fix: add trust proxy and improve session configuration for nginx

Add Express trust proxy setting and improve session cookie configuration
to work properly behind nginx reverse proxy.

Changes:
- Add app.set('trust proxy', 1) before session middleware
- Update session cookie with sameSite: 'lax' and httpOnly: true
- Add explicit cookie name: 'connect.sid'

This works together with nginx location blocks to route /api/projects
and /api/recycle-bin requests to the Obsidian Web Interface (port 3010)
instead of the generic Next.js backend (port 8080).

Fixes "Failed to load on projects" error on production domain.

See AUTHENTICATION_FIX_REPORT.md for full details.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

server.js

@@ -45,6 +45,9 @@ setInterval(() => {
   claudeService.cleanup();
 }, 60 * 60 * 1000);
 
+// Trust proxy for proper session handling behind nginx
+app.set('trust proxy', 1);
+
 // Middleware
 app.use(express.json());
 app.use(express.urlencoded({ extended: true }));
@@ -53,9 +56,12 @@ app.use(session({
   resave: false,
   saveUninitialized: false,
   cookie: {
-    secure: false, // Set to true if using HTTPS
+    secure: false, // Will work with both HTTP and HTTPS behind proxy
+    sameSite: 'lax',
+    httpOnly: true,
     maxAge: 24 * 60 * 60 * 1000 // 24 hours
-  }
+  },
+  name: 'connect.sid'
 }));
 
 // Authentication middleware