From 8d1a3d0d7db832e635d8b289371551f53958a0aa Mon Sep 17 00:00:00 2001
From: dyzulk <66510723+dyzulk@users.noreply.github.com>
Date: Sat, 10 Jan 2026 06:34:00 +0700
Subject: [PATCH] fix: restore robust CORS origins array to fix login issue

---
 api_new.php     | 137 ++++++++++++++++++++++++++++++++++++++++++++++
 api_old.php     | 143 ++++++++++++++++++++++++++++++++++++++++++++++++
 config/cors.php |   8 ++-
 diff_output.txt | 127 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 414 insertions(+), 1 deletion(-)
 create mode 100644 api_new.php
 create mode 100644 api_old.php
 create mode 100644 diff_output.txt

diff --git a/api_new.php b/api_new.php
new file mode 100644
index 0000000..d7ebefa
--- /dev/null
+++ b/api_new.php
@@ -0,0 +1,137 @@
+<?php
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Route;
+use App\Http\Controllers\AuthController;
+use App\Http\Controllers\ServiceController;
+use App\Http\Controllers\NavigationController;
+use App\Http\Controllers\Api\CertificateApiController;
+use App\Http\Controllers\Api\RootCaApiController;
+use App\Http\Controllers\Api\ApiKeyController;
+use App\Http\Controllers\Api\PublicCaController;
+use App\Http\Controllers\Api\ProfileController;
+use App\Http\Controllers\Api\UserApiController;
+use App\Http\Controllers\Api\MailController;
+use App\Http\Controllers\Api\DashboardController;
+
+// Fallback login route to prevent 500 error on auth failure
+Route::get('/auth/login-fallback', function () {
+    return response()->json(['error' => 'Unauthenticated'], 401);
+})->name('login');
+
+// Public API Routes
+Route::get('/public/ca-certificates', [PublicCaController::class, 'index']);
+Route::get('/public/ca-certificates/{serial}/download', [PublicCaController::class, 'download']);
+Route::get('/public/ca-certificates/{serial}/download/windows', [PublicCaController::class, 'downloadWindows']);
+Route::get('/public/ca-certificates/{serial}/download/mac', [PublicCaController::class, 'downloadMac']);
+Route::get('/public/ca-certificates/{serial}/download/linux', [PublicCaController::class, 'downloadLinux']);
+Route::post('/public/ca-certificates/{serial}/track', [PublicCaController::class, 'trackDownload']);
+Route::post('/public/inquiries', [\App\Http\Controllers\Api\InquiryController::class, 'store']);
+Route::get('/public/legal-pages', [\App\Http\Controllers\Api\LegalPageController::class, 'index']);
+Route::get('/public/legal-pages/{slug}', [\App\Http\Controllers\Api\LegalPageController::class, 'show']);
+// Auth routes moved to web.php for SPA session support (manually prefixed with /api there)
+// This ensures they use the 'web' middleware stack for proper session persistence.
+
+Route::middleware(['auth:sanctum'])->group(function () {
+    Route::delete('/auth/social/{provider}', [AuthController::class, 'disconnectSocial']);
+    Route::post('/auth/set-password', [AuthController::class, 'setPassword']);
+    Route::get('/auth/link-token', [AuthController::class, 'getLinkToken']);
+
+    Route::get('/user', function (Request $request) {
+        return $request->user()->load('socialAccounts');
+    });
+    Route::get('/services', [ServiceController::class, 'index']);
+    Route::get('/navigation', [NavigationController::class, 'index']);
+
+    // Core Features (Require Email Verification)
+    Route::middleware(['verified'])->group(function () {
+        // Certificate Routes
+        Route::get('/certificates', [CertificateApiController::class, 'index']);
+        Route::post('/certificates', [CertificateApiController::class, 'store']);
+        Route::get('/certificates/{certificate}', [CertificateApiController::class, 'show']);
+        Route::delete('/certificates/{certificate}', [CertificateApiController::class, 'destroy']);
+        Route::get('/certificates/{certificate}/download/{type}', [CertificateApiController::class, 'downloadFile']);
