1 files changed, 10 insertions, 19 deletions

diff --git a/routes/web.php b/routes/web.php
index d98ed5d..6c44689 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -144,30 +144,21 @@ Route::get('/newtab', function() {
     return view('newtab');
 });
 
-//Route::post('/do', function(Request $req) {
+Route::get('/do', function(){
+    $data = [];
     $file = storage_path('app/todo.json');
-    $items = file_exists($file) ? json_decode(file_get_contents($file), true) ?? [] : [];
-    $op = $req->input('op', 'append');
-
-    if ($op === 'overwrite') {
-        $lines = array_filter(array_map('trim', explode("\n", $req->input('content', ''))));
-        $items = array_values($lines);
-    } elseif ($op === 'delete') {
-        $index = (int) $req->input('index');
-        array_splice($items, $index, 1);
-    } else {
-        // append (default)
-        $lines = array_filter(array_map('trim', explode("\n", $req->input('content', ''))));
-        $items = array_merge($items, $lines);
-    }
+    $data['items'] = file_exists($file) ? json_decode(file_get_contents($file), true) ?? [] : [];
+    return view('do', $data);
+});
 
-    file_put_contents($file, json_encode(array_values($items), JSON_PRETTY_PRINT));
-    return redirect('/do')->with('status', 'List updated.');
-})->middleware('auth');
+Route::post('/do', [SiteController::class, 'updateTodo'])->middleware('auth');
+
+// API-style todo endpoint — token auth, no CSRF needed
+Route::post('/api/do', [SiteController::class, 'updateTodoWithToken'])->middleware('throttle:public');
 
 // Catch-all: only allow specific whitelisted views
 Route::get('/{v}', function($v){
-    $allowed = ['notes', 'kyanite', 'marked', 'v', '4', 'matrix', 'psql', 'do'];
+    $allowed = ['notes', 'kyanite', 'marked', 'v', '4', 'matrix', 'psql'];
     if (!in_array($v, $allowed)) {
         abort(404);
     }