middleware('auth')->except(['index']); } public function index(Video $video) { $comments = $video->comments()->whereNull('parent_id')->with(['user', 'replies.user'])->get(); return response()->json($comments); } public function store(Request $request, Video $video) { $request->validate([ 'body' => 'required|string|max:1000', 'parent_id' => 'nullable|exists:comments,id', ]); $comment = $video->comments()->create([ 'user_id' => Auth::id(), 'body' => $request->body, 'parent_id' => $request->parent_id, ]); // Handle mentions preg_match_all('/@(\w+)/', $request->body, $matches); if (!empty($matches[1])) { // Mentions found - in production, you would send notifications here // For now, we just parse them } return response()->json($comment->load('user')); } public function update(Request $request, Comment $comment) { if ($comment->user_id !== Auth::id()) { return response()->json(['error' => 'Unauthorized'], 403); } $request->validate([ 'body' => 'required|string|max:1000', ]); $comment->update([ 'body' => $request->body, ]); return response()->json($comment->load('user')); } public function destroy(Comment $comment) { if ($comment->user_id !== Auth::id()) { return response()->json(['error' => 'Unauthorized'], 403); } $comment->delete(); return response()->json(['success' => true]); } }