feat: Add secure contact form with comprehensive security features
- Add contact form dialog with HTMX integration (hx-post) - Implement browser-only access middleware (blocks curl/Postman/wget) - Add rate limiting (5 requests/hour per IP) for contact endpoint - Implement honeypot and timing-based bot detection - Add input validation (email format, message length 10-5000 chars) - Create contact button in desktop and mobile navigation (last position) Security features: - Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers - Honeypot field returns fake success to fool bots while logging spam - Timing validation rejects forms submitted < 2 seconds - All security events logged for monitoring Documentation: - docs/SECURITY.md - Comprehensive security documentation - docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers - docs/SECURITY-AUDIT-REPORT.md - Full security audit report - docs/CONTACT-FORM-QUICKSTART.md - Integration guide Form fields: email (required), name, company, subject, message (required)
This commit is contained in:
juanatsap
@@ -11,6 +11,7 @@ type Config struct {
|
||||
Server ServerConfig
|
||||
Template TemplateConfig
|
||||
Data DataConfig
|
||||
Email EmailConfig
|
||||
}
|
||||
|
||||
// ServerConfig contains server-specific settings
|
||||
@@ -33,6 +34,16 @@ type DataConfig struct {
|
||||
Dir string
|
||||
}
|
||||
|
||||
// EmailConfig contains email/SMTP settings
|
||||
type EmailConfig struct {
|
||||
SMTPHost string
|
||||
SMTPPort string
|
||||
SMTPUser string
|
||||
SMTPPassword string
|
||||
FromEmail string
|
||||
ContactEmail string
|
||||
}
|
||||
|
||||
// Load creates a new Config with values from environment or defaults
|
||||
func Load() *Config {
|
||||
return &Config{
|
||||
@@ -50,6 +61,14 @@ func Load() *Config {
|
||||
Data: DataConfig{
|
||||
Dir: getEnv("DATA_DIR", "data"),
|
||||
},
|
||||
Email: EmailConfig{
|
||||
SMTPHost: getEnv("SMTP_HOST", "smtp.gmail.com"),
|
||||
SMTPPort: getEnv("SMTP_PORT", "587"),
|
||||
SMTPUser: getEnv("SMTP_USER", ""),
|
||||
SMTPPassword: getEnv("SMTP_PASSWORD", ""),
|
||||
FromEmail: getEnv("SMTP_FROM_EMAIL", ""),
|
||||
ContactEmail: getEnv("CONTACT_EMAIL", "txeo.msx@gmail.com"),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user