Code Room
Code reviewMedium
Question
Review this post-login redirect handler.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
app.post('/login', async (req, res) => { const ok = await authenticate(req.body.user, req.body.pass); if (!ok) return res.status(401).send('bad creds'); const next = req.query.next || '/'; // Only allow redirects that start with a slash, to stay on our site if (next.startsWith('/')) { return res.redirect(next); } return res.redirect('/');});Run or narrate your approach, then ask the coach.