Eloquent or Query Builder should be called only in repositories. Repositories should be called in Services. Services should be called inside Laravel infrastructure like Controllers, Commands, Jobs, Listeners etc.
User data calls such as Auth::id() should be present only in Controllers or sometimes - if there is no other way - in Services.
Try not to use Auth facade in business logic. Move facade calls to UserRepository, and inject user repository through interface everywhere you need to get authorized user data.
Auth::id()should be present only in Controllers or sometimes - if there is no other way - in Services.Authfacade in business logic. Move facade calls to UserRepository, and inject user repository through interface everywhere you need to get authorized user data.