txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add secure contact form with comprehensive security features

Browse Source 
- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)

Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring

Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide

Form fields: email (required), name, company, subject, message (required)
This commit is contained in:
juanatsap
2025-11-30 14:31:58 +00:00
parent 19951b6f42
commit 58c1237326
15 changed files with 4929 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files
main.go
+1 -13
View File
@@ -14,7 +14,6 @@ import (
"github.com/juanatsap/cv-site/internal/config"
"github.com/juanatsap/cv-site/internal/handlers"
"github.com/juanatsap/cv-site/internal/routes"
"github.com/juanatsap/cv-site/internal/services"
"github.com/juanatsap/cv-site/internal/templates"
)
@@ -42,23 +41,12 @@ func main() {
log.Fatalf("❌ Failed to initialize templates: %v", err)
}
// Initialize email service
emailService := services.NewEmailService(&services.EmailConfig{
SMTPHost: cfg.Email.SMTPHost,
SMTPPort: cfg.Email.SMTPPort,
SMTPUser: cfg.Email.SMTPUser,
SMTPPassword: cfg.Email.SMTPPassword,
FromEmail: cfg.Email.FromEmail,
ToEmail: cfg.Email.ContactEmail,
})
// Initialize handlers
cvHandler := handlers.NewCVHandler(templateMgr, cfg.Address())
healthHandler := handlers.NewHealthHandler(version)
contactHandler := handlers.NewContactHandler(templateMgr, emailService)
// Setup routes and middleware
handler := routes.Setup(cvHandler, healthHandler, contactHandler)
handler := routes.Setup(cvHandler, healthHandler)
// Create server with timeouts
server := &http.Server{