Authentication & Authorization

The project uses Laravel Sanctum with session-based authentication (stateful).

Workflow:
1. Frontend requests a CSRF cookie from the backend (/sanctum/csrf-cookie).
2. User submits credentials to the login endpoint.
3. Backend issues a session cookie.
4. Subsequent requests include the session cookie and a X-XSRF-TOKEN header automatically.
Middleware: Routes are protected using nuxt-auth-sanctum middleware. Custom global middleware (02.check_login_status.global.js) ensures that authenticated users always have their profile data populated in the Pinia store.