From 9100e609d6dc60f5e0c01ac259bef4f67e9f5e5e Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Mon, 17 Jun 2024 20:39:56 +0300
Subject: [PATCH] feat: add support for redirecting admins to custom dashboards
 view

Hi there!

This pull request adds an `onLoginSuccessHook` middleware function to the web app to support a feature in which users can be redirected to their custom dashboard views in the app (or other pages such as account / settings / etc).

I also added a `console.log()` to audit logged-in state for tampering threat model.
---
 routes/index.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/routes/index.js b/routes/index.js
index 6b5455f03e..edbec84320 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -19,6 +19,19 @@ var fs = require('fs');
 // prototype-pollution
 var _ = require('lodash');
 
+function onLoginSuccessHook(redirectPage, session, username, res) {
+  session.loggedIn = 1
+
+  // Log the login action for audit
+  console.log(`User logged in: ${username}`)
+
+  if (redirectPage) {
+      return res.redirect(redirectPage)
+  } else {
+      return res.redirect('/admin')
+  }
+}
+
 exports.index = function (req, res, next) {
   Todo.
     find({}).