Refactor authentication handling and improve API client security

- Updated OAuth endpoints for Challonge and Discord in platforms configuration. - Implemented session and CSRF cookie initialization in main application entry. - Enhanced Challonge API client to avoid sending sensitive API keys from the browser. - Modified tournament querying to handle new state definitions and improved error handling. - Updated UI components to reflect server-side storage of authentication tokens. - Improved user experience in API Key Manager and Authentication Hub with clearer messaging. - Refactored client credentials management to support asynchronous operations. - Adjusted API client tests to validate new request configurations. - Updated Vite configuration to support session and CSRF handling through proxies.
2026-02-03 12:50:11 -05:00
parent 161b758a1b
commit 700c1cbbbe
39 changed files with 2434 additions and 999 deletions
--- a/code/websites/pokedex.online/tests/unit/composables/useChallongeClient.test.js
+++ b/code/websites/pokedex.online/tests/unit/composables/useChallongeClient.test.js
@@ -9,7 +9,8 @@ import { ScopeType } from '../../../src/services/challonge.service.js';
 // Mock dependencies before importing composable
 vi.mock('../../../src/composables/useChallongeApiKey.js', () => ({
  useChallongeApiKey: () => ({
-    getApiKey: () => 'test-api-key-1234567890'
+    isKeyStored: ref(true),
+    getApiKey: () => null
  })
 }));

@@ -91,10 +92,7 @@ describe('useChallongeClient', () => {
  it('masks API key correctly', () => {
    const { maskedApiKey } = useChallongeClient();

-    const masked = maskedApiKey.value;
-    expect(masked).toContain('•••');
-    expect(masked.startsWith('test')).toBe(true);
-    expect(masked.endsWith('7890')).toBe(true);
+    expect(maskedApiKey.value).toBe('stored on server');
  });

  it('returns auth type', () => {