Major security overhaul: Migrate to Vercel with secure authentication

BREAKING CHANGES:
- Removed all client-side hardcoded credentials
- Authentication now requires backend API calls
- Migrated from Firebase Hosting to Vercel deployment

Security Improvements:
✅ Removed exposed admin credentials from client code
✅ Implemented JWT-based authentication via secure API endpoints
✅ Added bcrypt password hashing for admin authentication
✅ Created secure password reset functionality with email support
✅ Added production security headers (XSS, CSRF, clickjacking protection)
✅ Documented Firebase SDK security considerations

Architecture Changes:
- Hosting: Firebase → Vercel (free serverless functions)
- Auth: Client-side → Server-side JWT tokens
- Database: Firebase Realtime Database (unchanged, with secure rules)
- API Endpoints:
  * POST /api/auth/login - Secure login with bcrypt
  * GET /api/auth/verify - JWT token validation
  * POST /api/auth/logout - Session termination
  * POST /api/auth/reset-password - Password reset initiation
  * POST /api/auth/update-password - Password update with token

Files Removed (Security):
- scripts/auth.js (contained hardcoded passwords)
- scripts/auth-client-only.js (insecure client auth)
- server.js (replaced by Vercel functions)
- functions/ directory (Firebase Functions not needed)
- Debug/test HTML files

New Production Features:
- auth-api.js: Production-grade authentication module
- Password reset flow with secure token generation
- Manual password hash generation tool
- Comprehensive deployment documentation
- Environment variable management

Deployment:
- Production URL: https://sneakers-atom.vercel.app/
- Environment variables secured in Vercel Dashboard
- Automatic HTTPS and global CDN
- No Firebase Blaze plan required

Documentation:
- PRODUCTION_DEPLOYMENT.md: Complete deployment guide
- VERCEL_DEPLOYMENT.md: Vercel-specific instructions
- SECURITY_REPORT.md: Security audit and recommendations
- Firebase SDK includes security documentation

This commit represents a complete security overhaul, eliminating all
client-side credentials and implementing industry-standard authentication
practices. The application is now production-ready with proper security.

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

Author: Archith

.env.example

@@ -0,0 +1,18 @@
+# Firebase Configuration
+FIREBASE_API_KEY=your_firebase_api_key_here
+FIREBASE_AUTH_DOMAIN=your_project.firebaseapp.com
+FIREBASE_DATABASE_URL=https://your_project.firebaseio.com
+FIREBASE_PROJECT_ID=your_project_id
+FIREBASE_STORAGE_BUCKET=your_project.appspot.com
+FIREBASE_MESSAGING_SENDER_ID=your_sender_id
+
+# Admin Credentials
+ADMIN_EMAIL=admin@yourcompany.com
+ADMIN_PASSWORD=YourSecurePassword123!
+
+# Optional: Piston API (for custom deployment)
+PISTON_API_URL=https://emkc.org/api/v2/piston/execute
+
+# Optional: Custom Branding
+APP_NAME=CollabCode
+APP_TAGLINE=Real-time Collaborative Coding Interviews

