From 01a9029c255e44bc33cd047f775d4828383a890c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9?=
 <noreply@anthropic.com>
Date: Fri, 19 Jun 2026 17:35:53 +0300
Subject: [PATCH] =?UTF-8?q?fix(G7-B):=20stray=20=D0=BD=D0=B5-lpimp=20Beare?=
 =?UTF-8?q?r=20=D0=BD=D0=B0=20sanctum-=D1=80=D0=BE=D1=83=D1=82=D0=B5=20?=
 =?UTF-8?q?=E2=86=92=20=D1=87=D0=B8=D1=81=D1=82=D1=8B=D0=B9=20401=20=D0=B2?=
 =?UTF-8?q?=D0=BC=D0=B5=D1=81=D1=82=D0=BE=20500=20(=D0=BD=D0=B5=D1=82=20?=
 =?UTF-8?q?=D1=82=D0=B0=D0=B1=D0=BB=D0=B8=D1=86=D1=8B=20PAT)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/app/Models/PersonalAccessToken.php | 11 ++++++++++-
 app/bootstrap/app.php                  |  3 ++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/app/Models/PersonalAccessToken.php b/app/app/Models/PersonalAccessToken.php
index e52e8c51..607d90bd 100644
--- a/app/app/Models/PersonalAccessToken.php
+++ b/app/app/Models/PersonalAccessToken.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Models;
 
+use Illuminate\Database\QueryException;
 use Laravel\Sanctum\PersonalAccessToken as SanctumPersonalAccessToken;
 
 /**
@@ -28,6 +29,14 @@ class PersonalAccessToken extends SanctumPersonalAccessToken
             return null;
         }
 
-        return parent::findToken($token);
+        // В проекте нет таблицы personal_access_tokens (SPA cookie-auth, Sanctum
+        // PAT не используются). Без этого try/catch любой иной Bearer на
+        // sanctum-роуте ронял бы запрос в 500 (Undefined table) вместо чистого
+        // 401. Гасим QueryException до null — guard вернёт 401.
+        try {
+            return parent::findToken($token);
+        } catch (QueryException) {
+            return null;
+        }
     }
 }
diff --git a/app/bootstrap/app.php b/app/bootstrap/app.php
index acdd64c3..0434f708 100644
--- a/app/bootstrap/app.php
+++ b/app/bootstrap/app.php
@@ -2,6 +2,7 @@
 
 use App\Http\Middleware\ApiKeyAuth;
 use App\Http\Middleware\EnsureSaasAdmin;
+use App\Http\Middleware\ImpersonationContext;
 use App\Http\Middleware\SetTenantContext;
 use Illuminate\Database\QueryException;
 use Illuminate\Foundation\Application;
@@ -29,7 +30,7 @@ return Application::configure(basePath: dirname(__DIR__))
         ]);
 
         $middleware->web(append: [
-            \App\Http\Middleware\ImpersonationContext::class,
+            ImpersonationContext::class,
         ]);
 
         // Защитные HTTP-заголовки (CSP, X-Frame-Options, X-Content-Type-Options,