Release v2.2: admin auth settings, Passkey RP ID, Cloudflare and Google captcha

Co-authored-by: Cursor <cursoragent@cursor.com>

app/bootstrap.py

@@ -104,6 +104,37 @@ def ensure_photo_storage_column():
     db.session.commit()
 
 
+def ensure_site_settings_auth_columns():
+    inspector = inspect(db.engine)
+    if "site_settings" not in inspector.get_table_names():
+        return
+    columns = [
+        "registration_enabled BOOLEAN NOT NULL DEFAULT TRUE",
+        "password_login_enabled BOOLEAN NOT NULL DEFAULT TRUE",
+        "passkey_enabled BOOLEAN NOT NULL DEFAULT TRUE",
+        "webauthn_rp_id VARCHAR(255)",
+        "webauthn_rp_name VARCHAR(120) DEFAULT 'PhotoHost'",
+        "webauthn_origin VARCHAR(255)",
+        "captcha_provider VARCHAR(20) NOT NULL DEFAULT 'none'",
+        "turnstile_site_key VARCHAR(255)",
+        "turnstile_secret_key VARCHAR(255)",
+        "recaptcha_v2_site_key VARCHAR(255)",
+        "recaptcha_v2_secret_key VARCHAR(255)",
+        "recaptcha_v3_site_key VARCHAR(255)",
+        "recaptcha_v3_secret_key VARCHAR(255)",
+        "recaptcha_v3_min_score DOUBLE PRECISION NOT NULL DEFAULT 0.5",
+        "captcha_on_login BOOLEAN NOT NULL DEFAULT FALSE",
+        "captcha_on_register BOOLEAN NOT NULL DEFAULT TRUE",
+        "captcha_on_forgot_password BOOLEAN NOT NULL DEFAULT FALSE",
+    ]
+    for column in columns:
+        name = column.split()[0]
+        db.session.execute(
+            text(f"ALTER TABLE site_settings ADD COLUMN IF NOT EXISTS {name} {column[len(name) + 1:]}")
+        )
+    db.session.commit()
+
+
 def ensure_user_privacy_columns():
     inspector = inspect(db.engine)
     if "users" not in inspector.get_table_names():
@@ -126,6 +157,7 @@ def ensure_user_privacy_columns():
 def run_schema_migrations():
     ensure_schema()
     ensure_group_limit_columns()
+    ensure_site_settings_auth_columns()
     ensure_user_privacy_columns()
     from app.folders import ensure_folder_schema