validate([ 'email' => ['required', 'email'], 'password' => ['required'], ]); if (! auth()->attempt($credentials)) { return response()->json(['message' => 'Invalid credentials'], 401); } if ($request->hasSession()) { $request->session()->regenerate(); } return response()->json(['data' => auth()->user()]); }); Route::middleware('auth:sanctum')->group(function () { Route::apiResource('users', UserController::class)->only(['index', 'store', 'update', 'destroy']); Route::post('/logout', function (Request $request) { // SPA sessions authenticate through the stateful `web` guard; the default // `sanctum` guard is a RequestGuard with no logout(), so call it explicitly. auth()->guard('web')->logout(); if ($request->hasSession()) { $request->session()->invalidate(); $request->session()->regenerateToken(); } return response()->json(null, 204); }); Route::get('/user', fn (Request $request) => response()->json(['data' => $request->user()])); Route::get('search', SearchController::class); Route::post('clients/import', [ClientImportController::class, 'store']); Route::apiResource('clients', ClientController::class); Route::get('clients/{client}/history', [HistoryController::class, 'index']); Route::post('clients/{client}/history', [HistoryController::class, 'store']); Route::put('history/{historyEntry}', [HistoryController::class, 'update']); Route::delete('history/{historyEntry}', [HistoryController::class, 'destroy']); Route::get('history-types', [HistoryTypeController::class, 'index']); Route::post('history-types', [HistoryTypeController::class, 'store']); Route::post('history-types/reorder', [HistoryTypeController::class, 'reorder']); Route::put('history-types/{historyType}', [HistoryTypeController::class, 'update']); Route::delete('history-types/{historyType}', [HistoryTypeController::class, 'destroy']); Route::get('custom-fields', [CustomFieldDefinitionController::class, 'index']); Route::post('custom-fields', [CustomFieldDefinitionController::class, 'store']); Route::post('custom-fields/reorder', [CustomFieldDefinitionController::class, 'reorder']); Route::put('custom-fields/{customFieldDefinition}', [CustomFieldDefinitionController::class, 'update']); Route::delete('custom-fields/{customFieldDefinition}', [CustomFieldDefinitionController::class, 'destroy']); Route::put('clients/{client}/custom-fields/{customFieldDefinition}', [CustomFieldValueController::class, 'update']); });