fix: switch API routing to query string for Nginx compatibility

app/Core/Request.php

@@ -19,14 +19,8 @@ final class Request
     {
         $this->method = $_SERVER['REQUEST_METHOD'];
         
-        // Normalize path: extract /api/v1/... portion from any subdirectory structure
+        // Read API path from query string: index.php?route=/api/v1/auth/login
-        $rawPath = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+        $this->path = $_GET['route'] ?? parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
-        $apiPos = strpos($rawPath, '/api/v1/');
-        if ($apiPos !== false) {
-            $this->path = substr($rawPath, $apiPos); // e.g. /api/v1/auth/login
-        } else {
-            $this->path = $rawPath;
-        }
         $this->headers = getallheaders();
         $this->queryParams = $_GET;
         $this->files = $_FILES;

public/index.php

@@ -64,11 +64,11 @@ $router->addRoute('GET', '/api/v1/health', function($request) {
     ]);
 });
 
-// ══ SPA Shell ═══════════════════════════════════════════════
+// ══ Determine if this is an API request ═════════════════════════════
-$fullPath = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+$apiRoute = $_GET['route'] ?? null;
 
-// Check if this is an API request (works regardless of subdirectory)
+if (!$apiRoute) {
-if (!str_contains($fullPath, '/api/v1/')) {
+    // Not an API call — serve the SPA shell
     include __DIR__ . '/shell.php';
     exit;
 }

public/shell.php

@@ -76,7 +76,7 @@
         // مُصادَق — API Client (Inlined for reliability)
         // ══════════════════════════════════════════════════════════
         const API = {
-            baseUrl: 'index.php/api/v1', // Correct entry point and prefix
+            baseUrl: 'index.php?route=/api/v1',
             accessToken: localStorage.getItem('access_token'),
             async post(path, body) {
                 const headers = { 'Accept': 'application/json', 'Content-Type': 'application/json' };