Add host-based authentication, UTC timestamps, session management, and secure cookies; fix styling issues; refactor to remove module; update database schema for sessions and reset tokens.

passkey/fastapi/session.py

@@ -12,22 +12,26 @@ from fastapi import Request, Response, WebSocket
 
 from ..authsession import EXPIRES
 
+AUTH_COOKIE_NAME = "__Host-auth"
+
 
 def infodict(request: Request | WebSocket, type: str) -> dict:
     """Extract client information from request."""
     return {
-        "ip": request.client.host if request.client else "",
-        "user_agent": request.headers.get("user-agent", "")[:500],
-        "type": type,
+        "ip": request.client.host if request.client else None,
+        "user_agent": request.headers.get("user-agent", "")[:500] or None,
+        "session_type": type,
     }
 
 
 def set_session_cookie(response: Response, token: str) -> None:
     """Set the session token as an HTTP-only cookie."""
     response.set_cookie(
-        key="auth",
+        key=AUTH_COOKIE_NAME,
         value=token,
         max_age=int(EXPIRES.total_seconds()),
         httponly=True,
         secure=True,
+        path="/",
+        samesite="lax",
     )