group(function (): void { Route::post('register', [AuthController::class, 'register'])->name('api.v1.register'); Route::post('login', [AuthController::class, 'login'])->name('api.v1.login'); }); // Protected routes with authenticated rate limiter (120/min) Route::middleware(['auth:sanctum', 'throttle:authenticated'])->group(function (): void { Route::post('logout', [AuthController::class, 'logout'])->name('api.v1.logout'); Route::get('me', [AuthController::class, 'me'])->name('api.v1.me'); // Email verification Route::post('email/verify/{id}/{hash}', [AuthController::class, 'verifyEmail']) ->middleware('signed') ->name('verification.verify'); Route::post('email/resend', [AuthController::class, 'resendVerificationEmail']) ->middleware('throttle:6,1') ->name('verification.send'); }); // Password reset routes (public with rate limiting) Route::middleware('throttle:6,1')->group(function (): void { Route::post('forgot-password', [AuthController::class, 'forgotPassword']) ->name('password.email'); Route::post('reset-password', [AuthController::class, 'resetPassword']) ->name('password.reset'); });