middleware(['api', 'auth:api'], ['except' => ['login']]); } public function login(Request $request) { $validator = Validator::make($request->all(), [ 'email' => 'required|email', 'password' => 'required|string|min:6', ]); if ($validator->fails()) { return response()->json($validator->errors(), 422); } if (!$token = auth('api')->attempt($validator->validated())) { return response()->json(['error' => 'Unauthorized'], 401); } return $this->createNewToken($token); } public function logout(Request $request) { Auth::guard('admin')->logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect()->route('login'); } public function refresh() { $user = auth('sanctum')->user(); // Ensure this is correct if (!$user) { return response()->json(['error' => 'User not found'], 404); } $token = $user->createToken('YourAppName')->plainTextToken; // Create a new token return response()->json(['access_token' => $token], 200); } public function userProfile() { return response()->json(auth('api')->user()); } protected function createNewToken($token) { return response()->json([ 'access_token' => $token, 'token_type' => 'bearer', 'expires_in' => config('sanctum.expiration') * 60, 'user' => auth('api')->user() ]); } }