✨ Add OAuth functionality, MCP tools, and feature tests

- 🔒 Added migrations for `oauth_access_tokens`, `oauth_refresh_tokens`, `oauth_auth_codes`, `oauth_clients`, and `oauth_device_codes`.
- 🤖 Created MCP tools (Meetups, Cities, Venues, Courses, Lecturers) for managing entities with authentication and validation.
- 🛠️ Implemented Passport-backed OAuth API guard configuration and validation endpoints.
- ✅ Added comprehensive feature tests for MCP tools and OAuth functionality (access control, validation, and token-based authentication).

app/Mcp/Tools/Lecturer/CreateLecturerTool.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Mcp\Tools\Lecturer;
+
+use App\Http\Requests\Api\StoreLecturerRequest;
+use App\Http\Resources\LecturerResource;
+use App\Models\Lecturer;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+
+#[Description('Legt einen neuen Referenten für den authentifizierten Nutzer an. Der Ersteller (created_by) wird automatisch gesetzt.')]
+class CreateLecturerTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('create', Lecturer::class)) {
+            return Response::error('Nicht berechtigt, einen Referenten anzulegen.');
+        }
+
+        $storeRequest = new StoreLecturerRequest;
+
+        $validated = $request->validate(
+            $storeRequest->rules(),
+            $storeRequest->messages(),
+        );
+
+        $lecturer = Lecturer::create($validated);
+
+        return Response::json(LecturerResource::make($lecturer->fresh())->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'name' => $schema->string()->description('Name des Referenten.')->required(),
+            'subtitle' => $schema->string()->description('Untertitel.'),
+            'intro' => $schema->string()->description('Einleitungstext.'),
+            'description' => $schema->string()->description('Beschreibung.'),
+            'active' => $schema->boolean()->description('Aktiv.'),
+            'website' => $schema->string()->description('Webseiten-URL.'),
+            'twitter_username' => $schema->string()->description('Twitter/X-Benutzername.'),
+            'nostr' => $schema->string()->description('Nostr-Identifier.'),
+            'lightning_address' => $schema->string()->description('Lightning-Adresse.'),
+            'lnurl' => $schema->string()->description('LNURL.'),
+            'node_id' => $schema->string()->description('Lightning-Node-ID.'),
+            'paynym' => $schema->string()->description('PayNym.'),
+            'team_id' => $schema->integer()->description('ID des zugehörigen Teams.'),
+        ];
+    }
+}

app/Mcp/Tools/Lecturer/ListMyLecturersTool.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Mcp\Tools\Lecturer;
+
+use App\Http\Resources\LecturerResource;
+use App\Models\Lecturer;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
+
+#[IsReadOnly]
+#[Description('Listet alle vom authentifizierten Nutzer erstellten Referenten, alphabetisch sortiert.')]
+class ListMyLecturersTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('viewAny', Lecturer::class)) {
+            return Response::error('Nicht authentifiziert.');
+        }
+
+        $lecturers = Lecturer::query()
+            ->where('created_by', $user->getAuthIdentifier())
+            ->orderBy('name')
+            ->get();
+
+        return Response::json(LecturerResource::collection($lecturers)->resolve());
+    }
+}

app/Mcp/Tools/Lecturer/ShowMyLecturerTool.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace App\Mcp\Tools\Lecturer;
+
+use App\Http\Resources\LecturerResource;
+use App\Models\Lecturer;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+use Laravel\Mcp\Server\Tools\Annotations\IsReadOnly;
+
+#[IsReadOnly]
+#[Description('Zeigt einen einzelnen, vom authentifizierten Nutzer erstellten Referenten.')]
+class ShowMyLecturerTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $lecturer = Lecturer::find($request->get('id'));
+
+        if (! $lecturer) {
+            return Response::error('Referent nicht gefunden.');
+        }
+
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('view', $lecturer)) {
+            return Response::error('Nur der Ersteller oder ein Super-Admin darf diesen Referenten sehen.');
+        }
+
+        return Response::json(LecturerResource::make($lecturer)->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'id' => $schema->integer()->description('ID des Referenten.')->required(),
+        ];
+    }
+}

app/Mcp/Tools/Lecturer/UpdateLecturerTool.php

@@ -0,0 +1,62 @@
+<?php
+
+namespace App\Mcp\Tools\Lecturer;
+
+use App\Http\Requests\Api\UpdateLecturerRequest;
+use App\Http\Resources\LecturerResource;
+use App\Models\Lecturer;
+use Illuminate\Contracts\JsonSchema\JsonSchema;
+use Illuminate\JsonSchema\Types\Type;
+use Illuminate\Support\Facades\Gate;
+use Laravel\Mcp\Request;
+use Laravel\Mcp\Response;
+use Laravel\Mcp\Server\Attributes\Description;
+use Laravel\Mcp\Server\Tool;
+
+#[Description('Aktualisiert einen bestehenden Referenten. Nur der Ersteller oder ein Super-Admin darf ihn ändern.')]
+class UpdateLecturerTool extends Tool
+{
+    public function handle(Request $request): Response
+    {
+        $lecturer = Lecturer::find($request->get('id'));
+
+        if (! $lecturer) {
+            return Response::error('Referent nicht gefunden.');
+        }
+
+        $user = $request->user();
+
+        if ($user === null || Gate::forUser($user)->denies('update', $lecturer)) {
+            return Response::error('Nur der Ersteller oder ein Super-Admin darf diesen Referenten ändern.');
+        }
+
+        $validated = $request->validate((new UpdateLecturerRequest)->rules());
+
+        $lecturer->update($validated);
+
+        return Response::json(LecturerResource::make($lecturer->fresh())->resolve());
+    }
+
+    /**
+     * @return array<string, Type>
+     */
+    public function schema(JsonSchema $schema): array
+    {
+        return [
+            'id' => $schema->integer()->description('ID des zu aktualisierenden Referenten.')->required(),
+            'name' => $schema->string()->description('Name des Referenten.'),
+            'subtitle' => $schema->string()->description('Untertitel.'),
+            'intro' => $schema->string()->description('Einleitungstext.'),
+            'description' => $schema->string()->description('Beschreibung.'),
+            'active' => $schema->boolean()->description('Aktiv.'),
+            'website' => $schema->string()->description('Webseiten-URL.'),
+            'twitter_username' => $schema->string()->description('Twitter/X-Benutzername.'),
+            'nostr' => $schema->string()->description('Nostr-Identifier.'),
+            'lightning_address' => $schema->string()->description('Lightning-Adresse.'),
+            'lnurl' => $schema->string()->description('LNURL.'),
+            'node_id' => $schema->string()->description('Lightning-Node-ID.'),
+            'paynym' => $schema->string()->description('PayNym.'),
+            'team_id' => $schema->integer()->description('ID des zugehörigen Teams.'),
+        ];
+    }
+}