feat(session-verify): 添加 TOTP 支持 (#34)

* chore(deps): add pyotp * feat(auth): implement TOTP verification feat(auth): implement TOTP verification and email verification services - Added TOTP keys management with a new database model `TotpKeys`. - Introduced `EmailVerification` and `LoginSession` models for email verification. - Created `verification_service` to handle email verification logic and TOTP processes. - Updated user response models to include session verification methods. - Implemented routes for TOTP creation, verification, and fallback to email verification. - Enhanced login session management to support new location checks and verification methods. - Added migration script to create `totp_keys` table in the database. * feat(config): update config example * docs(totp): complete creating TOTP flow * refactor(totp): resolve review * feat(api): forbid unverified request * fix(totp): trace session by token id to avoid other sessions are forbidden * chore(linter): make pyright happy * fix(totp): only mark sessions with a specified token id
2025-09-21 19:50:11 +08:00
parent 7b4ff1224d
commit 1527e23b43
25 changed files with 684 additions and 235 deletions
--- a/migrations/versions/2025-09-20_15e3a9a05b67_auth_add_totp_keys.py
+++ b/migrations/versions/2025-09-20_15e3a9a05b67_auth_add_totp_keys.py
@@ -0,0 +1,47 @@
+"""auth: add totp keys
+
+Revision ID: 15e3a9a05b67
+Revises: ebaa317ad928
+Create Date: 2025-09-20 11:27:58.485299
+
+"""
+
+from __future__ import annotations
+
+from collections.abc import Sequence
+
+from alembic import op
+import sqlalchemy as sa
+import sqlmodel
+
+# revision identifiers, used by Alembic.
+revision: str = "15e3a9a05b67"
+down_revision: str | Sequence[str] | None = "ebaa317ad928"
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "totp_keys",
+        sa.Column("user_id", sa.BigInteger(), nullable=False),
+        sa.Column("secret", sqlmodel.sql.sqltypes.AutoString(length=100), nullable=False),
+        sa.Column("backup_keys", sa.JSON(), nullable=True),
+        sa.Column("created_at", sa.DateTime(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["user_id"],
+            ["lazer_users.id"],
+        ),
+        sa.PrimaryKeyConstraint("user_id"),
+    )
+
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table("totp_keys")
+    # ### end Alembic commands ###
--- a/migrations/versions/2025-09-21_fe8e9f3da298_login_sessions_remove_session_token_add_.py
+++ b/migrations/versions/2025-09-21_fe8e9f3da298_login_sessions_remove_session_token_add_.py
@@ -0,0 +1,53 @@
+"""login_sessions: remove session_token & add token_id
+
+Revision ID: fe8e9f3da298
+Revises: 15e3a9a05b67
+Create Date: 2025-09-21 02:30:58.233846
+
+"""
+
+from __future__ import annotations
+
+from collections.abc import Sequence
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+# revision identifiers, used by Alembic.
+revision: str = "fe8e9f3da298"
+down_revision: str | Sequence[str] | None = "15e3a9a05b67"
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    """Upgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column("login_sessions", sa.Column("token_id", sa.Integer(), nullable=True))
+    op.drop_index(op.f("ix_login_sessions_session_token"), table_name="login_sessions")
+    op.create_index(op.f("ix_login_sessions_token_id"), "login_sessions", ["token_id"], unique=False)
+    op.create_foreign_key(None, "login_sessions", "oauth_tokens", ["token_id"], ["id"], ondelete="SET NULL")
+    op.drop_column("login_sessions", "session_token")
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    """Downgrade schema."""
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column("login_sessions", sa.Column("session_token", mysql.VARCHAR(length=255), nullable=True))
+    connection = op.get_bind()
+    connection.execute(
+        sa.text("""
+            UPDATE login_sessions
+            SET session_token = CONCAT('migrated_', id, '_', UNIX_TIMESTAMP(), '_', RAND())
+            WHERE session_token IS NULL
+        """)
+    )
+    op.alter_column("login_sessions", "session_token", nullable=False, type_=mysql.VARCHAR(length=255))
+    op.create_index(op.f("ix_login_sessions_session_token"), "login_sessions", ["session_token"], unique=True)
+
+    op.drop_constraint(op.f("login_sessions_ibfk_1"), "login_sessions", type_="foreignkey")
+    op.drop_index(op.f("ix_login_sessions_token_id"), table_name="login_sessions")
+    op.drop_column("login_sessions", "token_id")
+    # ### end Alembic commands ###