Fix auth: trust reverse proxy headers, expand name fallback chain

CLAUDE.md

@@ -1 +1,7 @@
 @AGENTS.md
+
+## Project context
+This app runs on https://demo.chriseo.nl
+ZITADEL auth server: https://auth.chriseo.nl
+Git repo: https://git.chriseo.nl/chriseo/demo
+Deployed via Coolify on a Hetzner VPS (self-hosted, European stack)

auth.ts

@@ -2,6 +2,7 @@ import NextAuth from "next-auth"
 import ZITADEL from "next-auth/providers/zitadel"
 
 export const { handlers, auth, signIn, signOut } = NextAuth({
+  trustHost: true,
   providers: [
     ZITADEL({
       clientId: process.env.ZITADEL_CLIENT_ID!,
@@ -19,7 +20,10 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
         )
         const userinfo = await res.json()
         console.log("[auth] ZITADEL userinfo:", JSON.stringify(userinfo, null, 2))
-        token.name = userinfo.name ?? userinfo.preferred_username ?? token.name
+        const fullName = userinfo.given_name || userinfo.family_name
+          ? [userinfo.given_name, userinfo.family_name].filter(Boolean).join(" ")
+          : null
+        token.name = userinfo.name || fullName || userinfo.preferred_username || userinfo.email || token.name
       }
       return token
     },