add configurable JWT expiration, cookie domain, CORS origins, and service restart policies (#1956)

<!-- .github/pull_request_template.md -->

## Description
This PR introduces several configuration improvements to enhance the
application's flexibility and reliability. The changes make JWT token
expiration and cookie domain configurable via environment variables,
improve CORS configuration, and add container restart policies for
better uptime.

**JWT Token Expiration Configuration:**
- Added `JWT_LIFETIME_SECONDS` environment variable to configure JWT
token expiration time
- Set default expiration to 3600 seconds (1 hour) for both API and
client authentication backends
- Removed hardcoded expiration values in favor of environment-based
configuration
- Added documentation comments explaining the JWT strategy configuration

**Cookie Domain Configuration:**
- Added `AUTH_TOKEN_COOKIE_DOMAIN` environment variable to configure
cookie domain
- When not set or empty, cookie domain defaults to `None` allowing
cross-domain usage
- Added documentation explaining cookie expiration is handled by JWT
strategy
- Updated default_transport to use environment-based cookie domain

**CORS Configuration Enhancement:**
- Added `CORS_ALLOWED_ORIGINS` environment variable with default value
of `'*'`
- Configured frontend to use `NEXT_PUBLIC_BACKEND_API_URL` environment
variable
- Set default backend API URL to `http://localhost:8000`

**Docker Service Reliability:**
- Added `restart: always` policy to all services (cognee, frontend,
neo4j, chromadb, and postgres)
- This ensures services automatically restart on failure or system
reboot
- Improves container reliability and uptime in production and
development environments

## Acceptance Criteria
<!--
* Key requirements to the new feature or modification;
* Proof that the changes work and meet the requirements;
* Include instructions on how to verify the changes. Describe how to
test it locally;
* Proof that it's sufficiently tested.
-->

## Type of Change
<!-- Please check the relevant option -->
- [x] Bug fix (non-breaking change that fixes an issue)
- [x] New feature (non-breaking change that adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Documentation update
- [ ] Code refactoring
- [ ] Performance improvement
- [ ] Other (please specify):

## Screenshots/Videos (if applicable)
<!-- Add screenshots or videos to help explain your changes -->

## Pre-submission Checklist
<!-- Please check all boxes that apply before submitting your PR -->
- [x] **I have tested my changes thoroughly before submitting this PR**
- [x] **This PR contains minimal changes necessary to address the
issue/feature**
- [ ] My code follows the project's coding standards and style
guidelines
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] I have added necessary documentation (if applicable)
- [ ] All new and existing tests pass
- [ ] I have searched existing PRs to ensure this change hasn't been
submitted already
- [ ] I have linked any relevant issues in the description
- [ ] My commits have clear and descriptive messages

## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Services now automatically restart on failure for improved
reliability.

* **Configuration**
* Cookie domain for authentication is now configurable via environment
variable, defaulting to None if not set.
* JWT token lifetime is now configurable via environment variable, with
a 3600-second default.
* CORS allowed origins are now configurable with a default of all
origins (*).
* Frontend backend API URL is now configurable, defaulting to
http://localhost:8000.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

cognee/modules/users/authentication/default/default_transport.py

@@ -1,12 +1,22 @@
 import os
 from fastapi_users.authentication import CookieTransport
 
+# Get cookie domain from environment variable
+# If not set or empty, use None to allow cookie to work on any domain
+cookie_domain = os.getenv("AUTH_TOKEN_COOKIE_DOMAIN")
+if cookie_domain == "":
+    cookie_domain = None
+
+# Note: Cookie expiration is automatically set by FastAPI Users based on JWT Strategy's lifetime_seconds
+# The JWT Strategy lifetime_seconds is configured in get_client_auth_backend.py
+# and reads from JWT_LIFETIME_SECONDS environment variable
+
 default_transport = CookieTransport(
     cookie_name=os.getenv("AUTH_TOKEN_COOKIE_NAME", "auth_token"),
     cookie_secure=False,
     cookie_httponly=True,
     cookie_samesite="Lax",
-    cookie_domain="localhost",
+    cookie_domain=cookie_domain,  # None allows cookie to work on any domain
 )
 
 default_transport.name = "cookie"

cognee/modules/users/authentication/get_api_auth_backend.py

@@ -16,8 +16,12 @@ def get_api_auth_backend():
 
     def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]:
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
-
-        return APIJWTStrategy(secret, lifetime_seconds=36000)
+        try:
+            lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        except ValueError:
+            lifetime_seconds = 3600
+        
+        return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 
     auth_backend = AuthenticationBackend(
         name=transport.name,

cognee/modules/users/authentication/get_client_auth_backend.py

@@ -18,8 +18,12 @@ def get_client_auth_backend():
         from .default.default_jwt_strategy import DefaultJWTStrategy
 
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
+        try:
+            lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        except ValueError:
+            lifetime_seconds = 3600
 
-        return DefaultJWTStrategy(secret, lifetime_seconds=3600)
+        return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 
     auth_backend = AuthenticationBackend(
         name=transport.name,

docker-compose.yml

@@ -1,6 +1,7 @@
 services:
   cognee:
     container_name: cognee
+    restart: always
     networks:
       - cognee-network
     build:
@@ -14,6 +15,8 @@ services:
       - HOST=0.0.0.0
       - ENVIRONMENT=local
       - LOG_LEVEL=INFO
+      # CAUTION: Default '*' allows all origins. Override with specific domains in production.
+      - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*}
     extra_hosts:
       # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost"
       - "host.docker.internal:host-gateway"
@@ -68,6 +71,9 @@ services:
   # If you want to use Cognee with a UI environment you can integrate the Cognee MCP Server into Cursor / Claude Desktop / Visual Studio Code (through Cline/Roo)
   frontend:
     container_name: frontend
+    restart: always
+    environment:
+      - NEXT_PUBLIC_BACKEND_API_URL=${NEXT_PUBLIC_BACKEND_API_URL:-http://localhost:8000}
     profiles:
         - ui
     build:
@@ -85,6 +91,7 @@ services:
   neo4j:
     image: neo4j:latest
     container_name: neo4j
+    restart: always
     profiles:
       - neo4j
     ports:
@@ -99,6 +106,7 @@ services:
   chromadb:
     image: chromadb/chroma:0.6.3
     container_name: chromadb
+    restart: always
     profiles:
       - chromadb
     environment:
@@ -117,6 +125,7 @@ services:
   postgres:
     image: pgvector/pgvector:pg17
     container_name: postgres
+    restart: always
     profiles:
       - postgres
     environment: