user()->id !== $user->id) { return response()->json(['message' => 'Unauthorized'], 403); } $request->validate([ 'avatar' => ['required', 'image', 'max:2048'], // 2MB max ]); $path = $request->file('avatar')->store('avatars', 'public'); $user->update([ 'avatarUri' => url('storage/' . $path), ]); return response()->json([ 'message' => 'Avatar updated successfully', 'avatarUri' => $user->avatarUri, ]); } }