withRouting( web: __DIR__.'/../routes/web.php', api: __DIR__.'/../routes/api.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware): void { $middleware->append(SecurityHeaders::class); $middleware->alias([ // JWT auth 'jwt.auth' => Authenticate::class, 'jwt.refresh' => RefreshToken::class, 'api.jwt' => ApiJwtAuth::class, // Multi-guard auth (both the new and legacy alias point at the same class) 'auth.multi' => MultiAuth::class, 'multi.auth' => MultiAuth::class, // Permission / role gates 'perm' => RequirePermission::class, 'require.permission' => RequirePermission::class, 'admin.access' => EnsurePrintRequestsAdminAccess::class, 'parent.access' => EnsureParentProgressAccess::class, 'parent.progress' => EnsureParentProgressAccess::class, 'teacher.progress' => EnsureClassProgressTeacherPortalAccess::class, 'class_progress.teacher' => EnsureClassProgressTeacherPortalAccess::class, 'school_year.editable' => EnsureSchoolYearEditable::class, 'print_requests.teacher' => EnsurePrintRequestsTeacherAccess::class, 'print_requests.admin' => EnsurePrintRequestsAdminAccess::class, 'badge_scan.logs' => EnsureBadgeScanLogsAccess::class, // Docs + teacher portal 'auth.docs' => ApiDocsAuth::class, 'teacher.portal.auth' => TeacherPortalAuthenticate::class, // Utility 'timezone' => PrimeTimezone::class, 'prime.timezone' => PrimeTimezone::class, 'cleanup.scheduler' => CleanupScheduler::class, ]); $middleware->redirectGuestsTo(function (Request $request) { if ($request->is('api/*') || $request->expectsJson()) { return null; } return app(ApplicationUrlService::class)->webLoginUrl(); }); }) ->withExceptions(function (Exceptions $exceptions): void { $exceptions->render(function (AuthenticationException $e, Request $request) { if ($request->is('api/*') || $request->expectsJson()) { return response()->json(['message' => 'Unauthorized.'], 401); } }); })->create();