Release v2.2: admin auth settings, Passkey RP ID, Cloudflare and Google captcha

Co-authored-by: Cursor <cursoragent@cursor.com>

app/passkey.py

@@ -7,6 +7,7 @@ from app import db
 from app.passkey_service import (
     authentication_options,
     delete_passkey,
+    is_passkey_enabled,
     registration_options,
     verify_authentication,
     verify_registration,
@@ -19,6 +20,8 @@ bp = Blueprint("passkey", __name__, url_prefix="/auth/passkey")
 @bp.route("/register/options", methods=["POST"])
 @login_required
 def register_options():
+    if not is_passkey_enabled():
+        return jsonify({"error": "Passkey отключён администратором"}), 403
     options = registration_options(current_user)
     return jsonify(json.loads(options_to_json(options)))
 
@@ -26,6 +29,8 @@ def register_options():
 @bp.route("/register/verify", methods=["POST"])
 @login_required
 def register_verify():
+    if not is_passkey_enabled():
+        return jsonify({"error": "Passkey отключён администратором"}), 403
     data = request.get_json(silent=True) or {}
     name = data.get("name", "Passkey")
     credential = data.get("credential")
@@ -40,6 +45,8 @@ def register_verify():
 
 @bp.route("/login/options", methods=["POST"])
 def login_options():
+    if not is_passkey_enabled():
+        return jsonify({"error": "Passkey отключён администратором"}), 403
     from app.models import User
 
     username = (request.get_json(silent=True) or {}).get("username", "").strip()
@@ -61,6 +68,8 @@ def login_options():
 
 @bp.route("/login/verify", methods=["POST"])
 def login_verify():
+    if not is_passkey_enabled():
+        return jsonify({"error": "Passkey отключён администратором"}), 403
     from app.folder_utils import process_pending_invites
     from app.session_service import create_user_session