Added opaque join-token support across backend and frontend: new migration/model/service/endpoints, guest controllers now resolve tokens, and the demo seeder seeds a token. Tenant event details list/manage tokens with copy/revoke actions, and the guest PWA uses tokens end-to-end (routing, storage, uploads, achievements, etc.). Docs TODO updated to reflect completed steps.

app/Models/EventJoinToken.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Models;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+
+class EventJoinToken extends Model
+{
+    use HasFactory;
+
+    protected $fillable = [
+        'event_id',
+        'token',
+        'label',
+        'usage_limit',
+        'usage_count',
+        'expires_at',
+        'revoked_at',
+        'created_by',
+        'metadata',
+    ];
+
+    protected $casts = [
+        'metadata' => 'array',
+        'expires_at' => 'datetime',
+        'revoked_at' => 'datetime',
+        'usage_limit' => 'integer',
+        'usage_count' => 'integer',
+    ];
+
+    public function event(): BelongsTo
+    {
+        return $this->belongsTo(Event::class);
+    }
+
+    public function creator(): BelongsTo
+    {
+        return $this->belongsTo(User::class, 'created_by');
+    }
+
+    public function isActive(): bool
+    {
+        if ($this->revoked_at !== null) {
+            return false;
+        }
+
+        if ($this->expires_at !== null && $this->expires_at->isPast()) {
+            return false;
+        }
+
+        if ($this->usage_limit !== null && $this->usage_count >= $this->usage_limit) {
+            return false;
+        }
+
+        return true;
+    }
+}