pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity
439 Commits 12 Branches 0 Tags
dc75c94fac6d7c2d348e7e9bc2754f3a4be4d0c8
Commit Graph

8 Commits

Author SHA1 Message Date
Julian Tabel
e9eccc5b21 feat: migrate JWT verification from HS256 shared secret to JWKS 
Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS.
Backend now fetches and caches public keys from Supabase's JWKS endpoint
instead of using a shared secret.

- Add cryptography dependency for RS256 support
- Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json
- Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env
- Update tests to use RS256 tokens with mocked JWKS client

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-22 09:24:41 +01:00
Julian Tabel
a12958ae32 update beans and postgres mount path
All checks were successful
CI / backend-tests (push) Successful in 27s
Details
CI / frontend-tests (push) Successful in 29s
Details
2026-03-21 12:51:35 +01:00
Julian Tabel
7cd3372c7e feat: add Supabase auth config to production Docker setup
All checks were successful
CI / backend-tests (pull_request) Successful in 26s
Details
CI / frontend-tests (pull_request) Successful in 29s
Details 
- Pass SUPABASE_JWT_SECRET to backend in docker-compose.prod.yml
- Add build args (VITE_API_URL, VITE_SUPABASE_URL, VITE_SUPABASE_ANON_KEY)
  to Dockerfile.prod so Vite inlines them at build time
- Pass build args from secrets in deploy workflow
- Add build section to frontend service in docker-compose.prod.yml

No GoTrue container needed in prod — Supabase Cloud hosts the auth
service. The backend only needs the JWT secret to verify tokens.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-21 12:07:53 +01:00
Renovate Bot
bcc0239f6a chore(deps): update postgres docker tag to v18
All checks were successful
CI / backend-tests (pull_request) Successful in 26s
Details
CI / frontend-tests (pull_request) Successful in 30s
Details
2026-03-21 10:49:30 +00:00
Julian Tabel
3f39b5f0cb Use bind mount for prod database storage instead of named volume 
Store PostgreSQL data at ./data/postgres relative to the compose file
so persistent data lives on the Unraid disk at
/mnt/user/appdata/nuzlocke-tracker/data/postgres.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-10 09:17:14 +01:00
Julian Tabel
03f07ebee5 Add deploy script and update prod compose 
Deploy script builds and pushes images to Gitea registry, then triggers
Portainer stack redeployment via API. Includes preflight checks for
branch and uncommitted changes. Also renames prod DB volume to avoid
conflicts with dev and changes frontend port to 9080.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 18:28:17 +01:00
Julian Tabel
fd23d89e71 Add production Dockerfiles and nginx config 
Backend: installs non-editable, runs uvicorn without reload.
Frontend: multi-stage build, serves static files via nginx with
API proxy to the backend service and SPA fallback routing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 18:00:28 +01:00
Julian Tabel
d9d547ef53 Add production docker-compose file 
Uses pre-built images from the Gitea container registry, runs Alembic
migrations before API startup, and keeps the database password configurable
via environment variable. No source mounts or debug mode.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 17:58:55 +01:00