Added API

app/Http/Controllers/UserFlightController.php

@@ -1,15 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use App\Models\User;
-use App\Models\UserFlight;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
-use Illuminate\Support\Facades\Gate;
-
-class UserFlightController extends Controller
-{
-
-
-}

app/Http/Middleware/HandleInertiaRequests.php

@@ -37,6 +37,7 @@ class HandleInertiaRequests extends Middleware
                 'user' => $request->user(),
                 'roles' => $request->user()?->getRoleNames() ?? [],
                 'permissions' => $request->user()?->getAllPermissions()->pluck('name') ?? [],
+                'apiToken' => session('api_token'),
             ],
             'achievement_notifications' => fn() => $request->user()
                 ? $request->user()

app/Http/Middleware/SanctumOrTrustedOrigin.php

@@ -4,6 +4,7 @@ namespace App\Http\Middleware;
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
 use Symfony\Component\HttpFoundation\Response;
 
 class SanctumOrTrustedOrigin
@@ -11,7 +12,8 @@ class SanctumOrTrustedOrigin
     public function handle(Request $request, Closure $next): Response
     {
         // Authenticated via Sanctum (cookie or token) — let it through, auth()->user() is set.
-        if ($request->user('sanctum')) {
+        if ($user = $request->user('sanctum')) {
+            Auth::setUser($user);
             return $next($request);
         }
 

app/Listeners/IssueApiToken.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Listeners;
+
+use App\Models\User;
+use Illuminate\Auth\Events\Login;
+
+class IssueApiToken
+{
+    public function handle(Login $event): void
+    {
+        /** @var User $user */
+        $user = $event->user;
+        $user->tokens()->where('name', 'frontend')->delete();
+        $token = $user->createToken(
+            'frontend',
+            ['*'],
+            now()->addHours(4)
+        )->plainTextToken;
+
+        session(['api_token' => $token]);
+    }
+}

app/Listeners/RevokeApiToken.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Listeners;
+
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Queue\InteractsWithQueue;
+
+namespace App\Listeners;
+
+use App\Models\User;
+use Illuminate\Auth\Events\Logout;
+
+class RevokeApiToken
+{
+    public function handle(Logout $event): void
+    {
+        /** @var User $user */
+        $user = $event->user;
+
+        $user?->tokens()->where('name', 'frontend')->delete();
+        session()->forget('api_token');
+    }
+}

app/Providers/AppServiceProvider.php

@@ -31,8 +31,8 @@ class AppServiceProvider extends ServiceProvider
         UserFlight::observe(FlightObserver::class);
         Airline::observe(AirlineObserver::class);
         RateLimiter::for('api', function (Request $request) {
-            return $request->user()
-                ? Limit::perMinute(60)->by($request->user()->id)
+            return $request->user('sanctum')
+                ? Limit::perMinute(60)->by($request->user('sanctum')->id)
                 : Limit::perMinute(10)->by($request->ip());
         });