refactor: improve security, split routes, add API resources and FormRequests

- Fix timing attack vulnerability in AuthController
- Split web.php (316 lines) into 7 focused route files
- Add 8 API Resources for consistent response formatting
- Add 8 FormRequest classes for centralized validation
- Use Resources instead of manual array mapping in controllers

routes/admin.php

@@ -0,0 +1,22 @@
+<?php
+
+use App\Http\Controllers\Admin\RadioSetupController;
+use App\Http\Controllers\Api\FurniEditorController;
+use Illuminate\Support\Facades\Route;
+
+// Admin radio setup
+Route::prefix('admin')->group(function () {
+    Route::get('/radio/setup', [RadioSetupController::class, 'index'])->name('admin.radio.setup');
+    Route::post('/radio/setup', [RadioSetupController::class, 'setup'])->name('admin.radio.setup.post');
+});
+
+// Furni editor API
+Route::prefix('api/admin/furni-editor')->middleware(['auth', 'admin.security', 'throttle:api'])->group(function () {
+    Route::get('/', [FurniEditorController::class, 'search']);
+    Route::post('/', [FurniEditorController::class, 'create']);
+    Route::get('/detail', [FurniEditorController::class, 'detail']);
+    Route::post('/update', [FurniEditorController::class, 'update']);
+    Route::post('/delete', [FurniEditorController::class, 'delete']);
+    Route::get('/interactions', [FurniEditorController::class, 'interactions']);
+    Route::get('/by-sprite', [FurniEditorController::class, 'bySprite']);
+});