Added .env configuration to remove hardcoded IP issues

backend/.env.example

@@ -0,0 +1,4 @@
+# Backend Configuration
+PORT=3001
+API_HOST=localhost
+CORS_ORIGINS=http://localhost:3000

backend/server.js

@@ -1,5 +1,7 @@
 // CVE Management Backend API
-// Install: npm install express sqlite3 multer cors
+// Install: npm install express sqlite3 multer cors dotenv
+
+require('dotenv').config();
 
 const express = require('express');
 const sqlite3 = require('sqlite3').verbose();
@@ -9,7 +11,11 @@ const path = require('path');
 const fs = require('fs');
 
 const app = express();
-const PORT = 3001;
+const PORT = process.env.PORT || 3001;
+const API_HOST = process.env.API_HOST || 'localhost';
+const CORS_ORIGINS = process.env.CORS_ORIGINS
+    ? process.env.CORS_ORIGINS.split(',')
+    : ['http://localhost:3000'];
 
 // Log all incoming requests
 app.use((req, res, next) => {
@@ -19,7 +25,7 @@ app.use((req, res, next) => {
 
 // Middleware
 app.use(cors({
-  origin: ['http://localhost:3000', 'http://192.168.2.117:3000'],
+  origin: CORS_ORIGINS,
   credentials: true
 }));
 app.use(express.json());
@@ -382,5 +388,6 @@ app.get('/api/stats', (req, res) => {
 
 // Start server
 app.listen(PORT, () => {
-    console.log(`CVE API server running on http://localhost:${PORT}`);
+    console.log(`CVE API server running on http://${API_HOST}:${PORT}`);
+    console.log(`CORS origins: ${CORS_ORIGINS.join(', ')}`);
 });