Security Hardening & New Tools

What’s New

• Added POST /tools/removebg background removal endpoint
• Added GET /tools/ssweb website screenshot endpoint with mobile/desktop modes
• Added helmet middleware for baseline HTTP security headers
• Added PM2 ecosystem config for server deployment
• Added /developers page with scraper developer directory
• Added Go SDK methods for Spotify and Pinterest downloaders

Improvements

• Email verification tokens now use URL hash fragments instead of query strings
• Verification tokens are consumed one-time to prevent replay attacks
• Server 5xx responses no longer expose internal error messages or query params
• Upload endpoints hardened with strict MIME and size validation
• Request logging now redacts sensitive query parameters case-insensitively
• Registration no longer reveals whether an email is already registered
• Jest transformer switched to @swc/jest for faster test execution
• Request usage telemetry persisted to disk for endpoint frequency analysis

Fixes

• Fixed lucide-react GitHub icon import causing client build failure
• Fixed DTO strict property initialization errors across all server modules