Bennett/g0v0-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(session-verify): 添加 TOTP 支持 (#34)

Browse Source 
* chore(deps): add pyotp

* feat(auth): implement TOTP verification

feat(auth): implement TOTP verification and email verification services

- Added TOTP keys management with a new database model `TotpKeys`.
- Introduced `EmailVerification` and `LoginSession` models for email verification.
- Created `verification_service` to handle email verification logic and TOTP processes.
- Updated user response models to include session verification methods.
- Implemented routes for TOTP creation, verification, and fallback to email verification.
- Enhanced login session management to support new location checks and verification methods.
- Added migration script to create `totp_keys` table in the database.

* feat(config): update config example

* docs(totp): complete creating TOTP flow

* refactor(totp): resolve review

* feat(api): forbid unverified request

* fix(totp): trace session by token id to avoid other sessions are forbidden

* chore(linter): make pyright happy

* fix(totp): only mark sessions with a specified token id
This commit is contained in:
MingxuanGame
2025-09-21 19:50:11 +08:00
committed by GitHub
parent 7b4ff1224d
commit 1527e23b43
25 changed files with 684 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/signalr/router.py
View File

@@ -9,6 +9,7 @@ import uuid
from app.database import User as DBUser
from app.dependencies import get_current_user
from app.dependencies.database import DBFactory, get_db_factory
from app.dependencies.user import get_current_user_and_token
from app.log import logger
from app.models.signalr import NegotiateResponse, Transport
@@ -61,9 +62,11 @@ async def connect(
return
try:
async for session in factory():
if (user := await get_current_user(session, SecurityScopes(scopes=["*"]), token_pw=token)) is None or str(
user.id
) != user_id:
if (
user_and_token := await get_current_user_and_token(
session, SecurityScopes(scopes=["*"]), token_pw=token
)
) is None or str(user_and_token[0].id) != user_id:
await websocket.close(code=1008)
return
except HTTPException: