Use Seession cookie for resistent login

main.go

@@ -51,7 +51,11 @@ func main() {
 		log.Fatal(err)
 	}
 
-	h := &handler{root: root, user: *user, pass: *pass}
+	authKey, err := loadOrCreateAuthKey(root)
+	if err != nil {
+		log.Fatal(err)
+	}
+	h := &handler{root: root, user: *user, pass: *pass, authKey: authKey}
 
 	staticFS, _ := fs.Sub(assets, "assets")
 	static := http.StripPrefix("/_/", http.FileServer(http.FS(staticFS)))
@@ -61,6 +65,7 @@ func main() {
 		}
 		static.ServeHTTP(w, r)
 	}))
+	http.HandleFunc("/_logout", h.handleLogout)
 	http.Handle("/", h)
 
 	log.Printf("datascape listening on %s, wiki at %s", *addr, root)
@@ -69,16 +74,12 @@ func main() {
 
 type handler struct {
 	root, user, pass string
+	authKey          []byte
 }
 
 func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if h.user != "" {
-		u, p, ok := r.BasicAuth()
-		if !ok || u != h.user || p != h.pass {
-			w.Header().Set("WWW-Authenticate", `Basic realm="datascape"`)
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
-			return
-		}
+	if !h.checkAuth(w, r) {
+		return
 	}
 
 	urlPath := path.Clean("/" + r.URL.Path)