Refactor authentication handling and improve API client security

- Updated OAuth endpoints for Challonge and Discord in platforms configuration.
- Implemented session and CSRF cookie initialization in main application entry.
- Enhanced Challonge API client to avoid sending sensitive API keys from the browser.
- Modified tournament querying to handle new state definitions and improved error handling.
- Updated UI components to reflect server-side storage of authentication tokens.
- Improved user experience in API Key Manager and Authentication Hub with clearer messaging.
- Refactored client credentials management to support asynchronous operations.
- Adjusted API client tests to validate new request configurations.
- Updated Vite configuration to support session and CSRF handling through proxies.

code/websites/pokedex.online/vite.config.js

@@ -36,12 +36,28 @@ export default defineConfig({
     port: 5173,
     strictPort: true, // Fail if port is already in use instead of trying next available port
     proxy: {
+      // Session + CSRF helpers
+      '/api/session': {
+        target: 'http://localhost:3001',
+        changeOrigin: true,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false
+      },
+
+      // Admin auth helpers
+      '/api/auth': {
+        target: 'http://localhost:3001',
+        changeOrigin: true,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false
+      },
+
       // API v1 proxy (legacy)
       '/api/challonge/v1': {
-        target: 'https://api.challonge.com/v1',
+        target: 'http://localhost:3001',
         changeOrigin: true,
-        rewrite: path => path.replace(/^\/api\/challonge\/v1/, ''),
-        secure: true,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false,
         headers: {
           Accept: 'application/json',
           'Content-Type': 'application/json'
@@ -49,10 +65,10 @@ export default defineConfig({
       },
       // API v2.1 proxy (current)
       '/api/challonge/v2.1': {
-        target: 'https://api.challonge.com/v2.1',
+        target: 'http://localhost:3001',
         changeOrigin: true,
-        rewrite: path => path.replace(/^\/api\/challonge\/v2\.1/, ''),
-        secure: true,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false,
         headers: {
           Accept: 'application/json',
           'Content-Type': 'application/vnd.api+json'
@@ -69,7 +85,23 @@ export default defineConfig({
       '/api/gamemaster': {
         target: 'http://localhost:3001',
         changeOrigin: true,
-        rewrite: path => path,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false
+      },
+
+      // Discord API proxy
+      '/api/discord': {
+        target: 'http://localhost:3001',
+        changeOrigin: true,
+        rewrite: path => path.replace(/^\/api/, ''),
+        secure: false
+      },
+
+      // Convenience: health check through the frontend origin
+      '/api/health': {
+        target: 'http://localhost:3001',
+        changeOrigin: true,
+        rewrite: path => path.replace(/^\/api/, ''),
         secure: false
       }
     }