feat: enhance backend security and configuration

- Updated Dockerfile to improve security with a non-root user and added health checks.
- Modified docker-compose.yml to set containers as read-only, restrict ports to localhost, and implement health checks.
- Enhanced .env.example with additional environment variables for security and configuration.
- Improved FastAPI application with middleware for security headers, CORS, and body size limits.
- Refactored authentication flow in auth.py to include state validation and improved error handling.
- Added rate limiting to various endpoints to prevent abuse.
- Updated researcher and publication handling to ensure better validation and error management.

backend/app/utils/orcid_validator.py

@@ -2,27 +2,38 @@ import re
 
 ORCID_REGEX = re.compile(r"^\d{4}-\d{4}-\d{4}-\d{3}[0-9X]$")
 
+ORCID_PATTERN = r"^\d{4}-\d{4}-\d{4}-\d{3}[0-9X]$"
 
-def is_valid_orcid(orcid_id: str) -> bool:
+
+def is_valid_orcid(orcid_id: str | None) -> bool:
     """
     Valida un ORCID ID:
     - Formato: 0000-0000-0000-0000
     - Dígito de control según ISO 7064 Mod 11-2
     """
+    if not isinstance(orcid_id, str):
+        return False
     if not ORCID_REGEX.match(orcid_id):
         return False
 
-    # Quitar guiones
     digits = orcid_id.replace("-", "")
 
     total = 0
-    # Los primeros 15 dígitos
     for char in digits[:-1]:
         total = (total + int(char)) * 2
 
-    # Resto
     remainder = total % 11
     result = (12 - remainder) % 11
     check_digit = "X" if result == 10 else str(result)
 
     return digits[-1] == check_digit
+
+
+def assert_valid_orcid(orcid_id: str) -> str:
+    """
+    Devuelve el ORCID si es válido. Lanza ValueError si no.
+    Útil para usar como Pydantic validator.
+    """
+    if not is_valid_orcid(orcid_id):
+        raise ValueError("ORCID iD inválido")
+    return orcid_id