group(function () { Route::get ('auth/me', [AuthController::class, 'me']); Route::post('auth/logout', [AuthController::class, 'logout']); }); // ─── Endpoints del DummyBot (ESP32) ─── // Usa el token del dispositivo en Authorization: Bearer Route::middleware('auth.device')->prefix('device')->group(function () { Route::get ('tasks/pending', [TaskController::class, 'pending']); Route::post ('tasks', [TaskController::class, 'store']); Route::post ('tasks/{task}/done', [TaskController::class, 'done']); Route::post ('tasks/{task}/snooze', [TaskController::class, 'snooze']); Route::delete('tasks/{task}', [TaskController::class, 'destroy']); Route::post ('heartbeat', function (Request $r) { return response()->json([ 'ok' => true, 'server_time' => now()->toIso8601String(), 'device' => $r->attributes->get('device')?->only('id','name'), ]); }); }); // Las rutas web JSON (/api/tasks, /api/devices, etc.) están en routes/web.php // porque necesitan sesión + Sanctum web guard para que la UI funcione sin tokens.