Add TOTP for Admin login

src/core/schemas.py

@@ -12,6 +12,7 @@ from core.database import Keypass
 class AdminLoginRequest(BaseModel):
     username: str
     password: str
+    otp_code: Optional[str] = None   # 6-digit TOTP code; required when account has 2FA enabled
 
 
 class KeypassLoginRequest(BaseModel):
@@ -23,6 +24,12 @@ class TokenResponse(BaseModel):
     token_type: str = "bearer"
 
 
+class AdminLoginResponse(BaseModel):
+    token: Optional[str] = None
+    token_type: str = "bearer"
+    otp_required: bool = False
+
+
 # ── Keypasses ─────────────────────────────────────────────────────────────────
 
 class KeypassCreate(BaseModel):
@@ -114,6 +121,12 @@ class AdminUserResponse(BaseModel):
     id: int
     username: str
     role: str  # 'admin' | 'manager'
+    totp_enabled: bool = False
+
+
+class TotpSetupResponse(BaseModel):
+    provisioning_uri: str   # otpauth:// URI for QR scanning
+    qr_image_b64: str       # base64-encoded PNG of the QR code
 
 
 class AdminUserCreate(BaseModel):