+        
+        // CA Management (Admin)
+        Route::post('/ca/setup', [CertificateApiController::class, 'setupCa']);
+
+        // Root CA Management (Admin Only)
+        Route::get('/admin/ca-certificates', [RootCaApiController::class, 'index']);
+        Route::post('/admin/ca-certificates/sync-cdn', [RootCaApiController::class, 'syncToCdn']);
+        Route::post('/admin/ca-certificates/purge-cdn', [RootCaApiController::class, 'purgeCdn']);
+        Route::post('/admin/ca-certificates/sync-crt', [RootCaApiController::class, 'syncCrtOnly']);
+        Route::post('/admin/ca-certificates/sync-installers', [RootCaApiController::class, 'syncInstallersOnly']);
+        Route::post('/admin/ca-certificates/sync-bundles', [RootCaApiController::class, 'syncBundlesOnly']);
+        Route::post('/admin/ca-certificates/{certificate}/renew', [RootCaApiController::class, 'renew']);
+        Route::post('/admin/ca-certificates/renew-all', [RootCaApiController::class, 'renewAll']);
+        Route::post('/admin/ca-certificates/{certificate}/promote', [RootCaApiController::class, 'promote']);
+
+        // API Keys Management
+        Route::get('/api-keys', [ApiKeyController::class, 'index']);
+        Route::post('/api-keys', [ApiKeyController::class, 'store']);
+        Route::delete('/api-keys/{id}', [ApiKeyController::class, 'destroy']);
+        Route::patch('/api-keys/{id}/toggle', [ApiKeyController::class, 'toggle']);
+        Route::post('/api-keys/{id}/regenerate', [ApiKeyController::class, 'regenerate']);
+
+        // Profile Management (Sensitive parts)
+        Route::patch('/profile', [ProfileController::class, 'update']);
+        Route::put('/profile/password', [ProfileController::class, 'updatePassword']);
+        Route::post('/profile/avatar', [ProfileController::class, 'updateAvatar']);
+        Route::get('/profile/login-history', [ProfileController::class, 'getLoginHistory']);
+        Route::delete('/profile', [ProfileController::class, 'deleteAccount']);
+        Route::get('/profile/sessions', [ProfileController::class, 'getActiveSessions']);
+        Route::delete('/profile/sessions/{id}', [ProfileController::class, 'revokeSession']);
+
+        // Notifications
+        Route::get('/notifications', [\App\Http\Controllers\Api\NotificationController::class, 'index']);
+        Route::patch('/notifications/{id}/read', [\App\Http\Controllers\Api\NotificationController::class, 'markAsRead']);
+        Route::post('/notifications/mark-all-read', [\App\Http\Controllers\Api\NotificationController::class, 'markAllAsRead']);
+        Route::delete('/notifications/{id}', [\App\Http\Controllers\Api\NotificationController::class, 'destroy']);
+
+        // Dashboard
+        Route::get('/dashboard', [DashboardController::class, 'index']);
+        Route::get('/dashboard/ping', [DashboardController::class, 'ping']);
+
+        // Support Tickets
+        Route::get('/support/tickets', [\App\Http\Controllers\Api\TicketController::class, 'index']);
+        Route::post('/support/tickets', [\App\Http\Controllers\Api\TicketController::class, 'store']);
+        Route::get('/support/tickets/{id}', [\App\Http\Controllers\Api\TicketController::class, 'show']);
+        Route::post('/support/tickets/{id}/reply', [\App\Http\Controllers\Api\TicketController::class, 'reply']);
+        Route::patch('/support/tickets/{id}/close', [\App\Http\Controllers\Api\TicketController::class, 'close']);
+        Route::get('/support/attachments/{attachment}', [\App\Http\Controllers\Api\AttachmentController::class, 'download']);
+
+        // User Management (Admin Only)
+        Route::apiResource('/admin/users', UserApiController::class);
+
+        // Inquiry Management (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/inquiries', [\App\Http\Controllers\Api\InquiryController::class, 'index']);
