From 3b28132b56836d2f7bd3ce01430d334eb7bffa3b Mon Sep 17 00:00:00 2001
From: xengineering <me@xengineering.eu>
Date: Sun, 24 May 2026 14:12:03 +0200
Subject: Add POST /api/registration

This URL sets a random 32 octet token as cookie `token` in Base64
encoding.

The SHA256 hash of the binary token is written as response also in
Base64 encoding.
---
 handlers.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'handlers.go')

diff --git a/handlers.go b/handlers.go
index 141230d..f23171f 100644
--- a/handlers.go
+++ b/handlers.go
@@ -13,6 +13,7 @@ var frontendEmbed embed.FS
 
 func init() {
 	router.HandleFunc("/api/version", version)
+	router.HandleFunc("/api/registration", registration).Methods("POST")
 
 	// frontend must come last to make sure /api takes precedence
 	frontend, err := fs.Sub(frontendEmbed, "build/frontend/public")
@@ -25,3 +26,23 @@ func init() {
 func version(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, versionTxt)
 }
+
+func registration(w http.ResponseWriter, r *http.Request) {
+	token, err := NewToken()
+	if err != nil {
+		http.Error(w, "Failed to generate token.", http.StatusInternalServerError)
+		return
+	}
+
+	cookie := http.Cookie{
+		Name: "token",
+		Value: token.Private(),
+		HttpOnly: true,
+		Secure: true,
+		SameSite: http.SameSiteStrictMode,
+	}
+
+	http.SetCookie(w, &cookie)
+
+	fmt.Fprintf(w, "%s\n", token.Public())
+}
-- 
cgit v1.3