diff --git a/public/images/icon-512.png b/images/icon-512.png
similarity index 100%
rename from public/images/icon-512.png
rename to images/icon-512.png
diff --git a/public/index.html b/index.html
similarity index 100%
rename from public/index.html
rename to index.html
diff --git a/server.js b/server.js
index d49ac37..4fc9629 100644
--- a/server.js
+++ b/server.js
@@ -3,7 +3,7 @@
 require('dotenv').config();
 const express = require('express');
 const sqlite3 = require('sqlite3').verbose();
-const bcrypt =require('bcryptjs');
+const bcrypt = require('bcryptjs');
 const jwt = require('jsonwebtoken');
 const cors = require('cors');
 const path = require('path');
@@ -18,10 +18,6 @@ const app = express();
 app.use(cors());
 app.use(express.json());
 
-// --- NEW: Serve static files from the 'public' directory ---
-app.use(express.static(path.join(__dirname, 'public')));
-
-
 const dbPath = path.resolve(__dirname, 'data', 'timetracker.db');
 const db = new sqlite3.Database(dbPath, (err) => {
     if (err) console.error("Error opening database", err.message);
@@ -46,6 +42,7 @@ function initializeDatabase() {
             }
         });
 
+        // --- NEW: Clean up past time-off requests on server start ---
         const today = new Date().toISOString().split('T')[0];
         db.run(`DELETE FROM time_off_requests WHERE end_date < ?`, [today], function(err) {
             if (err) {
@@ -73,9 +70,7 @@ function authenticateToken(req, res, next) {
     });
 }
 
-// --- ALL /api/... ROUTES GO HERE (Code unchanged) ---
-// (Your existing API routes for login, punch, admin, etc.)
-
+// --- API Routes ---
 app.post('/api/login', (req, res) => {
     const { username, password } = req.body;
     db.get('SELECT * FROM users WHERE username = ?', [username], (err, user) => {
@@ -144,6 +139,8 @@ app.get('/api/user/time-off-requests', authenticateToken, (req, res) => {
     });
 });
 
+
+// --- Admin Routes ---
 app.post('/api/admin/create-user', authenticateToken, requireRole('admin'), (req, res) => {
     const { username, password, role } = req.body;
     const userRole = (role === 'admin' || role === 'employee') ? role : 'employee';
@@ -283,6 +280,7 @@ app.post('/api/admin/update-time-off-status', authenticateToken, requireRole('ad
     });
 });
 
+// --- NEW: Route to delete a time-off request ---
 app.delete('/api/admin/time-off-requests/:id', authenticateToken, requireRole('admin'), (req, res) => {
     db.run('DELETE FROM time_off_requests WHERE id = ?', [req.params.id], function(err) {
         if (err) return res.status(500).json({ message: "Failed to delete request." });
@@ -291,12 +289,4 @@ app.delete('/api/admin/time-off-requests/:id', authenticateToken, requireRole('a
     });
 });
 
-
-// --- NEW: Add a catch-all route to serve the SPA ---
-// This should come after all API routes
-app.get('*', (req, res) => {
-    res.sendFile(path.join(__dirname, 'public', 'index.html'));
-});
-
-
 app.listen(PORT, () => console.log(`Server running on http://localhost:${PORT}`));
\ No newline at end of file