view('app'))->middleware(['auth', 'verified'])->name('dashboard'); // Server-side logout — handles hard navigation to /logout Route::get('/logout', function (Request $request) { Auth::logout(); $request->session()->invalidate(); $request->session()->regenerateToken(); return redirect('/'); })->middleware('auth')->name('logout'); Route::middleware(['auth'])->prefix('billing')->name('billing.')->group(function () { Route::get('/checkout/{tier}/{cadence}', [BillingController::class, 'checkout'])->name('checkout'); Route::get('/portal', [BillingController::class, 'portal'])->name('portal'); Route::get('/success', [BillingController::class, 'success'])->name('success'); Route::get('/cancel', [BillingController::class, 'cancel'])->name('cancel'); }); // Server-rendered legal pages — must be registered before the SPA catch-all Route::prefix('legal')->name('legal.')->group(function () { Route::view('/privacy', 'legal.privacy')->name('privacy'); Route::view('/terms', 'legal.terms')->name('terms'); Route::view('/refund', 'legal.refund')->name('refund'); Route::view('/cookies', 'legal.cookies')->name('cookies'); }); // SPA catch-all — must be last Route::get('/{any?}', fn () => view('app'))->where('any', '.*')->name('home');