header('Authorization', ''); if (! str_starts_with($header, 'Bearer ')) { return response()->json(['error' => ['code' => 'unauthorized']], 401); } $token = substr($header, 7); $userId = Cache::get('api_token:'.$token); if (! $userId) { return response()->json(['error' => ['code' => 'unauthorized']], 401); } $user = User::find($userId); if (! $user) { return response()->json(['error' => ['code' => 'unauthorized']], 401); } Auth::login($user); // for policies if needed return $next($request); } }