.firebase/hosting..cache

@@ -18,7 +18,6 @@ styles/main.css,1756252646051,63348696dd3fa83dc34a3bc73437c1949aa1be57c6499821b9
 scripts/realtime-optimizer.js,1756252286847,b72482c3dba05596bbdafdcdd84189e1964ffeb5e7682ffef664356bd074616c
 scripts/code-executor.js,1756250037784,48800a99af01d57b14060338ea6b8c5014fa108aa58f0696b9c6e8318c6eb24a
 scripts/auth.js,1756252537460,489eb5d49dbcde80c9bbf26b6dedcd50d995d7e9ab5b003d613f4baa5acf8635
-scripts/app.js,1756252697411,a80eeb6fb4fff1c13fa1b2537567e8b833d4e89598cae89c24d548924f6bd844
 lib/firebase-sdk.js,1756253816408,ce61b301e524f83b3f7084dc46cfdaaf271f5e99336622d78f0b304d2ac61288
 images/favicon/favicon-96x96.png,1756249074920,9b69333bbdf840ba42aeaef302f86759b719816ea6cb900c8689995e63d51fdb
 images/favicon/favicon-32x32.png,1756249074920,fe957eae6f13420e4ecd544f7c4475915fadd5b72580de4329c8aa86a3f8dc5c
@@ -40,6 +39,7 @@ images/favicon/apple-touch-icon-114x114.png,1756249074918,f546a37a01ec5ba566b3ff
 .git/refs/remotes/origin/HEAD,1756249074915,0a7fba0c22bc0e0789279a440fa1a482d963c6379d3d793757c698293a397b26
 .git/objects/pack/pack-1ce9a6da09f47633e6b2116aba657267ab0f3361.pack,1756249074897,a8aeceb07116286a90ff99de4c45d113f814544e4b884292d23edde8afa9ba98
 .git/objects/pack/pack-1ce9a6da09f47633e6b2116aba657267ab0f3361.idx,1756249074897,ac1ff7a2de05cf6de32e65119ae52f2bd4bdafa5856065ffbda3498f1bec6adf
+.git/objects/fe/7abab0c4313895015c058db6a0daa4ef42eb33,1756257122135,dac6c3bff6c14c50b2aa3c6da779959f724f43ea00d5eec75c73cbc6884537bb
 .git/objects/fb/69bd46d9efef202397139087f98fbb3ca572e4,1756252786537,3f45329a8530a69bf3eb6a3bbff2712ee8651a56ef58bceb2d53028275f6d154
 .git/objects/f8/0377a08f626ff8eaf0c73615ad1277f442f6c9,1756256586368,b4c52b66f18d4b07d21a59d5c715e33eee317e6dc2e25d557240e88c2b1f4e94
 .git/objects/ee/6c0fb0697a9ac73419053d86500d57f67180d9,1756256586411,0b775b7b8868dc480671a26d142673061ad79153fe08e97f9169c9b46f0df87c
@@ -55,16 +55,21 @@ images/favicon/apple-touch-icon-114x114.png,1756249074918,f546a37a01ec5ba566b3ff
 .git/objects/ba/05ba175baefcb30f8926b3775d84cfa20e784a,1756253180127,8a897713c6dd37c647e90f7a78dc96b24a55152ecf3367d8a01df8f16fff0715
 .git/objects/b7/44a81d5b6d22ab045c2fbe4a88c95758c7dfb7,1756256586410,7948ea7ec58f8eb1b3f76ca2abde342d226952248cd49fa2f836bfa77077c576
 .git/objects/b5/cb2b0952f148c47a9daef2bbfeb9f865007c4f,1756252786493,df02dd85bbea37a955b37399f7f040908ee04441e61fb4672c9a424fef4acdcb
+.git/objects/b0/a87049d7106c3bc44a2c4bfbf91ede74726689,1756257122185,d7d27be5514341e7f2280c99b2d9b021ce3a3dd3807881a9d80fedd93456157e
 .git/objects/ad/f952a568389c56f1d304404a549e4cff7df110,1756256478253,5ef4c6d2c46cc5004b42f4f592c95a654fa09dc13c706f1a66b50ae258038529
+.git/objects/aa/34d3ee1cac7d1ef54383e07783d044534b8736,1756257122183,30f826711200013bdb0aa2d701c9f795f04176d0ddb88ec1da9e803112c6d7a2
