All 6 Mod modules now register API routes via ApiRoutesRegistering
instead of WebRoutesRegistering with CSRF hacks. The api middleware
group (ThrottleRequests + SubstituteBindings, no CSRF/session)
handles everything natively. Website/Api module simplified to just
metrics and homepage. fireApiRoutes() added to Web Boot.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Production stack has honeypot that null-routes API payloads sent to
the web domain. API routes now only register via Website/Api module
(api.lthn.io). Mod modules stripped to web-only routes. Frontend JS
fetch calls use configurable API_URL for cross-origin API access.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
POST endpoints on /v1/* were returning 419 CSRF mismatch because
$event->routes() wraps routes in the web middleware group which
includes ValidateCsrfToken. External clients (Blesta, curl) can't
send CSRF tokens. withoutMiddleware() on /v1/* prefixes fixes this.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 6 Mod modules now use $event->routes() and $event->views() instead
of raw Route:: and app('view')-> calls. Service singletons moved to
FrameworkBooted where appropriate. Website/Api module added for
api.lthn.io domain with proper DomainResolving.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- connect endpoint checks GatewayRegistry first for paired nodes
- Returns real WireGuard/proxy endpoints, region, load from live data
- Falls back to chain alias discovery when no paired gateways available
- Response includes source: 'paired' or 'chain' for transparency
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- POST /v1/proxy/connect — get gateway node for service type (mobile/residential/seo)
- GET /v1/proxy/usage — usage tracking per API key (bytes, GB, requests)
- GET /v1/proxy/nodes — list available nodes by capability
- GET /v1/proxy/status — network availability + service pricing
- NodeSelector: round-robin selection from chain aliases by capability
- UsageMeter: per-key tracking of bytes and requests
- Three billing models: mobile ($5/GB), residential ($2.50/GB), SEO (per-request)
- Auth required for connect/usage, public for status/nodes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
