Mirrors the frontend catch-up in 570f17e: a substantial amount of
finished-but-never-committed backend work had accumulated locally.
- New CustomField module: admin-managed field definitions per client,
reorderable, typed values stored per client (backing the frontend's
ClientCustomFieldCard + settings/fields page)
- History entries switch from a hardcoded type enum to a dynamic,
admin-managed HistoryType module (reorderable, backing
settings/history-types)
- New Import module: CSV client import (backing settings/import)
- Clients table gains soft deletes (deleted_at)
- Supporting factories, seeders, policies, and feature tests for all
of the above
All 63 backend tests pass locally before this commit.
The previous Authenticate::redirectTo() -> null fix was incomplete:
Laravel's default Handler::unauthenticated() still falls back to
route('login') via '$exception->redirectTo() ?? route('login')'
whenever the request isn't detected as expectsJson() (no Accept:
application/json or X-Requested-With header), which throws
RouteNotFoundException since this app has no named login route.
Override unauthenticated() directly so this pure-API backend always
returns a JSON 401, regardless of request headers.
No named 'login' route exists anywhere in this app (it's a pure API
backend for the Nuxt SPA). Authenticate::redirectTo() called
route('login') for any request without an explicit Accept: application/json
header, throwing RouteNotFoundException and surfacing as a 500 instead
of the expected 401.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>