fix(session-storage): add typing and trust proxy setting (#9725)

Added explicit typing for session storage options to improve type
safety. Enabled 'trust proxy' to ensure proper client IP and protocol
detection behind proxies. These changes improve security and reliability
in session handling.

packages/twenty-server/src/engine/core-modules/session-storage/session-storage.module-factory.ts

@@ -14,10 +14,11 @@ export const getSessionStorageOptions = (
 
   const SERVER_URL = environmentService.get('SERVER_URL');
 
-  const sessionStorage = {
+  const sessionStorage: session.SessionOptions = {
     secret: environmentService.get('SESSION_STORE_SECRET'),
     resave: false,
     saveUninitialized: false,
+    proxy: true,
     cookie: {
       secure: !!(SERVER_URL && SERVER_URL.startsWith('https')),
       maxAge: 1000 * 60 * 30, // 30 minutes

packages/twenty-server/src/main.ts

@@ -38,6 +38,8 @@ const bootstrap = async () => {
   const logger = app.get(LoggerService);
   const environmentService = app.get(EnvironmentService);
 
+  app.use(session(getSessionStorageOptions(environmentService)));
+
   // TODO: Double check this as it's not working for now, it's going to be helpful for durable trees in twenty "orm"
   // // Apply context id strategy for durable trees
   // ContextIdFactory.apply(new AggregateByWorkspaceContextIdStrategy());
@@ -83,9 +85,6 @@ const bootstrap = async () => {
   // Inject the server url in the frontend page
   generateFrontConfig();
 
-  // Enable session - Today it's used only for SSO
-  app.use(session(getSessionStorageOptions(environmentService)));
-
   await app.listen(environmentService.get('PORT'));
 };