feat: implement JWT auth and optimize token validation

- Separate JWT login (21d) from check-in token - Unify check-in token validation with verify_checkin_authorization() - Update API docs for dual-token architecture
2026-06-17 05:56:29 +00:00 · 2026-01-05 23:02:50 +08:00
parent b32b53853a
commit a9b141fc69
13 changed files with 464 additions and 336 deletions
@@ -6,6 +6,9 @@
 # DATABASE_URL=sqlite:///./data/checkin.db
 # DATABASE_URL=postgresql://user:password@localhost/checkin

+# 安全配置（鉴权 JWT 密钥，需修改以保证安全）
+SECRET_KEY=CheckInSecretKey
+
 # CORS 允许的前端域名（逗号分隔，生产环境必须修改）
 CORS_ORIGINS=http://localhost:3000