method() !== 'POST') { http_response_code(405); Router::json(['ok' => false, 'error' => 'method_not_allowed']); return; } if (!Session::checkCsrfToken()) { http_response_code(403); Router::json(['ok' => false, 'error' => 'csrf']); return; } $session = app(SessionStoreInterface::class)->all(); $userId = (int) ($session['user']['id'] ?? 0); $bookmarkId = (int) requestInput()->body('id'); $service = app(BookmarkService::class); $deleted = $service->deleteBookmark($userId, $bookmarkId); if ($deleted) { app(SessionStoreInterface::class)->set('user_bookmarks', $service->listGroupedForUser($userId)); } Router::json(['ok' => $deleted]);