Release v2.1: GDPR, passkeys, session management, admin redesign

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-07 02:43:57 +03:00
parent d4f0eaa7d9
commit 0a51001791
32 changed files with 1529 additions and 193 deletions
@@ -51,13 +51,18 @@ def create_app(setup_database=True):
    from .auth import bp as auth_bp
    from .admin import bp as admin_bp
    from .folders import bp as folders_bp
+    from .legal import bp as legal_bp
+    from .passkey import bp as passkey_bp

    app.register_blueprint(main_bp)
    app.register_blueprint(cabinet_bp)
    app.register_blueprint(auth_bp)
    app.register_blueprint(admin_bp)
    app.register_blueprint(folders_bp)
+    app.register_blueprint(legal_bp)
+    app.register_blueprint(passkey_bp)

+    register_request_hooks(app)
    register_cli(app)

    # Ensure models are registered even when DB setup runs in init_db.py.
@@ -72,6 +77,8 @@ def create_app(setup_database=True):
            SiteSettings,
            User,
            UserGroup,
+            UserPasskey,
+            UserSession,
        )

    @app.context_processor
@@ -103,6 +110,34 @@ def create_app(setup_database=True):
    return app


+def register_request_hooks(app):
+    @app.before_request
+    def validate_tracked_session():
+        from flask import flash, redirect, request, session, url_for
+        from flask_login import current_user, logout_user
+
+        from app.session_service import ensure_user_session, touch_user_session, validate_user_session
+
+        if not current_user.is_authenticated:
+            return None
+
+        endpoint = request.endpoint or ""
+        if endpoint.startswith("static") or endpoint.startswith("passkey.") or endpoint.startswith("legal."):
+            return None
+        if endpoint in ("main.health",):
+            return None
+
+        if not validate_user_session(current_user.id):
+            if session.get("sid"):
+                logout_user()
+                flash("Сессия завершена. Войдите снова.", "error")
+                return redirect(url_for("auth.login"))
+            ensure_user_session(current_user)
+        else:
+            touch_user_session()
+        return None
+
+
 def register_cli(app):
    @app.cli.command("create-admin")
    def create_admin_command():