+            Route::get('/admin/inquiries/{inquiry}', [\App\Http\Controllers\Api\InquiryController::class, 'show']);
+            Route::post('/admin/inquiries/{inquiry}/reply', [\App\Http\Controllers\Api\InquiryController::class, 'reply']);
+            Route::delete('/admin/inquiries/{inquiry}', [\App\Http\Controllers\Api\InquiryController::class, 'destroy']);
+        });
+
+        // SMTP Testing (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/smtp/config', [MailController::class, 'getConfigurations']);
+            Route::post('/admin/smtp/test', [MailController::class, 'sendTestEmail']);
+        });
+
+        // Legal Pages Management (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/legal-pages', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'index']);
+            Route::post('/admin/legal-pages', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'store']);
+            Route::get('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'show']);
+            Route::get('/admin/legal-pages/{id}/history', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'getHistory']);
+            Route::put('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'update']);
+            Route::delete('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'destroy']);
+        });
+    });
+
+
+});
+
+// Authenticated API Routes (v1) - Using API Key
+Route::middleware([\App\Http\Middleware\CheckApiKey::class])->prefix('v1')->group(function () {
+    Route::get('/certificates', [CertificateApiController::class, 'index']);
+});
diff --git a/api_old.php b/api_old.php
new file mode 100644
index 0000000..6d45742
--- /dev/null
+++ b/api_old.php
@@ -0,0 +1,143 @@
+<?php
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Route;
+use App\Http\Controllers\AuthController;
+use App\Http\Controllers\ServiceController;
+use App\Http\Controllers\NavigationController;
+use App\Http\Controllers\Api\CertificateApiController;
+use App\Http\Controllers\Api\RootCaApiController;
+use App\Http\Controllers\Api\ApiKeyController;
+use App\Http\Controllers\Api\PublicCaController;
+use App\Http\Controllers\Api\ProfileController;
+use App\Http\Controllers\Api\UserApiController;
+use App\Http\Controllers\Api\MailController;
+use App\Http\Controllers\Api\DashboardController;
+
+// Fallback login route to prevent 500 error on auth failure
+Route::get('/auth/login-fallback', function () {
+    return response()->json(['error' => 'Unauthenticated'], 401);
+})->name('login');
+
+// Public API Routes
+Route::get('/public/ca-certificates', [PublicCaController::class, 'index']);
+Route::get('/public/ca-certificates/{serial}/download', [PublicCaController::class, 'download']);
+Route::get('/public/ca-certificates/{serial}/download/windows', [PublicCaController::class, 'downloadWindows']);
+Route::get('/public/ca-certificates/{serial}/download/mac', [PublicCaController::class, 'downloadMac']);
+Route::get('/public/ca-certificates/{serial}/download/linux', [PublicCaController::class, 'downloadLinux']);
+Route::post('/public/ca-certificates/{serial}/track', [PublicCaController::class, 'trackDownload']);
+Route::post('/public/inquiries', [\App\Http\Controllers\Api\InquiryController::class, 'store']);
+Route::get('/public/legal-pages', [\App\Http\Controllers\Api\LegalPageController::class, 'index']);
+Route::get('/public/legal-pages/{slug}', [\App\Http\Controllers\Api\LegalPageController::class, 'show']);
+// DEBUG ROUTE (Temporary)
+Route::get('/admin/debug/installer', [RootCaApiController::class, 'debugInstaller']);
+
+// Auth routes moved to web.php for SPA session support
+
+// Auth routes moved to web.php for SPA session support (manually prefixed with /api there)
+// This ensures they use the 'web' middleware stack for proper session persistence.
