diff --git a/server/src/handler/cameo.go b/server/src/handler/cameo.go
new file mode 100644
index 0000000..8026ac4
--- /dev/null
+++ b/server/src/handler/cameo.go
@@ -0,0 +1,41 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+
+	"sirlab.de/go/knowyt/user"
+)
+
+func (authMux *AuthMux) Cameo(usr *user.User, w http.ResponseWriter, r *http.Request) {
+	if usr.IsAdmin() {
+		cookie := authMux.createCookie()
+		cookie.Name = cookie.Name + "-cameo"
+		usrCameo, err := authMux.checkCode(r)
+		if err != nil {
+			http.SetCookie(w, cookie)
+			authMux.accessDenied(w, r)
+			return
+		}
+
+		cookie.Value = usrCameo.GetId()
+		cookie.MaxAge = 0
+		http.SetCookie(w, cookie)
+		w.Header().Add("Content-Type", "text/plain")
+		fmt.Fprintf(w, "ok")
+		return
+	}
+
+	// non-admin: remove cameo cookie
+	usrCameo := usr.GetCameo()
+	if usrCameo != nil && usrCameo.IsAdmin() {
+		cookie := authMux.createCookie()
+		cookie.Name = cookie.Name + "-cameo"
+		http.SetCookie(w, cookie)
+		w.Header().Add("Content-Type", "text/plain")
+		fmt.Fprintf(w, "ok")
+		return
+	}
+
+	authMux.accessDenied(w, r)
+}
diff --git a/server/src/handler/login.go b/server/src/handler/login.go
index 39e409e..1979e2c 100644
--- a/server/src/handler/login.go
+++ b/server/src/handler/login.go
@@ -69,36 +69,3 @@ func (authMux *AuthMux) checkCode(r *http.Request) (*user.User, error) {
 
 	return usr, nil
 }
-
-func (authMux *AuthMux) Cameo(usr *user.User, w http.ResponseWriter, r *http.Request) {
-	if usr.IsAdmin() {
-		cookie := authMux.createCookie()
-		cookie.Name = cookie.Name + "-cameo"
-		usrCameo, err := authMux.checkCode(r)
-		if err != nil {
-			http.SetCookie(w, cookie)
-			authMux.accessDenied(w, r)
-			return
-		}
-
-		cookie.Value = usrCameo.GetId()
-		cookie.MaxAge = 0
-		http.SetCookie(w, cookie)
-		w.Header().Add("Content-Type", "text/plain")
-		fmt.Fprintf(w, "ok")
-		return
-	}
-
-	// non-admin: remove cameo cookie
-	usrCameo := usr.GetCameo()
-	if usrCameo != nil && usrCameo.IsAdmin() {
-		cookie := authMux.createCookie()
-		cookie.Name = cookie.Name + "-cameo"
-		http.SetCookie(w, cookie)
-		w.Header().Add("Content-Type", "text/plain")
-		fmt.Fprintf(w, "ok")
-		return
-	}
-
-	authMux.accessDenied(w, r)
-}