creator_id !== auth()->id()) { return response()->json(['message' => 'Unauthorized'], 403); } $validated = $request->validate([ 'step_number' => 'required|integer', 'title' => 'required|string|max:255', 'description' => 'nullable|string', 'hint_text' => 'required|string', 'hint_media_url' => 'nullable|string', 'latitude' => 'required|numeric', 'longitude' => 'required|numeric', 'radius_m' => 'integer|min:1', 'xp' => 'integer|min:0', ]); $step = $hunt->steps()->create($validated); return response()->json($step, 201); } }