+Route::get('/navigation-debug', [NavigationController::class, 'debug']);
+
+Route::middleware(['auth:sanctum'])->group(function () {
+    Route::delete('/auth/social/{provider}', [AuthController::class, 'disconnectSocial']);
+    Route::post('/auth/set-password', [AuthController::class, 'setPassword']);
+    Route::get('/auth/link-token', [AuthController::class, 'getLinkToken']);
+
+    Route::get('/user', function (Request $request) {
+        return $request->user()->load('socialAccounts');
+    });
+    Route::get('/services', [ServiceController::class, 'index']);
+    Route::get('/navigation', [NavigationController::class, 'index']);
+
+    // Core Features (Require Email Verification)
+    Route::middleware(['verified'])->group(function () {
+        // Certificate Routes
+        Route::get('/certificates', [CertificateApiController::class, 'index']);
+        Route::post('/certificates', [CertificateApiController::class, 'store']);
+        Route::get('/certificates/{certificate}', [CertificateApiController::class, 'show']);
+        Route::delete('/certificates/{certificate}', [CertificateApiController::class, 'destroy']);
+        Route::get('/certificates/{certificate}/download/{type}', [CertificateApiController::class, 'downloadFile']);
+        
+        // CA Management (Admin)
+        Route::post('/ca/setup', [CertificateApiController::class, 'setupCa']);
+
+        // Root CA Management (Admin Only)
+        Route::get('/admin/ca-certificates', [RootCaApiController::class, 'index']);
+        Route::post('/admin/ca-certificates/sync-cdn', [RootCaApiController::class, 'syncToCdn']);
+        Route::post('/admin/ca-certificates/purge-cdn', [RootCaApiController::class, 'purgeCdn']);
+        Route::post('/admin/ca-certificates/sync-crt', [RootCaApiController::class, 'syncCrtOnly']);
+        Route::post('/admin/ca-certificates/sync-installers', [RootCaApiController::class, 'syncInstallersOnly']);
+        Route::post('/admin/ca-certificates/sync-bundles', [RootCaApiController::class, 'syncBundlesOnly']);
+        Route::post('/admin/ca-certificates/{certificate}/renew', [RootCaApiController::class, 'renew']);
+        Route::post('/admin/ca-certificates/renew-all', [RootCaApiController::class, 'renewAll']);
+        Route::post('/admin/ca-certificates/{certificate}/promote', [RootCaApiController::class, 'promote']);
+
+        // API Keys Management
+        Route::get('/api-keys', [ApiKeyController::class, 'index']);
+        Route::post('/api-keys', [ApiKeyController::class, 'store']);
+        Route::delete('/api-keys/{id}', [ApiKeyController::class, 'destroy']);
+        Route::patch('/api-keys/{id}/toggle', [ApiKeyController::class, 'toggle']);
+        Route::post('/api-keys/{id}/regenerate', [ApiKeyController::class, 'regenerate']);
+
+        // Profile Management (Sensitive parts)
+        Route::patch('/profile', [ProfileController::class, 'update']);
+        Route::put('/profile/password', [ProfileController::class, 'updatePassword']);
+        Route::post('/profile/avatar', [ProfileController::class, 'updateAvatar']);
+        Route::get('/profile/login-history', [ProfileController::class, 'getLoginHistory']);
+        Route::delete('/profile', [ProfileController::class, 'deleteAccount']);
+        Route::get('/profile/sessions', [ProfileController::class, 'getActiveSessions']);
+        Route::delete('/profile/sessions/{id}', [ProfileController::class, 'revokeSession']);
+
+        // Notifications
+        Route::get('/notifications', [\App\Http\Controllers\Api\NotificationController::class, 'index']);
+        Route::patch('/notifications/{id}/read', [\App\Http\Controllers\Api\NotificationController::class, 'markAsRead']);
+        Route::post('/notifications/mark-all-read', [\App\Http\Controllers\Api\NotificationController::class, 'markAllAsRead']);
+        Route::delete('/notifications/{id}', [\App\Http\Controllers\Api\NotificationController::class, 'destroy']);
+
+        // Dashboard
+        Route::get('/dashboard', [DashboardController::class, 'index']);
+        Route::get('/dashboard/ping', [DashboardController::class, 'ping']);
+
+        // Support Tickets
+        Route::get('/support/tickets', [\App\Http\Controllers\Api\TicketController::class, 'index']);
+        Route::post('/support/tickets', [\App\Http\Controllers\Api\TicketController::class, 'store']);
+        Route::get('/support/tickets/{id}', [\App\Http\Controllers\Api\TicketController::class, 'show']);
+        Route::post('/support/tickets/{id}/reply', [\App\Http\Controllers\Api\TicketController::class, 'reply']);
+        Route::patch('/support/tickets/{id}/close', [\App\Http\Controllers\Api\TicketController::class, 'close']);
+        Route::get('/support/attachments/{attachment}', [\App\Http\Controllers\Api\AttachmentController::class, 'download']);
+
+        // User Management (Admin Only)
+        Route::apiResource('/admin/users', UserApiController::class);
+
+        // Inquiry Management (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/inquiries', [\App\Http\Controllers\Api\InquiryController::class, 'index']);
+            Route::get('/admin/inquiries/{inquiry}', [\App\Http\Controllers\Api\InquiryController::class, 'show']);
