Remove Supabase auth and store OpenTopography API key in localStorage

[TsProphet94]

Motivation

• Remove the Supabase authentication dependency and UI so the generator can run fully client-side without accounts.
• Simplify client configuration to a minimal CONFIG containing only API_URL.
• Persist the OpenTopography API key locally in the browser rather than in a remote profile.
• Ensure the app shows immediately on load and strip server auth token usage from generation requests.

Description

• Removed the Supabase script, auth modal markup, and all related auth functions/handlers from webapp/static/index.html and eliminated UI elements that referenced an account (e.g., user email and sign-out button).
• Replaced the previous CONFIG with a minimal CONFIG = { API_URL: window.location.origin } and removed Supabase keys.
• Changed settings to load/save the OpenTopography API key from localStorage under the key openfront_api_key and updated settings copy to reflect local-only storage.
• Made showApp() run on page load unconditionally and removed the Authorization header/token logic from generateMap().

Testing

• Started a static server with PYENV_VERSION=3.11.12 python -m http.server 8000 and verified the page served successfully.
• Ran a Playwright script to load http://127.0.0.1:8000/static/index.html and captured a screenshot to confirm the settings modal and local-storage flow; the screenshot artifact was produced successfully.
• Committed the change (git commit) to the local branch, which completed successfully.
• All automated checks performed in the rollout (server start, page load, screenshot) succeeded.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dfa172b8b0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Restore auth header or drop server auth check

With this change the /api/generate request no longer includes an Authorization header, but the backend still enforces @require_auth and rejects requests without Bearer ... when SUPABASE_URL is configured (see require_auth in app.py which returns 401 if the header is missing and Supabase is set). In any environment where SUPABASE_URL remains set (i.e., typical production), map generation will now fail with 401 despite valid API keys. Either remove/relax the server-side auth check or keep sending a token when Supabase is configured.

Useful? React with 👍 / 👎.