From 3da40a1bf9c173579a63e3cac517eca6c6dfef4c Mon Sep 17 00:00:00 2001
From: multipleof4 <planetrenox@protonmail.com>
Date: Mon, 16 Mar 2026 11:31:02 -0700
Subject: [PATCH] Feat: Redirect to /dash after login

---
 app/api/login/route.js | 78 +++++++++++++++++++-----------------------
 1 file changed, 35 insertions(+), 43 deletions(-)

diff --git a/app/api/login/route.js b/app/api/login/route.js
index c75eecf..22fef58 100644
--- a/app/api/login/route.js
+++ b/app/api/login/route.js
@@ -3,50 +3,42 @@ import crypto from 'crypto';
 import { signSession } from '../../../lib/auth';
 
 export async function POST(req) {
-    try {
-        const body = await req.json();
-        const { email, password, captcha } = body;
-        
-        const cookieHash = req.cookies.get('captcha_hash')?.value;
-        const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
-        const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');
+  try {
+    const body = await req.json();
+    const { email, password, captcha } = body;
 
-        if (!cookieHash || cookieHash !== expectedHash) {
-            return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
-        }
+    const cookieHash = req.cookies.get('captcha_hash')?.value;
+    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
+    const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');
 
-        if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
-            // Generate our secure edge-compatible token
-            const token = await signSession();
-            
-            const response = NextResponse.json({ success: true, message: 'Welcome back, Master!' });
-            
-            // Set it as an HttpOnly cookie so JavaScript can't touch it
-            response.cookies.set('kalbot_session', token, {
-                httpOnly: true,
-                secure: process.env.NODE_ENV === 'production',
-                sameSite: 'strict',
-                path: '/',
-                maxAge: 60 * 60 * 24 // 1 day in seconds
-            });
-
-            return response;
-        } else {
-            // Trigger NTFY alert for failed login
-            if (process.env.NTFY_URL) {
-                await fetch(process.env.NTFY_URL, {
-                    method: 'POST',
-                    body: `Failed login attempt for email: ${email}`,
-                    headers: {
-                        'Title': 'Kalbot Login Alert',
-                        'Priority': 'urgent',
-                        'Tags': 'warning,skull'
-                    }
-                }).catch(e => console.error("Ntfy error:", e));
-            }
-            return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
-        }
-    } catch (err) {
-        return NextResponse.json({ error: 'Server error' }, { status: 500 });
+    if (!cookieHash || cookieHash !== expectedHash) {
+      return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
     }
+
+    if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
+      const token = await signSession();
+      const response = NextResponse.json({ success: true, message: 'Welcome back, Master!', redirect: '/dash' });
+
+      response.cookies.set('kalbot_session', token, {
+        httpOnly: true,
+        secure: process.env.NODE_ENV === 'production',
+        sameSite: 'strict',
+        path: '/',
+        maxAge: 60 * 60 * 24
+      });
+
+      return response;
+    } else {
+      if (process.env.NTFY_URL) {
+        await fetch(process.env.NTFY_URL, {
+          method: 'POST',
+          body: `Failed login attempt for email: ${email}`,
+          headers: { 'Title': 'Kalbot Login Alert', 'Priority': 'urgent', 'Tags': 'warning,skull' }
+        }).catch(e => console.error("Ntfy error:", e));
+      }
+      return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
+    }
+  } catch (err) {
+    return NextResponse.json({ error: 'Server error' }, { status: 500 });
+  }
 }