Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS.
Backend now fetches and caches public keys from Supabase's JWKS endpoint
instead of using a shared secret.
- Add cryptography dependency for RS256 support
- Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json
- Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env
- Update tests to use RS256 tokens with mocked JWKS client
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount frontend/public into the api container so the export can write
badge/sprite images. Skip re-downloading URLs that are already local
paths from a previous export.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Go to .tool-versions, update .gitignore for Go build output and
cache, document seed data regeneration in README, and change API port
from 8000 to 8080 in docker-compose.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Seed the database with Pokemon game data for 5 games (FireRed, LeafGreen,
Emerald, HeartGold, SoulSilver) using pokebase. Includes Alembic migrations
for route unique constraints and encounter level ranges, a two-phase seed
system (offline fetch to JSON, then idempotent upserts), and Dockerfile
updates for the seed runner.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
