The problem is your middleware is called before authorisation:
Route::get('/log'...)->middleware('view-logs');
will not work, while this will
Route::group(['middleware' => [auth:api]], function(){
Route::get('/log'...)->middleware('view-logs');
})
With auth:api or even auth middleware the logged in user appears, while without this middleware you don't have logged in user and checking for Auth::check() will always be false. That is expected behaviour.
Yes, if you are using spatie/laravel-permissions, and ->hasRole() make me think you are. Then you can get rid of self written middleware and use this.
Route::get('/log...', [...Controller::class, 'index'])->middleware('role:admin');