 .git/objects/a7/ecfd7a8b2dd90995c60e6d6652c979fd9502cd,1756256478207,7255e4ced4c6c8e30601ee9976d4ff473c05beb3b1215daf04c709314db7c9bc
 .git/objects/a6/e6cd7181b128ad0800306f841c530dc4c0369d,1756252786488,e0c4bdfd2294442c9fa18abe2bb230507e72475f3be1ad76068fa9819e784d9d
 .git/objects/a5/801438fc3ae6741f2222c8e80d6c45317ea16a,1756256586367,20f028ae66a0ef40dfedb7147f9602476439832549985d6e4d0ab2e25f21a185
 .git/objects/a3/1fbea16ae78153bc445d5b199e898143965017,1756256034773,41e31104043ebdabcb59bda825988871cf9eb706dbe918c58e92ee9cd8138a62
 .git/objects/8d/cf1cb103905e70bf851ef4209cc4efd16f0a2c,1756252786491,b040a3d49daf09c53f6ea266b0cff0513cefd752905855f832ad0d7929c07b17
+.git/objects/8b/0fdf4995f44bb87d20135a2d2e5fd54ec58e33,1756257122133,d29c576a96a373d393d22cee1360fd1cb24eec19fa9dc0cf80576ff61253071f
 .git/objects/7b/53cfb9b93764a3817607cf325a33257baa088b,1756256034775,0495642e96893291a4613274d45aa3dcb56062b579f5e5d8175d0dad0789ecdc
 .git/objects/73/5465bdb27ddb0c2468fbdf8f677533cc3e8603,1756256478251,418ddc31e01379e65003ebd389faae9c10ce712c3b563ce1dd25dd55e5b3e063
 .git/objects/6c/6b31f93907ae0e7bca89cdb017997ce5f3c4e8,1756252786492,b06d013f198851f6586b168fd578f7839d6916566a182fd11333e800ac465e4b
 .git/objects/6b/89e11d125a0bf5b16a5f7d8a56fa245e2c1f5d,1756252786490,73bf7419a2c683737bdb29e3de108d8b1d29fda6df5da07378a0fae45af5f110
+.git/objects/66/1304c6b20a166d4c291457e67841fb6e3c7554,1756257122182,632a9e48ac24b82f88e00d7b0673cc2764204155a4fc79c9c4764945335ae3b6
+.git/objects/61/0b22eb364d9e1961438f7cd52808ce33c905cc,1756257122183,9f003fefa0588cfd8bb318dce998c4948817edbae9a171dd6a00b40b33a86602
 .git/objects/4c/f27c0be25a0de2d2ba92778dcc2dcdedcf377c,1756252786492,91792f40ae57bfd9db003977abafaedcbf0601bc5fbc2ddac45327fbbef18115
 .git/objects/42/99e75b931e2d7cd4d469a4be694952339a5684,1756252786492,86eca3e9f489492e9c64b1d4d0033786ef490a43e37139f62c5c108504e5988a
 .git/objects/3e/3ad7e45ac20d43fefd8bffcd89d065faffa610,1756256034726,5ac4d94ca491d3d9727354d227d8e9a7f3cfd8a7fe2c7cdb011656434920dbfb
@@ -73,6 +78,7 @@ images/favicon/apple-touch-icon-114x114.png,1756249074918,f546a37a01ec5ba566b3ff
 .git/objects/32/aa5f4b24af7fc958d6847b2e3533e80c205586,1756256478207,6090d60cd9c2e924cc8162b06221fcab2b02f2ec1af50b3e9de39e35f48947d7
 .git/objects/31/81cd3f4af7be5b192c9914768ead51284a5f6d,1756256034727,65ad77a123ffcc1029b0d5d611f2cc656c09b4feae6d0c4f660dfa33cb7084bf
 .git/objects/2f/4a63d98b7a9f8995ef2c205c6aad83ade8b7b6,1756252786486,a4c64f4f7149e20e53f29b134e1730bd25b698996ffbbf0f8d525496ad2f8330
+.git/objects/2e/216c8c42ef4e1d25485c2d2e85ec4bd63995d4,1756257122134,7973161683f945b9f0e479d16414051016da69c4de7a55d7090d880323e261e0
 .git/objects/26/8b56214daa8820a80d028298eb6982cf2296fc,1756256034772,98e34340a0b0488a2dced8d5ef7dee23754d2e559acd355a6472f2b88c2cffbd
 .git/objects/13/7d300cae7fb34693c9a03da4542c91e8f930ff,1756252786486,5f82afa92f5bbf91d604efc2f71fe454314f67ac1a9e5c2574e7de407e966f4c
