Expand Token Tower lab with detailed JWT vulnerabilities

Major update to the Token Tower JWT lab: adds a comprehensive README with attack walkthroughs, flags, and hints; rewrites app.py to include multiple intentional JWT vulnerabilities (weak secret, none algorithm, algorithm confusion, JWK injection, claim manipulation); improves UI/UX with styled HTML templates; adds API endpoints and public key exposure; introduces requirements.txt for dependency management; and updates the Dockerfile for best practices and requirements-based installation.

Author: santosomar

additional-labs/token-tower/Dockerfile

@@ -1,17 +1,19 @@
-FROM python:3.14-slim
+FROM python:3.12-slim
 
 # Set the working directory
 WORKDIR /app
 
-# Install the dependencies
-RUN pip install flask PyJWT
+# Copy requirements first for better caching
+COPY requirements.txt .
 
-# Copy the app.py file
+# Install dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy the application
 COPY app.py .
 
 # Expose the port
 EXPOSE 5020
 
 # Run the application
 CMD ["python", "app.py"]
-