Refactor backend to production-ready architecture with Stripe Payment Intents, security hardening, and modular structure

[Copilot]

The existing backend was a 29-line server.js with a hardcoded Stripe secret key, the deprecated Charges API, zero validation, no error handling, and no security middleware. This refactors it into a production-grade Express backend.

Backend structure

• Modular layout under src/ — routes, controllers, services, middleware, models, config, utils
• Centralized error handler with safe production responses (no stack traces leaked)
• Input validation via express-validator on all user-facing endpoints
• Pino structured logging (JSON in prod, pretty-printed in dev)
• Graceful shutdown on SIGTERM/SIGINT with 10s timeout

Stripe payments

• Replaced deprecated stripe.charges.create() with Payment Intents API
• Server-authoritative amount validation — client cannot tamper with price
• Webhook endpoint with constructEvent signature verification, registered before JSON body parser
• Frontend fetches publishable key from /api/v1/payments/config instead of hardcoding

// Before
const stripe = require('stripe')('your-secret-key-here');
const charge = await stripe.charges.create({ amount: 5000, source: token });

// After
const paymentIntent = await this.stripe.paymentIntents.create({
  amount: this._validateAmount(amount), // rejects amounts not in catalog
  currency,
  automatic_payment_methods: { enabled: true },
});

Security hardening

• All secrets via process.env with startup validation (hard fail in prod if missing)
• helmet with Stripe-aware CSP, cors origin allowlist, express-rate-limit (10 req/15min on payments, 20 on auth, 100 general)
• JWT auth middleware with guest pass-through and role-based access control
• Password hashing with bcryptjs (12 salt rounds)

Auth

• JWT-based auth service: register, login, guest flows
• Demo mode accepts any credentials (clearly marked with TODO for DB-backed replacement)
• Roles: guest | user | paid | admin

Database design

• PostgreSQL reference schemas in src/models/schemas.js for users, quiz_attempts, payments, scores
• SQL DDL + JS object representations ready for ORM integration (Prisma/Drizzle/Knex)
• Note: schemas are designed but not yet wired to a live database — this is the next step

Production readiness

• Health check at /api/v1/health
• API versioning under /api/v1
• .env.example with all required variables
• Dockerfile (Node 22 Alpine, non-root user, HEALTHCHECK)
• docker-compose.yml with optional Postgres service
• GitHub Actions CI: lint, test, Docker build + health check across Node 18/20/22
• Updated render.yaml for separate API and frontend services

What's not yet done

• Actual PostgreSQL connection + ORM (schemas are reference-only)
• Auth service DB-backed user persistence (currently in-memory/demo)
• Webhook DB writes (marked with TODO)
• Quiz attempts CRUD API
• Test suite