Bennett/g0v0-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): support trusted device (#52)

Browse Source 
New API to maintain sessions and devices:

- GET /api/private/admin/sessions
- DELETE /api/private/admin/sessions/{session_id}
- GET /api/private/admin/trusted-devices
- DELETE /api/private/admin/trusted-devices/{device_id}

Auth:

web clients request `/oauth/token` and `/api/v2/session/verify` with `X-UUID` header to save the client as trusted device.

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
MingxuanGame
2025-10-03 11:26:43 +08:00
committed by GitHub
parent f34ed53a55
commit 40670c094b
28 changed files with 897 additions and 1456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/service/login_log_service.py
View File

@@ -9,7 +9,7 @@ import asyncio
from app.database.user_login_log import UserLoginLog
from app.dependencies.geoip import get_client_ip, get_geoip_helper, normalize_ip
from app.log import logger
from app.utils import simplify_user_agent, utcnow
from app.utils import utcnow
from fastapi import Request
from sqlmodel.ext.asyncio.session import AsyncSession
@@ -23,6 +23,7 @@ class LoginLogService:
db: AsyncSession,
user_id: int,
request: Request,
user_agent: str | None = None,
login_success: bool = True,
login_method: str = "password",
notes: str | None = None,
@@ -45,9 +46,6 @@ class LoginLogService:
raw_ip = get_client_ip(request)
ip_address = normalize_ip(raw_ip)
raw_user_agent = request.headers.get("User-Agent", "")
user_agent = simplify_user_agent(raw_user_agent, max_length=500)
# 创建基本的登录记录
login_log = UserLoginLog(
user_id=user_id,
@@ -107,6 +105,7 @@ class LoginLogService:
attempted_username: str | None = None,
login_method: str = "password",
notes: str | None = None,
user_agent: str | None = None,
) -> UserLoginLog:
"""
记录失败的登录尝试
@@ -128,6 +127,7 @@ class LoginLogService:
request=request,
login_success=False,
login_method=login_method,
user_agent=user_agent,
notes=f"Failed login attempt: {attempted_username}" if attempted_username else "Failed login attempt",
)