feat: implement tenant OAuth flow and guest achievements

routes/web.php

@@ -44,25 +44,6 @@ Route::get('/super-admin/templates/emotions.csv', function () {
     return response()->stream($callback, 200, $headers);
 });
 
-// Tenant Admin API (temporary token-based, no hardening)
-Route::prefix('api/v1/tenant')->group(function () {
-    Route::post('/login', [\App\Http\Controllers\Api\TenantController::class, 'login']);
-    Route::middleware([\App\Http\Middleware\ApiTokenAuth::class])->group(function () {
-        Route::get('/me', [\App\Http\Controllers\Api\TenantController::class, 'me']);
-        Route::get('/events', [\App\Http\Controllers\Api\TenantController::class, 'events']);
-        Route::get('/events/{id}', [\App\Http\Controllers\Api\TenantController::class, 'showEvent']);
-        Route::post('/events', [\App\Http\Controllers\Api\TenantController::class, 'storeEvent']);
-        Route::put('/events/{id}', [\App\Http\Controllers\Api\TenantController::class, 'updateEvent']);
-        Route::post('/events/{id}/toggle', [\App\Http\Controllers\Api\TenantController::class, 'toggleEvent']);
-        Route::get('/events/{id}/photos', [\App\Http\Controllers\Api\TenantController::class, 'eventPhotos']);
-        Route::get('/events/{id}/stats', [\App\Http\Controllers\Api\TenantController::class, 'eventStats']);
-        Route::post('/events/{id}/invites', [\App\Http\Controllers\Api\TenantController::class, 'createInvite']);
-        Route::post('/photos/{id}/feature', [\App\Http\Controllers\Api\TenantController::class, 'featurePhoto']);
-        Route::post('/photos/{id}/unfeature', [\App\Http\Controllers\Api\TenantController::class, 'unfeaturePhoto']);
-        Route::delete('/photos/{id}', [\App\Http\Controllers\Api\TenantController::class, 'deletePhoto']);
-    });
-});
-
 // Tenant Admin PWA shell
 Route::view('/admin/{any?}', 'admin')->where('any', '.*');
 Route::get('/admin/qr', [\App\Http\Controllers\Admin\QrController::class, 'png']);