Remove legacy frontend assets and update gallery routes

app/Providers/AppServiceProvider.php

@@ -64,6 +64,8 @@ class AppServiceProvider extends ServiceProvider
         $this->configureUploadRateLimiters();
         $this->configureMessagingRateLimiters();
         $this->configureDownloadRateLimiter();
+        $this->configureArtworkRateLimiters();
+        $this->configureReactionRateLimiters();
         $this->configureSettingsRateLimiters();
         $this->configureMailFailureLogging();
 
@@ -275,6 +277,44 @@ class AppServiceProvider extends ServiceProvider
         });
     }
 
+    private function configureArtworkRateLimiters(): void
+    {
+        RateLimiter::for('artwork-awards', function (Request $request): array {
+            $userId = $request->user()?->id;
+            $artworkId = (int) $request->route('id');
+
+            return [
+                // Prevent burst spam on a single artwork while allowing normal exploration.
+                Limit::perMinute(20)->by('awards:user:' . ($userId ?? 'guest') . ':art:' . $artworkId),
+                // Global safety net for user/IP across all artworks.
+                Limit::perMinute(120)->by('awards:user:' . ($userId ?? 'guest')),
+                Limit::perMinute(180)->by('awards:ip:' . $request->ip()),
+            ];
+        });
+    }
+
+    private function configureReactionRateLimiters(): void
+    {
+        RateLimiter::for('reactions-read', function (Request $request): array {
+            $userId = $request->user()?->id;
+
+            return [
+                // Comment-heavy pages can trigger many reaction reads at once.
+                Limit::perMinute(600)->by('reactions-read:user:' . ($userId ?? 'guest')),
+                Limit::perMinute(900)->by('reactions-read:ip:' . $request->ip()),
+            ];
+        });
+
+        RateLimiter::for('reactions-write', function (Request $request): array {
+            $userId = $request->user()?->id;
+
+            return [
+                Limit::perMinute(120)->by('reactions-write:user:' . ($userId ?? 'guest')),
+                Limit::perMinute(180)->by('reactions-write:ip:' . $request->ip()),
+            ];
+        });
+    }
+
     private function configureSettingsRateLimiters(): void
     {
         RateLimiter::for('username-check', function (Request $request): Limit {