Refactor authentication handling and improve API client security

- Updated OAuth endpoints for Challonge and Discord in platforms configuration.
- Implemented session and CSRF cookie initialization in main application entry.
- Enhanced Challonge API client to avoid sending sensitive API keys from the browser.
- Modified tournament querying to handle new state definitions and improved error handling.
- Updated UI components to reflect server-side storage of authentication tokens.
- Improved user experience in API Key Manager and Authentication Hub with clearer messaging.
- Refactored client credentials management to support asynchronous operations.
- Adjusted API client tests to validate new request configurations.
- Updated Vite configuration to support session and CSRF handling through proxies.

code/websites/pokedex.online/server/package.json

@@ -6,9 +6,9 @@
   "main": "oauth-proxy.js",
   "scripts": {
     "start": "node oauth-proxy.js",
-    "dev": "node oauth-proxy.js",
+    "dev": "DOTENV_CONFIG_PATH=.env.development node oauth-proxy.js",
     "build": "echo 'Backend is Node.js - no build step required'",
-    "gamemaster": "node gamemaster-api.js",
+    "gamemaster": "DOTENV_CONFIG_PATH=.env.development node gamemaster-api.js",
     "test": "vitest",
     "test:run": "vitest run",
     "lint": "echo 'Add ESLint when ready'",
@@ -16,8 +16,10 @@
   },
   "dependencies": {
     "cors": "^2.8.5",
+    "cookie-parser": "^1.4.6",
     "dotenv": "^16.6.1",
     "express": "^4.18.2",
+    "jsonwebtoken": "^9.0.2",
     "node-fetch": "^3.3.2",
     "express-rate-limit": "^7.1.5",
     "winston": "^3.11.0"