refactor: Remove unused certificate and key files; update CORS configuration in server.js

backend/server.js

@@ -37,9 +37,14 @@ async function startServer() {
     process.exit(1);
   }
 
+  const allowedOriginsFromEnv = (process.env.CORS_ALLOWED_ORIGINS || '').split(',').filter(Boolean);
+  const defaultAllowedOrigins = ['http://localhost:5173', 'https://localhost:5173', 'capacitor://localhost', 'ionic://localhost', 'http://localhost', 'https://localhost'];
+  const allowedOrigins = [...new Set([...defaultAllowedOrigins, ...allowedOriginsFromEnv])];
+
   const corsOptions = {
     origin: (origin, callback) => {
-      if (!origin || ['http://localhost:5173', 'https://localhost:5173', 'capacitor://localhost', 'ionic://localhost', 'http://localhost', 'https://localhost'].includes(origin) || origin.startsWith('capacitor://') || origin.startsWith('ionic://')) {
+      // Allow requests with no origin (like mobile apps or curl requests)
+      if (!origin || allowedOrigins.includes(origin) || origin.startsWith('capacitor://') || origin.startsWith('ionic://')) {
         callback(null, true);
       } else {
         console.log('CORS blocked origin:', origin);