Release v2.1: GDPR, passkeys, session management, admin redesign

Co-authored-by: Cursor <cursoragent@cursor.com>

app/auth.py

@@ -2,6 +2,7 @@ from flask import Blueprint, flash, redirect, render_template, request, url_for
 from flask_login import current_user, login_user, logout_user
 
 from app import db
+from app.session_service import create_user_session, revoke_current_session
 from app.email_service import send_password_reset_email, send_welcome_email
 from app.folder_utils import process_pending_invites
 from app.models import PasswordResetToken, User, UserGroup
@@ -41,6 +42,7 @@ def register():
             db.session.add(user)
             db.session.commit()
             login_user(user)
+            create_user_session(user)
             accepted = process_pending_invites(user)
             send_welcome_email(user)
             flash("Регистрация успешна. Добро пожаловать!", "success")
@@ -71,6 +73,7 @@ def login():
             flash("Аккаунт заблокирован", "error")
         else:
             login_user(user, remember=remember)
+            create_user_session(user, remember=remember)
             accepted = process_pending_invites(user)
             flash(f"Добро пожаловать, {user.username}!", "success")
             if accepted:
@@ -137,6 +140,7 @@ def reset_password(token):
 
 @bp.route("/logout")
 def logout():
+    revoke_current_session()
     logout_user()
     flash("Вы вышли из аккаунта", "success")
     return redirect(url_for("main.index"))