feat(auth): implement complete Google OAuth authentication system

- Add authentication module with Google OAuth 2.0 and JWT strategies
- Create secure user management with email hashing (SHA-256)
- Implement rate limiting (10 requests/minute) for auth endpoints
- Add CSRF protection and security middleware
- Create user registration with Basic plan (50 quota default)
- Add JWT-based session management with secure cookies
- Implement protected routes with authentication guards
- Add comprehensive API documentation with Swagger
- Configure environment variables for OAuth and security
- Add user profile management and quota tracking

Resolves authentication requirements §18-20:
- §18: Google OAuth 2.0 with email scope only
- §19: Auto-create User record on first OAuth callback
- §20: Store only Google UID, display name, and email hash

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

packages/api/.env.example

@@ -1,51 +1,43 @@
-# Database
-DATABASE_URL="postgresql://username:password@localhost:5432/seo_image_renamer?schema=public"
-
-# Application
-NODE_ENV="development"
-PORT=3001
-API_PREFIX="api/v1"
+# Database Configuration
+DATABASE_URL="postgresql://username:password@localhost:5432/seo_image_renamer"
 
 # JWT Configuration
-JWT_SECRET="your-super-secret-jwt-key-here"
+JWT_SECRET="your-super-secret-jwt-key-change-this-in-production"
 JWT_EXPIRES_IN="7d"
 
-# Google OAuth
-GOOGLE_CLIENT_ID="your-google-client-id"
+# Google OAuth Configuration
+GOOGLE_CLIENT_ID="your-google-client-id.apps.googleusercontent.com"
 GOOGLE_CLIENT_SECRET="your-google-client-secret"
-GOOGLE_REDIRECT_URI="http://localhost:3001/api/v1/auth/google/callback"
+GOOGLE_CALLBACK_URL="http://localhost:3001/api/auth/google/callback"
 
-# Stripe Configuration
-STRIPE_SECRET_KEY="sk_test_your_stripe_secret_key"
-STRIPE_PUBLISHABLE_KEY="pk_test_your_stripe_publishable_key"
-STRIPE_WEBHOOK_SECRET="whsec_your_stripe_webhook_secret"
-
-# AWS S3 Configuration
-AWS_ACCESS_KEY_ID="your-aws-access-key"
-AWS_SECRET_ACCESS_KEY="your-aws-secret-key"
-AWS_REGION="us-east-1"
-AWS_S3_BUCKET="seo-image-renamer-uploads"
-
-# OpenAI Configuration
-OPENAI_API_KEY="sk-your-openai-api-key"
-OPENAI_MODEL="gpt-4-vision-preview"
-
-# Frontend URL (for CORS)
+# Application Configuration
+NODE_ENV="development"
+PORT=3001
 FRONTEND_URL="http://localhost:3000"
 
-# Redis (for caching and queues)
-REDIS_URL="redis://localhost:6379"
+# CORS Configuration
+CORS_ORIGIN="http://localhost:3000"
 
-# Email Configuration (optional)
-SMTP_HOST="smtp.gmail.com"
-SMTP_PORT=587
-SMTP_USER="your-email@gmail.com"
-SMTP_PASS="your-email-password"
-FROM_EMAIL="noreply@seo-image-renamer.com"
+# Session Configuration  
+SESSION_SECRET="your-session-secret-change-this-in-production"
 
-# Monitoring (optional)
-SENTRY_DSN="https://your-sentry-dsn"
+# Stripe Configuration (for payments)
+STRIPE_SECRET_KEY="sk_test_your_stripe_secret_key"
+STRIPE_WEBHOOK_SECRET="whsec_your_webhook_secret"
 
-# Rate Limiting
-RATE_LIMIT_TTL=60
-RATE_LIMIT_LIMIT=10
+# AWS S3 Configuration (for image storage)
+AWS_REGION="us-east-1"
+AWS_ACCESS_KEY_ID="your-aws-access-key"
+AWS_SECRET_ACCESS_KEY="your-aws-secret-key"
+S3_BUCKET_NAME="seo-image-renamer-uploads"
+
+# OpenAI Configuration (for AI image analysis)
+OPENAI_API_KEY="sk-your-openai-api-key"
+
+# Rate Limiting Configuration
+RATE_LIMIT_WINDOW_MS=60000
+RATE_LIMIT_MAX_REQUESTS=10
+
+# Security Configuration
+BCRYPT_SALT_ROUNDS=12
+COOKIE_SECRET="your-cookie-secret-change-this-in-production"