification, and fallback to email verification. - Enhanced login session management to support new location checks and verification methods. - Added migration script to create `totp_keys` table in the database. * feat(config): update config example * docs(totp): complete creating TOTP flow * refactor(totp): resolve review * feat(api): forbid unverified request * fix(totp): trace session by token id to avoid other sessions are forbidden * chore(linter): make pyright happy * fix(totp): only mark sessions with a specified token id
2025-09-21 19:50:11 +08:00
parent 7b4ff1224d
commit 1527e23b43
25 changed files with 684 additions and 235 deletions
--- a/app/router/v2/me.py
+++ b/app/router/v2/me.py
@@ -1,11 +1,11 @@
 from __future__ import annotations

-from app.database import User
+from app.database import MeResp, User
 from app.database.lazer_user import ALL_INCLUDED
 from app.dependencies import get_current_user
 from app.dependencies.database import Database
+from app.dependencies.user import UserAndToken, get_current_user_and_token
 from app.exceptions.userpage import UserpageError
-from app.models.api_me import APIMe
 from app.models.score import GameMode
 from app.models.user import Page
 from app.models.userpage import (
@@ -23,7 +23,7 @@ from fastapi import HTTPException, Path, Security

@router.get(
    "/me/{ruleset}",
-    response_model=APIMe,
+    response_model=MeResp,
    name="获取当前用户信息 (指定 ruleset)",
    description="获取当前登录用户信息 （含指定 ruleset 统计）。",
    tags=["用户"],
@@ -31,34 +31,24 @@ from fastapi import HTTPException, Path, Security
 async def get_user_info_with_ruleset(
    session: Database,
    ruleset: GameMode = Path(description="指定 ruleset"),
-    current_user: User = Security(get_current_user, scopes=["identify"]),
+    user_and_token: UserAndToken = Security(get_current_user_and_token, scopes=["identify"]),
 ):
-    user_resp = await APIMe.from_db(
-        current_user,
-        session,
-        ALL_INCLUDED,
-        ruleset,
-    )
+    user_resp = await MeResp.from_db(user_and_token[0], session, ALL_INCLUDED, ruleset, token_id=user_and_token[1].id)
    return user_resp


@router.get(
    "/me/",
-    response_model=APIMe,
+    response_model=MeResp,
    name="获取当前用户信息",
    description="获取当前登录用户信息。",
    tags=["用户"],
 )
 async def get_user_info_default(
    session: Database,
-    current_user: User = Security(get_current_user, scopes=["identify"]),
+    user_and_token: UserAndToken = Security(get_current_user_and_token, scopes=["identify"]),
 ):
-    user_resp = await APIMe.from_db(
-        current_user,
-        session,
-        ALL_INCLUDED,
-        None,
-    )
+    user_resp = await MeResp.from_db(user_and_token[0], session, ALL_INCLUDED, None, token_id=user_and_token[1].id)
    return user_resp