txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
443 Commits 1 Branch 2 Tags
4febe4412c0f63e8f3f6e1cdddd9a4e841b68ebb
Commit Graph

6 Commits

Author SHA1 Message Date
juanatsap 58c1237326 feat: Add secure contact form with comprehensive security features 
- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)

Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring

Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide

Form fields: email (required), name, company, subject, message (required)
 2025-11-30 14:31:58 +00:00
juanatsap 19951b6f42 feat: Auto-detect text browsers and serve plain text CV 
- Detect curl, wget, lynx, w3m, links, elinks, browsh, carbonyl
- Check User-Agent and Accept: text/plain header
- Redirect to /text endpoint automatically
- Document in SEO guide and modern techniques
 2025-11-30 14:28:51 +00:00
juanatsap 768fd3ba72 fix: Use 80-char lines with centered section titles 2025-11-30 14:25:28 +00:00
juanatsap 170dba1a5b feat: Add 120-char line wrapping to plain text CV 2025-11-30 14:21:05 +00:00
juanatsap 64cb990860 fix: Improve plain text CV output with dedicated template 
- Replace html2text library conversion with dedicated text template
- Create clean, well-formatted cv-text.txt template
- Remove k3a/html2text dependency
- Fix lint warnings in security tests (ineffectual assignments)
- Output now shows only CV content without UI/menu elements
 2025-11-30 14:13:34 +00:00
juanatsap f91a24ea9b feat: Add plain text CV endpoint and contact form with security 
Plain text endpoint:
- Add /text route for plain text CV (for curl/AI crawlers)
- Use k3a/html2text library for HTML-to-text conversion
- Add Plain Text button to hamburger menu with UI translations

Contact form feature:
- Add ContactHandler with proper email service integration
- Add CSRF protection middleware
- Add rate limiting (5 submissions/hour per IP)
- Add honeypot and timing-based bot protection
- Add input validation with detailed error messages
- Add security logging middleware
- Add browser-only middleware for API protection

Code quality:
- Fix all golangci-lint errcheck warnings for w.Write calls
- Remove duplicate getClientIP functions
- Wire up ContactHandler in routes.Setup
 2025-11-30 13:47:49 +00:00