 .git/objects/0d/4af623b99c75b840b6b83a9e615fcace65e7b8,1756252786490,8ae700f5b913470dc114d3b42718a5a38c08f0d480f8d6258cb9848f46478efe
@@ -92,18 +98,25 @@ images/favicon/apple-touch-icon-114x114.png,1756249074918,f546a37a01ec5ba566b3ff
 .git/hooks/fsmonitor-watchman.sample,1756249072697,d366d691e33458260d77c44be36050a3faf0aa12760955cc8ca85ee88389c400
 .git/hooks/commit-msg.sample,1756249072696,4df962ba3955944bec38b211351c73f083d7b0e5360a5d3d76a49548e7314f9e
 .git/hooks/applypatch-msg.sample,1756249072697,91b94f5feaf0e4d2e6e7808a9188384a4300adf024fa24c48547ee87c64d6558
-.git/COMMIT_EDITMSG,1756257122184,c045e360ab380efc9714f77976785f444d4518c05495407143a4ecc89fb74b07
-.git/index,1756257122183,0450cbf9d168d429ff4629ea5d53455ad403c06c15ff5e2e3285de1a51e286bf
-.git/refs/remotes/origin/master,1756257126325,26b0913c241ca33ad54f088ee78522f9abfcaf467426330db326fa644e1ef42b
-.git/objects/b0/a87049d7106c3bc44a2c4bfbf91ede74726689,1756257122185,d7d27be5514341e7f2280c99b2d9b021ce3a3dd3807881a9d80fedd93456157e
-.git/refs/heads/master,1756257122185,26b0913c241ca33ad54f088ee78522f9abfcaf467426330db326fa644e1ef42b
-.git/objects/fe/7abab0c4313895015c058db6a0daa4ef42eb33,1756257122135,dac6c3bff6c14c50b2aa3c6da779959f724f43ea00d5eec75c73cbc6884537bb
-.git/objects/aa/34d3ee1cac7d1ef54383e07783d044534b8736,1756257122183,30f826711200013bdb0aa2d701c9f795f04176d0ddb88ec1da9e803112c6d7a2
-.git/objects/8b/0fdf4995f44bb87d20135a2d2e5fd54ec58e33,1756257122133,d29c576a96a373d393d22cee1360fd1cb24eec19fa9dc0cf80576ff61253071f
-.git/objects/61/0b22eb364d9e1961438f7cd52808ce33c905cc,1756257122183,9f003fefa0588cfd8bb318dce998c4948817edbae9a171dd6a00b40b33a86602
-.git/logs/HEAD,1756257122185,f3ffe62e2f34fcab0880d32ca7338dfba58166650dc0414e68d87089cfbb0de3
-.git/objects/66/1304c6b20a166d4c291457e67841fb6e3c7554,1756257122182,632a9e48ac24b82f88e00d7b0673cc2764204155a4fc79c9c4764945335ae3b6
-.git/logs/refs/remotes/origin/master,1756257126326,de593dce9e5b84454aa6086d5b7483780a1ce7e8d431c8d2a52d208939474101
-.git/logs/refs/heads/master,1756257122186,f3ffe62e2f34fcab0880d32ca7338dfba58166650dc0414e68d87089cfbb0de3
-.git/objects/2e/216c8c42ef4e1d25485c2d2e85ec4bd63995d4,1756257122134,7973161683f945b9f0e479d16414051016da69c4de7a55d7090d880323e261e0
-scripts/firepad.js,1756257105473,7b589654547a36043e6e64d90921177f21e5b15798569ae26e463aa8bf77f819
+.git/COMMIT_EDITMSG,1756261126766,c2cc00e37f46758f7fea1ce3a767d167903e9f9daf7fb22ec7cfd341fee1bd43
+.git/index,1756261126765,01c60fd80c95de71604336c9425c57cf1b81039bb9a0fc7d736662e8757f2d7a
+.git/refs/remotes/origin/master,1756261164737,dd6123f6a6a68af4541e092c09a49b106f1c1161c7e55cce4521e1b822a63147
+.git/refs/heads/master,1756261126766,dd6123f6a6a68af4541e092c09a49b106f1c1161c7e55cce4521e1b822a63147
+.git/objects/e7/829e4e1aeaea1712a02a7f7322234a14946a87,1756261126763,f5b558e8c9e703ad693436500329b5e208f2a3eff50e807f00541337c22b61f3