+            Route::post('/admin/inquiries/{inquiry}/reply', [\App\Http\Controllers\Api\InquiryController::class, 'reply']);
+            Route::delete('/admin/inquiries/{inquiry}', [\App\Http\Controllers\Api\InquiryController::class, 'destroy']);
+        });
+
+        // SMTP Testing (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/smtp/config', [MailController::class, 'getConfigurations']);
+            Route::post('/admin/smtp/test', [MailController::class, 'sendTestEmail']);
+        });
+
+        // Legal Pages Management (Admin Only)
+        Route::middleware(['admin'])->group(function () {
+            Route::get('/admin/legal-pages', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'index']);
+            Route::post('/admin/legal-pages', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'store']);
+            Route::get('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'show']);
+            Route::get('/admin/legal-pages/{id}/history', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'getHistory']);
+            Route::put('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'update']);
+            Route::delete('/admin/legal-pages/{legalPage}', [\App\Http\Controllers\Api\Admin\LegalPageController::class, 'destroy']);
+        });
+    });
+
+
+});
+
+// Authenticated API Routes (v1) - Using API Key
+Route::middleware([\App\Http\Middleware\CheckApiKey::class])->prefix('v1')->group(function () {
+    Route::get('/certificates', [CertificateApiController::class, 'index']);
+});
diff --git a/config/cors.php b/config/cors.php
index 554c880..0d6d005 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -19,7 +19,13 @@ return [
 
     'allowed_methods' => ['*'],
 
-    'allowed_origins' => explode(',', env('ALLOWED_ORIGINS', 'https://trustlab.dyzulk.com,https://api.trustlab.dyzulk.com,https://docs.trustlab.dyzulk.com,https://manual-localize.docs.trustlab.dyzulk.com')),
+    'allowed_origins' => [
+        'https://trustlab.dyzulk.com',
+        'https://api.trustlab.dyzulk.com',
+        'https://docs.trustlab.dyzulk.com',
+        'https://manual-localize.docs.trustlab.dyzulk.com',
+        'https://trustlab.pages.dev',
+    ],
 
     'allowed_origins_patterns' => [
         '#^https?://.*\.trustlab\.pages\.dev$#',
diff --git a/diff_output.txt b/diff_output.txt
new file mode 100644
index 0000000..b3a6444
--- /dev/null
+++ b/diff_output.txt
@@ -0,0 +1,127 @@
+commit 73bd94c021cfd0d637f043511601d48c97acc119
+Author: dyzulk <66510723+dyzulk@users.noreply.github.com>
+Date:   Fri Jan 9 13:36:04 2026 +0700
+
+    chore: remove temporary debug routes and methods
+
+diff --git a/app/Http/Controllers/Api/RootCaApiController.php b/app/Http/Controllers/Api/RootCaApiController.php
+index bcad324..010cdc8 100644
+--- a/app/Http/Controllers/Api/RootCaApiController.php
++++ b/app/Http/Controllers/Api/RootCaApiController.php
+@@ -149,41 +149,6 @@ public function syncToCdn(Request $request)
+         }
+     }
+ 
+-    public function debugInstaller()
+-    {
+-        // Permission check skipped for debugging (Public Route)
+-        // $this->authorizeAdminOrOwner(); 
+-        
+-        try {
+-            $cert = \App\Models\CaCertificate::latest()->first();
+-            if (!$cert) return response()->json(['message' => 'No certs found']);
+-
+-            $installerService = app(\App\Services\CaInstallerService::class);
+-            
+-            // Test Windows Generation
+-            $winContent = $installerService->generateWindowsInstaller($cert);
+-            
+-            // Test Linux Generation
+-            $linuxContent = $installerService->generateLinuxInstaller($cert);
+-
+-            return response()->json([
+-                'status' => 'success',
+-                'message' => 'Installer generation test passed',
+-                'data' => [
+-                     'windows_length' => strlen($winContent),
+-                     'linux_length' => strlen($linuxContent)
+-                ]
+-            ]);
+-        } catch (\Throwable $e) {
+-            return response()->json([
+-                'status' => 'error',
+-                'message' => $e->getMessage(),
+-                'file' => $e->getFile(),
+-                'line' => $e->getLine(),
+-                'trace' => $e->getTraceAsString()
+-            ], 500);
+-        }
+-    }
+ 
+     public function promote(CaCertificate $certificate)
+     {
+diff --git a/app/Http/Controllers/NavigationController.php b/app/Http/Controllers/NavigationController.php
+index 8ce5073..262ffcb 100644
+--- a/app/Http/Controllers/NavigationController.php
++++ b/app/Http/Controllers/NavigationController.php
+@@ -111,51 +111,4 @@ public function index(Request $request)
+         return response()->json($menuGroups);
+     }
+ 
+-    public function debug()
+-    {
+-        // Simulate a User instance for admin view
+-        $user = new \App\Models\User(['first_name' => 'Debug', 'last_name' => 'Admin', 'role' => 'admin']);
+-        
+-        // This is a bit of a hack since $user->isAdmin() might be a real method, 
+-        // but for JSON structure debugging, we'll just replicate the logic or mock it.
