feat: production deployment configuration for dk0.dev

- Fixed authentication system (removed HTTP Basic Auth popup)
- Added session-based authentication with proper logout
- Updated rate limiting (20 req/s for login, 5 req/m for admin)
- Created production deployment scripts and configs
- Updated nginx configuration for dk0.dev domain
- Added comprehensive production deployment guide
- Fixed logout button functionality
- Optimized for production with proper resource limits

app/api/auth/login/route.ts

@@ -5,14 +5,14 @@ export async function POST(request: NextRequest) {
   try {
     // Rate limiting
     const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
-    if (!checkRateLimit(ip, 5, 60000)) { // 5 login attempts per minute
+    if (!checkRateLimit(ip, 20, 60000)) { // 20 login attempts per minute
       return new NextResponse(
         JSON.stringify({ error: 'Rate limit exceeded' }), 
         { 
           status: 429, 
           headers: { 
             'Content-Type': 'application/json',
-            ...getRateLimitHeaders(ip, 5, 60000)
+            ...getRateLimitHeaders(ip, 20, 60000)
           } 
         }
       );

app/api/auth/logout/route.ts

@@ -0,0 +1,25 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export async function POST(request: NextRequest) {
+  try {
+    // Simple logout - just return success
+    // The client will handle clearing the session storage
+    return new NextResponse(
+      JSON.stringify({ success: true, message: 'Logged out successfully' }),
+      {
+        status: 200,
+        headers: {
+          'Content-Type': 'application/json',
+          'Cache-Control': 'no-cache, no-store, must-revalidate',
+          'Pragma': 'no-cache',
+          'Expires': '0'
+        }
+      }
+    );
+  } catch (error) {
+    return new NextResponse(
+      JSON.stringify({ error: 'Logout failed' }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}