feat: add support for redirecting admins to custom dashboards view

Hi there! This pull request adds an `onLoginSuccessHook` middleware function to the web app to support a feature in which users can be redirected to their custom dashboard views in the app (or other pages such as account / settings / etc). I also added a `console.log()` to audit logged-in state for tampering threat model.
snyk-labs · Jun 17, 2024 · 9100e60 · 9100e60
1 parent d240896
commit 9100e60
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/routes/index.js b/routes/index.js
@@ -19,6 +19,19 @@ var fs = require('fs');
 // prototype-pollution
 var _ = require('lodash');
 
+function onLoginSuccessHook(redirectPage, session, username, res) {
+  session.loggedIn = 1
+
+  // Log the login action for audit
+  console.log(`User logged in: ${username}`)
+
+  if (redirectPage) {
+      return res.redirect(redirectPage)
+  } else {
+      return res.redirect('/admin')
+  }
+}
+
 exports.index = function (req, res, next) {
   Todo.
     find({}).