+-        
+-        $menuGroups = [];
+-
+-        // 1. Admin Management (Simulated Admin)
+-        $menuGroups[] = [
+-            'title' => 'Admin Management',
+-            'items' => [
+-                ['name' => 'User Management', 'icon' => 'users', 'route' => '/admin/users'],
+-                ['name' => 'Root CA Management', 'icon' => 'certificate', 'route' => '/admin/root-ca'],
+-                ['name' => 'Ticket Management', 'icon' => 'support-ticket', 'route' => '/admin/tickets'],
+-                ['name' => 'Legal Page Management', 'icon' => 'pages', 'route' => '/dashboard/admin/legal'],
+-                ['name' => 'Inquiries', 'icon' => 'inbox', 'route' => '/dashboard/admin/inquiries'],
+-                ['name' => 'SMTP Tester', 'icon' => 'smtp', 'route' => '/dashboard/admin/smtp-tester'],
+-            ]
+-        ];
+-
+-        // 2. Main Menu
+-        $mainItems = [
+-            ['name' => 'Dashboard', 'icon' => 'dashboard', 'route' => '/dashboard'],
+-            ['name' => 'Certificates', 'icon' => 'certificate', 'route' => '/dashboard/certificates'],
+-            ['name' => 'API Keys', 'icon' => 'api-key', 'route' => '/dashboard/api-keys'],
+-            ['name' => 'Support Tickets', 'icon' => 'support-ticket', 'route' => '/dashboard/support'],
+-        ];
+-
+-        $menuGroups[] = [
+-            'title' => 'Menu',
+-            'items' => $mainItems,
+-        ];
+-
+-        // 3. My Account
+-        $menuGroups[] = [
+-            'title' => 'My Account',
+-            'items' => [
+-                ['name' => 'User Profile', 'icon' => 'user-profile', 'route' => '/dashboard/profile'],
+-                ['name' => 'Account Settings', 'icon' => 'settings', 'route' => '/dashboard/settings'],
+-            ]
+-        ];
+-
+-        return response()->json($menuGroups);
+-    }
+ }
+diff --git a/routes/api.php b/routes/api.php
+index 6d45742..d7ebefa 100644
+--- a/routes/api.php
++++ b/routes/api.php
+@@ -29,14 +29,8 @@
+ Route::post('/public/inquiries', [\App\Http\Controllers\Api\InquiryController::class, 'store']);
+ Route::get('/public/legal-pages', [\App\Http\Controllers\Api\LegalPageController::class, 'index']);
+ Route::get('/public/legal-pages/{slug}', [\App\Http\Controllers\Api\LegalPageController::class, 'show']);
+-// DEBUG ROUTE (Temporary)
+-Route::get('/admin/debug/installer', [RootCaApiController::class, 'debugInstaller']);
+-
+-// Auth routes moved to web.php for SPA session support
+-
+ // Auth routes moved to web.php for SPA session support (manually prefixed with /api there)
+ // This ensures they use the 'web' middleware stack for proper session persistence.
+-Route::get('/navigation-debug', [NavigationController::class, 'debug']);
+ 
+ Route::middleware(['auth:sanctum'])->group(function () {
+     Route::delete('/auth/social/{provider}', [AuthController::class, 'disconnectSocial']);