feat(auth): add JWT login screen, production Dockerfile and Azure Container App Bicep
- Backend: POST /api/auth/login endpoint (PyJWT HS256, 24h expiry)
require_auth before_request middleware protecting all /api/* routes
except /login and /health; wsgi.py entry point for gunicorn;
Flask serves compiled Vue SPA in production
- Frontend: LoginView.vue (MiroFish dark aesthetic), auth.js reactive
store, Axios Bearer token injection + 401 → /login redirect,
Vue Router global guard protecting all routes
- i18n: login keys added to en/zh/es/ca locale files
- Dockerfile: multi-stage build (node:20-slim → python:3.11-slim +
gunicorn), single port 5001
- Azure: container-app.bicep following CTTI guidelines — Log Analytics
(NOR0016-C 90d retention), Container Apps Environment, all .env vars
as env vars (secrets via secretRef, plain values inline)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
b5c4d4a336