cv-site

txeo/cv-site

Fork 0

Commit Graph

Author	SHA1	Message	Date
juanatsap	9a848e8c53	feat: Add CMD+K command palette with ninja-keys integration Implement a command palette accessible via CMD+K/Ctrl+K using the ninja-keys web component. Features include: - New /api/cmd-k endpoint serving dynamic CV entries (experiences, projects, courses) - Language-aware responses with 1-hour cache headers - Scroll-to-section functionality for quick navigation - Enhanced keyboard shortcuts modal with CMD+K documentation - Comprehensive test coverage for API and UI interactions Also includes cleanup of deprecated debug test files and various UI polish improvements to contact form, themes, and action bar components.	2025-12-01 13:03:06 +00:00
juanatsap	58c1237326	feat: Add secure contact form with comprehensive security features - Add contact form dialog with HTMX integration (hx-post) - Implement browser-only access middleware (blocks curl/Postman/wget) - Add rate limiting (5 requests/hour per IP) for contact endpoint - Implement honeypot and timing-based bot detection - Add input validation (email format, message length 10-5000 chars) - Create contact button in desktop and mobile navigation (last position) Security features: - Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers - Honeypot field returns fake success to fool bots while logging spam - Timing validation rejects forms submitted < 2 seconds - All security events logged for monitoring Documentation: - docs/SECURITY.md - Comprehensive security documentation - docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers - docs/SECURITY-AUDIT-REPORT.md - Full security audit report - docs/CONTACT-FORM-QUICKSTART.md - Integration guide Form fields: email (required), name, company, subject, message (required)	2025-11-30 14:31:58 +00:00

Author

SHA1

Message

Date

juanatsap

9a848e8c53

feat: Add CMD+K command palette with ninja-keys integration

Implement a command palette accessible via CMD+K/Ctrl+K using the ninja-keys
web component. Features include:

- New /api/cmd-k endpoint serving dynamic CV entries (experiences, projects, courses)
- Language-aware responses with 1-hour cache headers
- Scroll-to-section functionality for quick navigation
- Enhanced keyboard shortcuts modal with CMD+K documentation
- Comprehensive test coverage for API and UI interactions

Also includes cleanup of deprecated debug test files and various UI polish
improvements to contact form, themes, and action bar components.

2025-12-01 13:03:06 +00:00

juanatsap

58c1237326

feat: Add secure contact form with comprehensive security features

- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)

Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring

Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide

Form fields: email (required), name, company, subject, message (required)

2025-11-30 14:31:58 +00:00

2 Commits