56993e4f98
- auth: logout endpoint now accepts refresh_token (was admin_id which frontend can't know) — added logout_by_token() to AuthService - api.js: sendBeacon uses Blob with application/json content-type (was sending text/plain which FastAPI couldn't parse) - Nginx: fixed SPA fallback to 404 (not SPA), added install.php PHP-FPM handler, added production HTTPS config for api.synaglobal.vip - requirements: added cryptography==44.0.0 (used by crypto.py but was missing from requirements.txt) - models: removed unused Fernet import from domain models - CORS: added http://api.synaglobal.vip origin Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>