(w http.ResponseWriter, r *http.Request)
| 452 | } |
| 453 | |
| 454 | func (s *Server) sessionLogin(w http.ResponseWriter, r *http.Request) { |
| 455 | cfg := s.currentConfig() |
| 456 | if !s.loginLimiter.allow(s.clientAddressKey(r)) { |
| 457 | http.Error(w, "too many login attempts", http.StatusTooManyRequests) |
| 458 | return |
| 459 | } |
| 460 | |
| 461 | if strings.TrimSpace(cfg.AuthToken) == "" { |
| 462 | writeJSON(w, http.StatusOK, sessionStatusPayload(true, cfg)) |
| 463 | return |
| 464 | } |
| 465 | |
| 466 | var req struct { |
| 467 | Token string `json:"token"` |
| 468 | } |
| 469 | if err := readJSON(r, &req); err != nil { |
| 470 | http.Error(w, err.Error(), http.StatusBadRequest) |
| 471 | return |
| 472 | } |
| 473 | if subtleCompare(strings.TrimSpace(req.Token), strings.TrimSpace(cfg.AuthToken)) { |
| 474 | s.loginLimiter.reset(s.clientAddressKey(r)) |
| 475 | token, expiresAt, err := s.sessions.create() |
| 476 | if err != nil { |
| 477 | writeError(w, err) |
| 478 | return |
| 479 | } |
| 480 | http.SetCookie(w, s.sessionCookie(r, token, expiresAt)) |
| 481 | writeJSON(w, http.StatusOK, sessionStatusPayload(true, cfg)) |
| 482 | return |
| 483 | } |
| 484 | |
| 485 | http.Error(w, "unauthorized", http.StatusUnauthorized) |
| 486 | } |
| 487 | |
| 488 | func (s *Server) sessionLogout(w http.ResponseWriter, r *http.Request) { |
| 489 | if cookie, err := r.Cookie(sessionCookieName); err == nil { |
nothing calls this directly
no test coverage detected