+scripts/app.js,1756257646534,12179baa82205147429c2271c4ab04633863b12cefc09e1a0e38691f29df0e00
+simple.html,1756257590960,65a67a04af44f32308a5032967a099f6ce79f3d139389a660df56572fccc7d0d
+.git/objects/d2/38f45ee2cc95246a7b769362cb4ce22de4b017,1756261126764,b84bdc6205c7d8bef6c6443731affe02f27712f130d4ea70eac70263af777f65
+scripts/firepad.js,1756259722078,237f4d6deee7567648a81e83f547a7691496a324b3ba32658371c4052c0c572a
+.git/objects/c0/34a77b0eacaac7605d04b457080f3ae841a200,1756261126766,20ddb8bbae283138e44d578b54265bd58a077d1e3d7dcd953c73ea603b13c8f6
+.git/objects/99/b71a44f41104a3e398e45521bf889a4ce329b5,1756257692825,e1c5c2b4fb5010cc747702ba2a888b265b255f34d2a7f4280beffe562236b3b0
+.git/objects/6a/b364939249735379bb3bbc78b226b4ff5e89ca,1756257692823,b24677670c27fa8b07aae4641d8ca611371df84fd826e746cca2e632b1efa98e
+.git/objects/79/1958370c1b21aad2dbd6d6db9c21a2c190065b,1756257692822,169390aa6677f9450f2a0aa6b2e278360f13d672af9b169291711446ceb313dd
+.git/objects/8e/bbaba3cbf3dbcbf526ad8533336e631c2399b6,1756261097112,8fa357f20f944c0bc654e5d93b1759630bc7d00082bbf10a1b40bbb592eac54f
+.git/logs/HEAD,1756261126767,b7415f4d85a5f8c4aedcbefb2cea8fde3a434238dc21081621235483b1baf1f1
+.git/objects/55/2fbb36aff33f1301d74c121daeff6b73321568,1756257692823,3c3de4313d13233bd4cb3ed5a37cebae3ec4b9c9b08369b5124d0722c3c04196
+.git/logs/refs/remotes/origin/master,1756261164738,0f27424552e056ebc66f738bd54080a773183c20b022cdbc47f0c6f619e3ea28
+.git/logs/refs/heads/master,1756261126767,b7415f4d85a5f8c4aedcbefb2cea8fde3a434238dc21081621235483b1baf1f1
+.git/objects/d8/1d3983789f91773b47fdd889268187f49c2e31,1756257692777,57d9681c73235c4804a97236687e5c86965e7252c77c83dd5aa70aed6a5bfda7
+.git/objects/ac/c4c9b6c4feb3492594b26aa37ce4fca29fe23a,1756257692778,5d91aa54d900afe7ace98e6b231a76bef9fa8ada18496e411b7591f75936f043
+.git/objects/56/3d3743976d60e875bf3ac1ee838d85a0db56ad,1756257692777,a89fcfccfe7c96a3b938ec47c873fe450a042eece29c8fadc115049f85ca74ff
+scripts/firepad-broken.js,1756259556852,bcaadf7b5b40412db3f3a365275551017072a5d3561288410921baee6735c9ce

.gitignore

@@ -1,9 +1,62 @@
-/.vscode
-/node_modules
-/coverage
+# Dependencies
+node_modules/
+package-lock.json
+
+# Environment Variables - NEVER COMMIT THESE
+.env
+.env.local
+.env.production
+.env.development
+.env.example.filled
+
+# Firebase
+firebase-admin-key.json
+serviceAccountKey.json
 firebase-debug.log
-npm-debug.log
+.firebase/
 
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*.iml
 .DS_Store
-.idea
-*.iml
+
+# Logs
+logs/
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids/
+*.pid
+*.seed
+*.pid.lock
+
+# Testing
+coverage/
+.nyc_output/
+
+# Production builds
+dist/
+build/
+
+# Temporary files
+tmp/
+temp/
+
+# Security - CRITICAL
+*.pem
+*.key
+*.cert
+*.crt
+auth.js
+credentials.json
+
+# Backups
+*.backup
+*.bak
+.vercel