feat: Implement CSRF protection and PostgreSQL support

- Added CSRF protection mechanism in the backend with utility functions for token management.
- Introduced a new CSRF route to fetch the active CSRF token for SPA bootstrap flows.
- Updated the auth routes to validate CSRF tokens on sensitive operations.
- Configured PostgreSQL as a database option in the environment settings and Docker Compose.
- Created a new SQLite configuration file for local development.
- Enhanced the API client to automatically attach CSRF tokens to requests.
- Updated various frontend components to utilize the new site origin utility for SEO purposes.
- Modified Nginx configuration to improve redirection and SEO headers.
- Added tests for CSRF token handling in the authentication routes.

frontend/src/utils/seo.ts

@@ -18,6 +18,7 @@ export interface LanguageAlternate {
 }
 
 const DEFAULT_SOCIAL_IMAGE_PATH = '/social-preview.svg';
+const DEFAULT_SITE_ORIGIN = 'https://dociva.io';
 
 const LANGUAGE_CONFIG: Record<'en' | 'ar' | 'fr', { hrefLang: string; ogLocale: string }> = {
   en: { hrefLang: 'en', ogLocale: 'en_US' },
@@ -44,6 +45,19 @@ export function buildLanguageAlternates(origin: string, path: string): LanguageA
     }));
 }
 
+export function getSiteOrigin(currentOrigin = ''): string {
+  const configuredOrigin = String(import.meta.env.VITE_SITE_DOMAIN || '').trim().replace(/\/$/, '');
+  if (configuredOrigin) {
+    return configuredOrigin;
+  }
+
+  if (currentOrigin) {
+    return currentOrigin.replace(/\/$/, '');
+  }
+
+  return DEFAULT_SITE_ORIGIN;
+}
+
 export function buildSocialImageUrl(origin: string): string {
   return `${origin}${DEFAULT_SOCIAL_IMAGE_PATH}`;
 }