Production-ready improvements: security hardening, Redis sessions, retry logic, updated pricing

Changes:
- Removed hardcoded admin credentials (now requires env vars)
- Added Redis session storage with in-memory fallback
- Improved CORS configuration with warnings for development mode
- Added retry_with_backoff decorator for translation API calls
- Updated pricing: Starter=, Pro=, Business=
- Stripe price IDs now loaded from environment variables
- Added redis to requirements.txt
- Updated .env.example with all new configuration options
- Created COMPREHENSIVE_REVIEW_AND_PLAN.md with deployment roadmap
- Frontend: Updated pricing page, new UI components

.env.example

@@ -1,14 +1,24 @@
 # Document Translation API - Environment Configuration
 # Copy this file to .env and configure your settings
+# ⚠️  NEVER commit .env to version control!
 
 # ============== Translation Services ==============
-# Default provider: google, ollama, deepl, libre, openai
+# Default provider: google, ollama, deepl, libre, openai, openrouter
 TRANSLATION_SERVICE=google
 
 # DeepL API Key (required for DeepL provider)
-DEEPL_API_KEY=your_deepl_api_key_here
+# Get from: https://www.deepl.com/pro-api
+DEEPL_API_KEY=
 
-# Ollama Configuration (for LLM-based translation)
+# OpenAI API Key (required for OpenAI provider)
+# Get from: https://platform.openai.com/api-keys
+OPENAI_API_KEY=
+
+# OpenRouter API Key (required for OpenRouter provider)
+# Get from: https://openrouter.ai/keys
+OPENROUTER_API_KEY=
+
+# Ollama Configuration (for local LLM-based translation)
 OLLAMA_BASE_URL=http://localhost:11434
 OLLAMA_MODEL=llama3
 OLLAMA_VISION_MODEL=llava
@@ -51,7 +61,10 @@ DISK_CRITICAL_THRESHOLD_GB=1.0
 ENABLE_HSTS=false
 
 # CORS allowed origins (comma-separated)
-CORS_ORIGINS=*
+# ⚠️  IMPORTANT: Set to your actual frontend domain(s) in production!
+# Example: https://yourdomain.com,https://www.yourdomain.com
+# Use "*" ONLY for local development
+CORS_ORIGINS=http://localhost:3000
 
 # Maximum request size in MB
 MAX_REQUEST_SIZE_MB=100
@@ -59,23 +72,32 @@ MAX_REQUEST_SIZE_MB=100
 # Request timeout in seconds
 REQUEST_TIMEOUT_SECONDS=300
 
+# ============== Database (Production) ==============
+# PostgreSQL connection string (recommended for production)
+# DATABASE_URL=postgresql://user:password@localhost:5432/translate_db
+
+# Redis for sessions and caching (recommended for production)
+# REDIS_URL=redis://localhost:6379/0
+
 # ============== Admin Authentication ==============
-# Admin username
+# ⚠️  REQUIRED: These must be set for admin endpoints to work!
 ADMIN_USERNAME=admin
 
-# Admin password (change in production!)
-ADMIN_PASSWORD=changeme123
-
-# Or use SHA256 hash of password (more secure)
+# Use SHA256 hash of password (recommended for production)
 # Generate with: python -c "import hashlib; print(hashlib.sha256(b'your_password').hexdigest())"
-# ADMIN_PASSWORD_HASH=
+ADMIN_PASSWORD_HASH=
 
-# Token secret for session management (auto-generated if not set)
-# ADMIN_TOKEN_SECRET=
+# Or use plain password (NOT recommended for production)
+# ADMIN_PASSWORD=
+
+# Token secret for session management
+# Generate with: python -c "import secrets; print(secrets.token_hex(32))"
+ADMIN_TOKEN_SECRET=
 
 # ============== User Authentication ==============
-# JWT secret key (auto-generated if not set)
-# JWT_SECRET_KEY=
+# JWT secret key for user tokens
+# Generate with: python -c "import secrets; print(secrets.token_urlsafe(64))"
+JWT_SECRET_KEY=
 
 # Frontend URL for redirects
 FRONTEND_URL=http://localhost:3000
@@ -86,6 +108,15 @@ STRIPE_PUBLISHABLE_KEY=pk_test_...
 STRIPE_SECRET_KEY=sk_test_...
 STRIPE_WEBHOOK_SECRET=whsec_...
 
+# Stripe Price IDs (create products in Stripe Dashboard)
+# https://dashboard.stripe.com/products
+STRIPE_PRICE_STARTER_MONTHLY=price_xxx
+STRIPE_PRICE_STARTER_YEARLY=price_xxx
+STRIPE_PRICE_PRO_MONTHLY=price_xxx
+STRIPE_PRICE_PRO_YEARLY=price_xxx
+STRIPE_PRICE_BUSINESS_MONTHLY=price_xxx
+STRIPE_PRICE_BUSINESS_YEARLY=price_xxx
+
 # ============== Monitoring ==============
 # Log level: DEBUG, INFO, WARNING, ERROR
 LOG_LEVEL=INFO