The previous refactoring broke backward compatibility by converting
Database from Session-extending sync class to a standalone async class.
This broke RSSEngine, startup code, and auth flows.
- Restore Database(Session) with sync interface for legacy code
- Restore UserDatabase to sync methods
- Restore security/api.py and auth.py to sync calls
- Passkey API now uses async_session_factory directly
- PasskeyAuthStrategy uses async sessions independently
- Remove unused db_session from engine.py
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix aaguid type (str not bytes) in registration verification
- Fix missing credential_backup_eligible field (use credential_device_type)
- Remove invalid credential_id param from verify_authentication_response
- Fix origin detection to use browser Origin header for WebAuthn verification
- Add async database engine support (aiosqlite) for passkey operations
- Convert UserDatabase to async-compatible with sync/async session detection
- Update Database class to support both sync and async context managers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
