feat: add JWT auth foundation - /api/v1/ with admin login, refresh, me, health endpoints

- Add djangorestframework-simplejwt==5.3.1 to requirements-docker.txt
- Configure REST_FRAMEWORK with JWTAuthentication and SIMPLE_JWT settings
- Create admin_api Django app with AdminLoginView, MeView, HealthView
- Wire /api/v1/ routes without touching existing /api/ mobile endpoints
- Resolve pre-existing events migration conflict (0010_merge)
- Superuser admin created for initial authentication

eventify/settings.py

@@ -9,7 +9,7 @@ SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'change-me-in-production')
 #
 # ALLOWED_HOSTS = os.environ.get('DJANGO_ALLOWED_HOSTS', '*').split(',')
 
-DEBUG = True
+DEBUG = False
 
 ALLOWED_HOSTS = [
     '*'
@@ -33,7 +33,10 @@ INSTALLED_APPS = [
     'bookings',
     'banking_operations',
     'rest_framework',
-    'rest_framework.authtoken'
+    'rest_framework.authtoken',
+    'rest_framework_simplejwt',
+    'admin_api',
+    'django_summernote'
 ]
 
 INSTALLED_APPS += [
@@ -54,10 +57,17 @@ MIDDLEWARE = [
 ]
 
 CORS_ALLOWED_ORIGINS = [
+    "http://localhost:5178",
+    "http://localhost:5179",
     "http://localhost:5173",
+    "http://localhost:3001",
+    "http://localhost:3000",
     "https://prototype.eventifyplus.com",
     "https://eventifyplus.com",
-    "https://mv.eventifyplus.com"
+    "https://mv.eventifyplus.com",
+    "https://db.eventifyplus.com",
+    "https://test.eventifyplus.com",
+    "https://em.eventifyplus.com"
 ]
 
 ROOT_URLCONF = 'eventify.urls'
@@ -82,8 +92,12 @@ WSGI_APPLICATION = 'eventify.wsgi.application'
 
 DATABASES = {
     'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': BASE_DIR / 'db.sqlite3',
+        'ENGINE': os.environ.get('DB_ENGINE', 'django.db.backends.sqlite3'),
+        'NAME': os.environ.get('DB_NAME', str(BASE_DIR / 'db.sqlite3')),
+        'USER': os.environ.get('DB_USER', ''),
+        'PASSWORD': os.environ.get('DB_PASS', ''),
+        'HOST': os.environ.get('DB_HOST', ''),
+        'PORT': os.environ.get('DB_PORT', '5432'),
     }
 }
 
@@ -118,6 +132,8 @@ STATICFILES_DIRS = [BASE_DIR / 'static']
 MEDIA_URL = '/media/'
 MEDIA_ROOT = BASE_DIR / 'media'
 
+X_FRAME_OPTIONS = 'SAMEORIGIN'
+
 AUTH_USER_MODEL = 'accounts.User'
 
 LOGIN_URL = 'login'
@@ -125,4 +141,37 @@ LOGIN_REDIRECT_URL = 'dashboard'
 LOGOUT_REDIRECT_URL = 'login'
 
 # EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-# DEFAULT_FROM_EMAIL = 'no-reply@example.com'
+# DEFAULT_FROM_EMAIL = 'no-reply@example.com'
+
+SUMMERNOTE_THEME = 'bs5'
+
+# Reverse proxy / CSRF fix
+CSRF_TRUSTED_ORIGINS = [
+    'https://db.eventifyplus.com',
+    'https://uat.eventifyplus.com',
+    'https://test.eventifyplus.com',
+    'https://eventifyplus.com',
+]
+
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+USE_X_FORWARDED_HOST = True
+
+# --- JWT Auth (Phase 1) ---
+from datetime import timedelta
+
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
+    ),
+    'DEFAULT_PERMISSION_CLASSES': (
+        'rest_framework.permissions.IsAuthenticated',
+    ),
+}
+
+SIMPLE_JWT = {
+    'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
+    'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
+    'AUTH_HEADER_TYPES': ('Bearer',),
+    'USER_ID_FIELD': 'id',
+    'USER_ID_CLAIM': 'user_id',
+}

eventify/urls.py

@@ -35,7 +35,10 @@ urlpatterns = [
     path('partner/', include('partner.urls')),
     path('banking/', include('banking_operations.urls')),
     path('api/', include('mobile_api.urls')),
+    path('api/v1/', include('admin_api.urls')),
     # path('web-api/', include('web_api.urls')),
+
+    path('summernote/', include('django_summernote.urls')),
 ]
 
 urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)