feature: add task management

李星穎requested to merge
feature/add-task into main

Removed email field from LoginResponse schema to prevent information leakage. The session_id should be the only identifier returned for authenticated sessions.

Security rationale:

  • Prevents email enumeration attacks
  • Reduces PII exposure in API responses
  • Session ID is sufficient for subsequent authenticated requests

Updated auth.py to no longer include email in response payload. Updated schemas.py LoginResponse model and documentation.

Merge request reports

問題回報系統 / 產品常見問題FAQ