Return correct HTTP status code on failed login attempts instead of 200

[pano9000]

Description

As described here: #5650

BTW: since my last update Trilium Notes doesn't send any error codes like (401|403|404|429|500) back on failed login attempt anymore. So there is no use case for fail2ban at caddy point anymore.

Logs looks like:

178.13.xxx.xxx - - [12/Apr/2025:06:14:28 +0000] "GET / HTTP/2.0" 302 34
178.13.xxx.xxx - - [12/Apr/2025:06:14:28 +0000] "GET /login HTTP/2.0" 200 819
178.13.xxx.xxx - - [12/Apr/2025:06:19:41 +0000] "GET /login HTTP/2.0" 304 0
178.13.xxx.xxx - - [12/Apr/2025:06:19:56 +0000] "POST /login HTTP/2.0" 200 858

0.92.4 provides 401 on failed login attempt:

178.13.xxx.xxx - - [12/Apr/2025:06:58:32 +0000] "POST /login HTTP/2.0" 401 783

TriliumNext Version

0.92.7

What operating system are you using?

Other Linux

What is your setup?

Local (no sync)

Operating System Version

linux

Error logs

No response

[pano9000]

isssue is that on failed login, the sendLoginError function just sends back the login page via

    res.render('login', {
        wrongPassword: errorType === 'password',
        wrongTotp: errorType === 'totp',
        totpEnabled: totp.isTotpEnabled(),
        ssoEnabled: openID.isOpenIDEnabled(),
        assetPath: assetPath,
        appPath: appPath,
    });

this will by default return a 200 status code.

will provide a fix for this (and the missing HTTP Logging) until this evening