New API to maintain sessions and devices:
- GET /api/private/admin/sessions
- DELETE /api/private/admin/sessions/{session_id}
- GET /api/private/admin/trusted-devices
- DELETE /api/private/admin/trusted-devices/{device_id}
Auth:
web clients request `/oauth/token` and `/api/v2/session/verify` with `X-UUID` header to save the client as trusted device.
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
New API:
- DELETE /api/private/score/{score_id}: delete a score
- POST /api/private/beatmapsets/{beatmapset_id}/sync: request for syncing a beatmapset
New configuration:
- OLD_SCORE_PROCESSING_MODE
* chore(deps): add pyotp
* feat(auth): implement TOTP verification
feat(auth): implement TOTP verification and email verification services
- Added TOTP keys management with a new database model `TotpKeys`.
- Introduced `EmailVerification` and `LoginSession` models for email verification.
- Created `verification_service` to handle email verification logic and TOTP processes.
- Updated user response models to include session verification methods.
- Implemented routes for TOTP creation, verification, and fallback to email verification.
- Enhanced login session management to support new location checks and verification methods.
- Added migration script to create `totp_keys` table in the database.
* feat(config): update config example
* docs(totp): complete creating TOTP flow
* refactor(totp): resolve review
* feat(api): forbid unverified request
* fix(totp): trace session by token id to avoid other sessions are forbidden
* chore(linter): make pyright happy
* fix(totp): only mark sessions with a specified token id
* feat(relationship): support legacy-compatible response format
* feat(score): add support for legacy score response format in API
* fix(score): avoid missing greenlet
* fix(score): fix missing field for model validation
* feat(user): apply legacy score format for user
* feat(api): use `int` to hint `APIVersion`
Add configuration: `BEATMAP_TAG_TOP_COUNT` to control the minimun vote count
Tips: this is 10 in osu-web, but private server doesn't have enough player so we use 2 as default value
Official tags see: https://osu.ppy.sh/wiki/Beatmap/Beatmap_tags
Introduces the MultiplayerRealtimeRoomEvent SQLModel for tracking real-time room events. Adds an async helper to allocate unique channel IDs for rooms, and updates room creation logic to use this helper for assigning channel IDs automatically.
Simplifies the PlaylistBase id field to a non-optional int and updates database logic to use session.refresh for id assignment. Adds Alembic migration to include created_at and updated_at columns in room_playlists for timestamp tracking.
Introduces a new /beatmaps/ensure API endpoint to verify and cache beatmap metadata and raw files. Updates Playlist model to use auto-incrementing primary key and improves playlist DB insertion logic. Minor formatting and import changes in room and lio modules.
Introduces created_at and updated_at fields to the Playlist model for tracking creation and modification times. Refactors room user removal logic to handle owner transfer and participant count updates more robustly. Updates room query logic for more accurate filtering by category and status. Adds migration stubs for updated_at column in room playlists.
Introduces a password field to the Room model and database schema, enabling password-protected multiplayer rooms. Adds LIO router endpoints for room creation, user join/leave, and updates related imports and router registrations.
Introduces asset proxy configuration and services to enable replacement of osu! resource URLs with custom domains. Updates API endpoints and caching services to process and rewrite resource URLs when asset proxy is enabled. Adds documentation and environment variables for asset proxy setup.
Introduces enable_email_sending to control real email delivery in config. Updates Event.created_at to use default_factory for correct timestamp initialization.
