Use real API in dev full proxy

Makefile

@@ -36,6 +36,7 @@ help:
 PNPM := pnpm
 PID_FILE := .dev.pid
 LOG_FILE := .dev.log
+API_TARGET ?= https://flights.test.aeroflot.ru
 
 # Development
 dev:
@@ -46,9 +47,10 @@ dev:
 
 dev-full:
 	@echo "Starting dev server with API proxy in background..."
-	@nohup $(PNPM) dev:full > $(LOG_FILE) 2>&1 & echo $$! > $(PID_FILE)
+	@API_TARGET="$(API_TARGET)" nohup $(PNPM) dev:full > $(LOG_FILE) 2>&1 & echo $$! > $(PID_FILE)
 	@echo "Dev server started (PID: $$(cat $(PID_FILE)))"
 	@echo "  App & API:  http://localhost:8080"
+	@echo "  API target: $(API_TARGET)"
 	@echo "View logs: make logs"
 
 stop:

scripts/dev-server.mjs

@@ -17,7 +17,7 @@ import { tmpdir } from "node:os";
 
 const PUBLIC_PORT = 8080;
 const MODERNJS_PORT = 8081;
-const API_TARGET = "https://flights.test.aeroflot.ru";
+const API_TARGET = process.env.API_TARGET || "https://flights.test.aeroflot.ru";
 
 // Shared cookie jar so the Ngenix WAF cookie challenge (`ngenix_valid` +
 // 307-to-self) only runs once per dev-server lifetime, not per request.
@@ -50,24 +50,6 @@ await new Promise((r) => setTimeout(r, 18000));
 
 const app = express();
 
-// --- Mock fallback for /api/appSettings when WAF blocks requests ---
-app.get("/api/appSettings", (req, res) => {
-  res.json({
-    showDebugVersion: "False",
-    uiOptions: {
-      isTestVersion: "",
-      filter: {
-        schedule: { searchFrom: "30d", searchTo: "30d", timeStep: "" },
-        onlineboard: { searchFrom: "2d", searchTo: "14d", timeStep: "" },
-      },
-      buttons: {
-        buyTicket: { period: { min: "2h", max: "72h" } },
-        flightStatus: { availableFrom: "24h", visible: "" },
-      },
-    },
-  });
-});
-
 // --- Tile proxy via curl (binary JPEG, pipe stdout straight to response) ---
 const TILE_CONTENT_TYPES = {
   ".jpeg": "image/jpeg",