feat: add production deployment config

- Add docker-compose.prod.yml and Caddyfile for Caddy reverse proxy
- Add production stages to frontend Dockerfile (nginx for static files)
- Fix monorepo package exports for production builds (dist/src paths)
- Add CORS_ORIGIN env var for cross-origin config
- Add Better Auth baseURL, cookie domain, and trusted origins from env
- Use VITE_API_URL for API calls in auth-client and play route
- Add credentials: include for cross-origin fetch requests
- Remove unused users table from schema

apps/api/src/app.ts

@@ -9,7 +9,12 @@ import cors from "cors";
 export function createApp() {
   const app: Express = express();
 
-  app.use(cors({ origin: "http://localhost:5173", credentials: true }));
+  app.use(
+    cors({
+      origin: process.env["CORS_ORIGIN"] || "http://localhost:5173",
+      credentials: true,
+    }),
+  );
   app.all("/api/auth/*splat", toNodeHandler(auth));
   app.use(express.json());
   app.use("/api/v1", apiRouter);

apps/api/src/lib/auth.ts

@@ -4,8 +4,19 @@ import { db } from "@lila/db";
 import * as schema from "@lila/db/schema";
 
 export const auth = betterAuth({
+  baseURL: process.env["BETTER_AUTH_URL"] || "http://localhost:3000",
+  advanced: {
+    cookiePrefix: "lila",
+    defaultCookieAttributes: {
+      ...(process.env["COOKIE_DOMAIN"] && {
+        domain: process.env["COOKIE_DOMAIN"],
+      }),
+      secure: !!process.env["COOKIE_DOMAIN"],
+      sameSite: "lax" as const,
+    },
+  },
   database: drizzleAdapter(db, { provider: "pg", schema }),
-  trustedOrigins: ["http://localhost:5173"],
+  trustedOrigins: [process.env["CORS_ORIGIN"] || "http://localhost:5173"],
   socialProviders: {
     google: {
       clientId: process.env["GOOGLE_CLIENT_ID"] as string,