messages implemented

app/Http/Controllers/Api/Messaging/AttachmentController.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Http\Controllers\Api\Messaging;
+
+use App\Http\Controllers\Controller;
+use App\Models\MessageAttachment;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Storage;
+use Symfony\Component\HttpFoundation\StreamedResponse;
+
+class AttachmentController extends Controller
+{
+    public function show(Request $request, int $id)
+    {
+        $attachment = MessageAttachment::query()
+            ->with('message:id,conversation_id')
+            ->findOrFail($id);
+
+        $conversationId = (int) ($attachment->message?->conversation_id ?? 0);
+        abort_if($conversationId <= 0, 404, 'Attachment not available.');
+
+        $authorized = \App\Models\ConversationParticipant::query()
+            ->where('conversation_id', $conversationId)
+            ->where('user_id', $request->user()->id)
+            ->whereNull('left_at')
+            ->exists();
+
+        abort_unless($authorized, 403, 'You are not allowed to access this attachment.');
+
+        $diskName = (string) config('messaging.attachments.disk', 'local');
+        $disk = Storage::disk($diskName);
+
+        return new StreamedResponse(function () use ($disk, $attachment): void {
+            echo $disk->get($attachment->storage_path);
+        }, 200, [
+            'Content-Type' => $attachment->mime,
+            'Content-Disposition' => 'inline; filename="' . addslashes($attachment->original_name) . '"',
+            'Content-Length' => (string) $attachment->size_bytes,
+        ]);
+    }
+}