Feat: Redirect to /dash after login

2026-03-17 05:51:02 +00:00 · 2026-03-16 11:31:02 -07:00
parent 7115c0ae08
commit 3da40a1bf9
1 changed files with 35 additions and 43 deletions
--- a/app/api/login/route.js
+++ b/app/api/login/route.js
@@ -3,50 +3,42 @@ import crypto from 'crypto';
 import { signSession } from '../../../lib/auth';
 export async function POST(req) {
-    try {
+  try {
-        const body = await req.json();
+    const body = await req.json();
-        const { email, password, captcha } = body;
+    const { email, password, captcha } = body;
-        const cookieHash = req.cookies.get('captcha_hash')?.value;
+    const cookieHash = req.cookies.get('captcha_hash')?.value;
-        const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
+    const secret = process.env.CAPTCHA_SECRET || 'dev_secret_meow';
-        const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');
+    const expectedHash = crypto.createHmac('sha256', secret).update((captcha || '').toLowerCase()).digest('hex');
-        if (!cookieHash || cookieHash !== expectedHash) {
+    if (!cookieHash || cookieHash !== expectedHash) {
-            return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
+      return NextResponse.json({ error: 'Invalid or expired captcha' }, { status: 400 });
        }
        if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
            // Generate our secure edge-compatible token
            const token = await signSession();
            const response = NextResponse.json({ success: true, message: 'Welcome back, Master!' });
            // Set it as an HttpOnly cookie so JavaScript can't touch it
            response.cookies.set('kalbot_session', token, {
                httpOnly: true,
                secure: process.env.NODE_ENV === 'production',
                sameSite: 'strict',
                path: '/',
                maxAge: 60 * 60 * 24 // 1 day in seconds
            });
            return response;
        } else {
            // Trigger NTFY alert for failed login
            if (process.env.NTFY_URL) {
                await fetch(process.env.NTFY_URL, {
                    method: 'POST',
                    body: `Failed login attempt for email: ${email}`,
                    headers: {
                        'Title': 'Kalbot Login Alert',
                        'Priority': 'urgent',
                        'Tags': 'warning,skull'
                    }
                }).catch(e => console.error("Ntfy error:", e));
            }
            return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
        }
    } catch (err) {
        return NextResponse.json({ error: 'Server error' }, { status: 500 });
    }
    if (email === process.env.ADMIN_EMAIL && password === process.env.ADMIN_PASS) {
      const token = await signSession();
      const response = NextResponse.json({ success: true, message: 'Welcome back, Master!', redirect: '/dash' });
      response.cookies.set('kalbot_session', token, {
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
        sameSite: 'strict',
        path: '/',
        maxAge: 60 * 60 * 24
      });
      return response;
    } else {
      if (process.env.NTFY_URL) {
        await fetch(process.env.NTFY_URL, {
          method: 'POST',
          body: `Failed login attempt for email: ${email}`,
          headers: { 'Title': 'Kalbot Login Alert', 'Priority': 'urgent', 'Tags': 'warning,skull' }
        }).catch(e => console.error("Ntfy error:", e));
      }
      return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 });
    }
  } catch (err) {
    return NextResponse.json({ error: 'Server error' }, { status: 500 });
  }
 }