Julian Tabel
e9eccc5b21
Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS.
Backend now fetches and caches public keys from Supabase's JWKS endpoint
instead of using a shared secret.
- Add cryptography dependency for RS256 support
- Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json
- Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env
- Update tests to use RS256 tokens with mocked JWKS client
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Nuzlocke Tracker API
Backend API for the Nuzlocke Tracker application, built with FastAPI.
Development Setup
Option 1: Docker (Recommended)
From the project root:
docker compose up
This starts the API, frontend, and PostgreSQL database with hot reload enabled.
Option 2: Local Setup
-
Create and activate virtual environment:
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate -
Install dependencies:
pip install -e ".[dev]" -
Copy environment file:
cp .env.example .env -
Run the development server:
uvicorn app.main:app --reload --app-dir src
The API will be available at http://localhost:8000
API Documentation
- Swagger UI: http://localhost:8000/docs
- ReDoc: http://localhost:8000/redoc
Project Structure
backend/
├── src/
│ └── app/
│ ├── api/ # API routes
│ ├── core/ # Core configuration
│ ├── models/ # Database models
│ ├── schemas/ # Pydantic schemas
│ └── services/ # Business logic
├── tests/ # Test files
├── pyproject.toml # Project configuration
└── .env.example # Example environment variables
Linting & Formatting
ruff check . # Check for issues
ruff check . --fix # Fix auto-fixable issues
ruff format . # Format code