adding more security to api endpoints to require api token for all access, no by passing

apps/server/package.json

@@ -29,6 +29,7 @@
     "@automaker/types": "^1.0.0",
     "@automaker/utils": "^1.0.0",
     "@modelcontextprotocol/sdk": "^1.25.1",
+    "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
     "dotenv": "^17.2.3",
     "express": "^5.2.1",
@@ -37,6 +38,7 @@
     "ws": "^8.18.3"
   },
   "devDependencies": {
+    "@types/cookie-parser": "^1.4.10",
     "@types/cors": "^2.8.19",
     "@types/express": "^5.0.6",
     "@types/morgan": "^1.9.10",