feat(auth): add 2FA with OTP, backup codes and trusted devices

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Claude Agent
2026-02-24 17:25:00 +00:00
parent b001b94e37
commit 1839285ac3
26 changed files with 2402 additions and 312 deletions

View File

@@ -154,15 +154,15 @@ async def init_data_entry_db():
async def init_telegram_db():
"""Initialize Telegram SQLite database."""
logger.info("[TELEGRAM] Initializing SQLite database...")
"""Initialize shared app database (trusted devices, backup codes, telegram tables)."""
logger.info("[TELEGRAM] Initializing shared app database...")
try:
from backend.modules.telegram.db import init_database, cleanup_expired_codes, cleanup_expired_sessions, cleanup_expired_email_codes
await init_database()
logger.info(f"[TELEGRAM] ✅ Database initialized: {settings.telegram_sqlite_database_path}")
from shared.database.app_db import init_app_db
await init_app_db()
logger.info("[TELEGRAM] ✅ Shared app database initialized")
# Cleanup expired data
from backend.modules.telegram.db import cleanup_expired_codes, cleanup_expired_sessions, cleanup_expired_email_codes
expired_codes = await cleanup_expired_codes()
expired_sessions = await cleanup_expired_sessions()
expired_email_codes = await cleanup_expired_email_codes()
@@ -544,6 +544,9 @@ app.add_middleware(
"/", "/docs", "/health", "/redoc", "/openapi.json",
"/api/auth/login", "/api/auth/refresh", "/api/auth/check-email",
"/api/auth/check-identity", # US-013: Dual login support (email + username)
"/api/auth/verify-2fa-code", # 2FA: verificare cod OTP (public — fără JWT)
"/api/auth/resend-2fa-code", # 2FA: retrimite cod OTP (public — fără JWT)
"/api/auth/verify-backup-code", # Backup codes: verificare cod de recuperare (public — fără JWT)
"/api/system/auth-mode", # Public endpoint for login mode detection
"/api/telegram/auth/verify-user",
"/api/telegram/auth/verify-email",