| 47 | } |
| 48 | |
| 49 | func New(v *vault.Vault, w *watcher.Watcher, static fs.FS, cfg config.Config) *Server { |
| 50 | // Opt-in: persist browser sessions next to the host config so they survive a |
| 51 | // restart. Off by default — an empty path keeps the store purely in-memory. |
| 52 | sessionsPath := "" |
| 53 | if cfg.PersistSessions { |
| 54 | sessionsPath = config.SessionsPath() |
| 55 | } |
| 56 | return &Server{ |
| 57 | Vault: v, |
| 58 | Watcher: w, |
| 59 | Static: static, |
| 60 | Config: cfg, |
| 61 | sessions: newSessionStore(sessionsPath), |
| 62 | loginLimiter: newAttemptLimiter(10*time.Minute, 10), |
| 63 | wsRejectLimiter: newAttemptLimiter(1*time.Minute, 20), |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | func (s *Server) currentVault() *vault.Vault { |
| 68 | s.mu.RLock() |