Limit-Status im Upload-Flow anzeigen (Warnbanner + Sperrzustände).

Upload-Fehlercodes auswerten und freundliche Dialoge zeigen.

app/Http/Middleware/ApiTokenAuth.php

@@ -2,11 +2,14 @@
 
 namespace App\Http\Middleware;
 
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Cache;
-use Illuminate\Support\Facades\Auth;
 use App\Models\User;
+use App\Support\ApiError;
+use Closure;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Cache;
+use Symfony\Component\HttpFoundation\Response;
 
 class ApiTokenAuth
 {
@@ -14,19 +17,30 @@ class ApiTokenAuth
     {
         $header = $request->header('Authorization', '');
         if (! str_starts_with($header, 'Bearer ')) {
-            return response()->json(['error' => ['code' => 'unauthorized']], 401);
+            return $this->unauthorizedResponse('missing_bearer');
         }
         $token = substr($header, 7);
         $userId = Cache::get('api_token:'.$token);
         if (! $userId) {
-            return response()->json(['error' => ['code' => 'unauthorized']], 401);
+            return $this->unauthorizedResponse('token_unknown');
         }
         $user = User::find($userId);
         if (! $user) {
-            return response()->json(['error' => ['code' => 'unauthorized']], 401);
+            return $this->unauthorizedResponse('user_missing');
         }
         Auth::login($user); // for policies if needed
+
         return $next($request);
     }
-}
 
+    private function unauthorizedResponse(string $reason): JsonResponse
+    {
+        return ApiError::response(
+            'unauthorized',
+            'Unauthorized',
+            'Authentication is required to access this resource.',
+            Response::HTTP_UNAUTHORIZED,
+            ['reason' => $reason]
+        );
+    }
+}