Implement backend API and database services in Docker setup

- Added a new `api` service for the NestJS backend, including health checks and dependencies on PostgreSQL, Redis, and MinIO.
- Introduced PostgreSQL and Redis services with health checks and configurations for data persistence.
- Added MinIO for S3-compatible object storage and a one-shot service to initialize required buckets.
- Updated the Nginx configuration to proxy requests to the new backend API and MinIO storage.
- Enhanced the Dockerfile to support the new API environment variables and configurations.
- Updated the `package.json` and `package-lock.json` to include new dependencies for QR code generation and other utilities.

Co-authored-by: Cursor <cursoragent@cursor.com>

backend/src/drm/drm.controller.ts

@@ -0,0 +1,18 @@
+import { Controller, Get, UseGuards } from '@nestjs/common';
+import { DRMService } from './drm.service';
+import { HybridAuthGuard } from 'src/auth/guards/hybrid-auth.guard';
+import { SubscriptionsGuard } from 'src/subscriptions/guards/subscription.guard';
+import { Subscriptions } from 'src/subscriptions/decorators/subscriptions.decorator';
+
+@Controller('drm')
+export class DRMController {
+  constructor(private readonly _DRMService: DRMService) {}
+
+  @Get('auth')
+  @UseGuards(HybridAuthGuard, SubscriptionsGuard)
+  @Subscriptions(['enthusiast', 'film-buff', 'cinephile'])
+  async authDRM() {
+    const token = await this._DRMService.getDRMToken();
+    return { token };
+  }
+}

backend/src/drm/drm.module.ts

@@ -0,0 +1,15 @@
+import { Module } from '@nestjs/common';
+import { DRMService } from './drm.service';
+import { DRMController } from './drm.controller';
+
+/**
+ * DRM module stub.
+ * KeyOS integration removed. DRM token endpoint returns disabled status.
+ * AES-128 key delivery handled by contents/key.controller.ts instead.
+ */
+@Module({
+  controllers: [DRMController],
+  providers: [DRMService],
+  exports: [DRMService],
+})
+export class DRMModule {}

backend/src/drm/drm.service.ts

@@ -0,0 +1,20 @@
+import { Injectable, Logger } from '@nestjs/common';
+
+/**
+ * DRM service stub.
+ * The original used BuyDRM/KeyOS for Widevine/FairPlay token generation.
+ * Replaced with a no-op stub. Content protection is now handled by
+ * AES-128 HLS encryption with a self-hosted key server.
+ * See: contents/key.controller.ts for the new key delivery system.
+ */
+@Injectable()
+export class DRMService {
+  private readonly logger = new Logger(DRMService.name);
+
+  async getDRMToken(): Promise<string | false> {
+    this.logger.warn(
+      'getDRMToken called -- DRM is disabled. Use AES-128 HLS encryption instead.',
+    );
+    return false;
+  }
+}