MCPcopy Index your code
hub / github.com/ZenNotes/zennotes / sessionLogin

Method sessionLogin

apps/server/internal/httpserver/security.go:454–486  ·  view source on GitHub ↗
(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

452}
453
454func (s *Server) sessionLogin(w http.ResponseWriter, r *http.Request) {
455 cfg := s.currentConfig()
456 if !s.loginLimiter.allow(s.clientAddressKey(r)) {
457 http.Error(w, "too many login attempts", http.StatusTooManyRequests)
458 return
459 }
460
461 if strings.TrimSpace(cfg.AuthToken) == "" {
462 writeJSON(w, http.StatusOK, sessionStatusPayload(true, cfg))
463 return
464 }
465
466 var req struct {
467 Token string `json:"token"`
468 }
469 if err := readJSON(r, &req); err != nil {
470 http.Error(w, err.Error(), http.StatusBadRequest)
471 return
472 }
473 if subtleCompare(strings.TrimSpace(req.Token), strings.TrimSpace(cfg.AuthToken)) {
474 s.loginLimiter.reset(s.clientAddressKey(r))
475 token, expiresAt, err := s.sessions.create()
476 if err != nil {
477 writeError(w, err)
478 return
479 }
480 http.SetCookie(w, s.sessionCookie(r, token, expiresAt))
481 writeJSON(w, http.StatusOK, sessionStatusPayload(true, cfg))
482 return
483 }
484
485 http.Error(w, "unauthorized", http.StatusUnauthorized)
486}
487
488func (s *Server) sessionLogout(w http.ResponseWriter, r *http.Request) {
489 if cookie, err := r.Cookie(sessionCookieName); err == nil {

Callers

nothing calls this directly

Calls 12

currentConfigMethod · 0.95
clientAddressKeyMethod · 0.95
sessionCookieMethod · 0.95
writeJSONFunction · 0.85
sessionStatusPayloadFunction · 0.85
readJSONFunction · 0.85
subtleCompareFunction · 0.85
writeErrorFunction · 0.85
allowMethod · 0.80
ErrorMethod · 0.80
resetMethod · 0.80
createMethod · 0.80

Tested by

no test coverage detected