+ } else if (strncmp(path, "/create", 8) == 0) {
+ if (strcmp(request_method, "POST") != 0) {
+ respond_405();
+ exit(0);
+ }
+
+ const char *username = cgi_getentrystr("username");
+ const char *password = cgi_getentrystr("password");
+ if (username == NULL || username[0] == 0 ||
+ password == NULL || password[0] == 0) {
+ respond_JSON_Failure();
+ exit(0);
+ }
+
+ if (blerg_exists(username)) {
+ respond_JSON_Failure();
+ exit(0);
+ }
+
+ struct blerg *b = blerg_open(username);
+ blerg_close(b);
+ auth_set_password(username, password);
+
+ respond_JSON_Success();
+ } else if (strncmp(path, "/login", 7) == 0) {
+ if (strcmp(request_method, "POST") != 0) {
+ respond_405();
+ exit(0);
+ }
+
+ const char *username = cgi_getentrystr("username");
+ const char *password = cgi_getentrystr("password");
+ if (username == NULL || username[0] == 0 ||
+ password == NULL || password[0] == 0) {
+ respond_JSON_Failure();
+ exit(0);
+ }
+
+ if (!auth_login(username, password)) {
+ respond_JSON_Failure();
+ exit(0);
+ }
+
+ char *token = auth_get_token(username);
+ printf("Set-Cookie: auth=%s\r\n", token);
+ free(token);
+
+ respond_JSON_Success();
+ } else if (strncmp(path, "/logout", 8) == 0) {
+ if (strcmp(request_method, "POST") != 0) {
+ respond_405();
+ exit(0);
+ }
+
+ const char *username = cgi_getentrystr("username");
+ if (username == NULL || username[0] == 0) {
+ respond_JSON_Failure();
+ exit(0);
+ }
+
+
+ const char *given_token = cgi_getcookie("auth");
+ if (auth_check_token(username, given_token)) {
+ auth_logout(username);
+ respond_JSON_Success();
+ } else {
+ respond_JSON_Failure();
+ }