🚀 مُصادَق: تحديث برمجي جديد 2026-05-03 15:16

public/shell.php

@@ -147,7 +147,7 @@
     <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
     <script>
         const API = {
-            baseUrl: '/api/v1',
+            baseUrl: 'index.php?route=/api/v1',
             get token() { return localStorage.getItem('access_token'); },
             async req(method, path, body = null, files = false) {
                 const headers = { 'Accept': 'application/json' };
@@ -667,6 +667,60 @@
             };
         }
 
+        function render2FAChallenge(tempToken) {
+            document.getElementById('auth-content').innerHTML = `
+                <div class="text-center mb-10">
+                    <h1 class="text-3xl font-black tracking-tighter mb-2">2FA_CHALLENGE</h1>
+                    <p class="text-bb-dim text-[10px] bb-mono uppercase">Enter terminal access code</p>
+                </div>
+                <form id="2fa-form" class="space-y-6">
+                    <input type="text" name="code" placeholder="000000" class="w-full bb-panel bg-black p-3 bb-mono text-center text-xl tracking-[1em]" required autofocus>
+                    <button type="submit" class="w-full bb-btn bb-btn-primary py-4 font-black">VERIFY_IDENTITY</button>
+                </form>
+            `;
+            document.getElementById('2fa-form').onsubmit = async (e) => {
+                e.preventDefault();
+                const code = new FormData(e.target).get('code');
+                try {
+                    // Note: We use the temp token in the header
+                    const res = await fetch('index.php?route=/api/v1/auth/2fa/verify_login', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${tempToken}` },
+                        body: JSON.stringify({ code })
+                    });
+                    const data = await res.json();
+                    if (res.ok) saveAuth(data.data);
+                    else showToast(data.error?.message_ar || 'INVALID_CODE', 'error');
+                } catch(err) {}
+            };
+        }
+
+        function renderRegister() {
+            document.getElementById('auth-content').innerHTML = `
+                <div class="text-center mb-10">
+                    <h1 class="text-3xl font-black tracking-tighter mb-2">NEW_TERMINAL</h1>
+                    <p class="text-bb-dim text-[10px] bb-mono uppercase">Register Platform Account</p>
+                </div>
+                <form id="register-form" class="space-y-4">
+                    <input type="text" name="name" placeholder="FULL_NAME" class="w-full bb-panel bg-black p-3 bb-mono text-sm" required>
+                    <input type="email" name="email" placeholder="EMAIL_IDENTITY" class="w-full bb-panel bg-black p-3 bb-mono text-sm" required>
+                    <input type="password" name="password" placeholder="PASSWORD" class="w-full bb-panel bg-black p-3 bb-mono text-sm" required>
+                    <button type="submit" class="w-full bb-btn bb-btn-primary py-4 font-black">INITIALIZE_ACCOUNT</button>
+                </form>
+                <div class="mt-8 text-center text-bb-dim text-[10px] bb-mono">
+                    ALREADY_HAVE_ACCESS? <a href="#" onclick="renderLogin()" class="text-white hover:underline">LOGIN_TERMINAL</a>
+                </div>
+            `;
+            document.getElementById('register-form').onsubmit = async (e) => {
+                e.preventDefault();
+                const fd = new FormData(e.target);
+                try {
+                    const res = await API.post('/auth/register', Object.fromEntries(fd));
+                    saveAuth(res.data);
+                } catch(err) {}
+            };
+        }
+
         function saveAuth(data) {
             localStorage.setItem('access_token', data.access_token);
             window.location.reload();