juanatsap
41dbd77c2f
- Add professional HTML email template matching CV aesthetic - Implement multipart emails (HTML + plain text fallback) - Configure DreamHost SMTP with SSL (port 465) - Add "light only" color scheme for Gmail iOS compatibility - Include Reply-To header for easy sender response - Add email validation and integration tests - Update .env.example with DreamHost/Gmail SMTP examples - Add .env to .gitignore to protect credentials - Document email template customization and dark mode approach
434 lines
12 KiB
Go
434 lines
12 KiB
Go
package services
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/tls"
|
|
"encoding/base64"
|
|
"fmt"
|
|
htmltemplate "html/template"
|
|
"log"
|
|
"net/smtp"
|
|
"strings"
|
|
texttemplate "text/template"
|
|
"time"
|
|
)
|
|
|
|
// EmailConfig holds SMTP configuration
|
|
type EmailConfig struct {
|
|
SMTPHost string
|
|
SMTPPort string
|
|
SMTPUser string
|
|
SMTPPassword string
|
|
FromEmail string
|
|
ToEmail string
|
|
}
|
|
|
|
// EmailService handles email sending operations
|
|
type EmailService struct {
|
|
config *EmailConfig
|
|
}
|
|
|
|
// NewEmailService creates a new email service
|
|
func NewEmailService(config *EmailConfig) *EmailService {
|
|
return &EmailService{
|
|
config: config,
|
|
}
|
|
}
|
|
|
|
// ContactFormData represents contact form submission data
|
|
type ContactFormData struct {
|
|
Email string
|
|
Name string
|
|
Company string
|
|
Subject string
|
|
Message string
|
|
IP string
|
|
Time time.Time
|
|
}
|
|
|
|
// Validate performs validation on contact form data
|
|
func (c *ContactFormData) Validate() error {
|
|
// Sanitize inputs
|
|
c.Email = strings.TrimSpace(c.Email)
|
|
c.Name = strings.TrimSpace(c.Name)
|
|
c.Company = strings.TrimSpace(c.Company)
|
|
c.Subject = strings.TrimSpace(c.Subject)
|
|
c.Message = strings.TrimSpace(c.Message)
|
|
|
|
// Required fields
|
|
if c.Email == "" {
|
|
return fmt.Errorf("email is required")
|
|
}
|
|
if c.Message == "" {
|
|
return fmt.Errorf("message is required")
|
|
}
|
|
|
|
// Email format validation (basic)
|
|
if !strings.Contains(c.Email, "@") || !strings.Contains(c.Email, ".") {
|
|
return fmt.Errorf("invalid email format")
|
|
}
|
|
|
|
// Prevent email header injection
|
|
if containsNewlines(c.Email) {
|
|
return fmt.Errorf("invalid email: contains prohibited characters")
|
|
}
|
|
if containsNewlines(c.Subject) {
|
|
return fmt.Errorf("invalid subject: contains prohibited characters")
|
|
}
|
|
|
|
// Length validation
|
|
if len(c.Email) > 254 {
|
|
return fmt.Errorf("email too long (max 254 characters)")
|
|
}
|
|
if len(c.Name) > 100 {
|
|
return fmt.Errorf("name too long (max 100 characters)")
|
|
}
|
|
if len(c.Company) > 100 {
|
|
return fmt.Errorf("company too long (max 100 characters)")
|
|
}
|
|
if len(c.Subject) > 200 {
|
|
return fmt.Errorf("subject too long (max 200 characters)")
|
|
}
|
|
if len(c.Message) > 5000 {
|
|
return fmt.Errorf("message too long (max 5000 characters)")
|
|
}
|
|
if len(c.Message) < 10 {
|
|
return fmt.Errorf("message too short (min 10 characters)")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// containsNewlines checks for newline characters that could enable header injection
|
|
func containsNewlines(s string) bool {
|
|
return strings.ContainsAny(s, "\r\n")
|
|
}
|
|
|
|
// SendContactForm sends a contact form email with HTML and plain text versions
|
|
func (e *EmailService) SendContactForm(data *ContactFormData) error {
|
|
// Validate data
|
|
if err := data.Validate(); err != nil {
|
|
return fmt.Errorf("validation failed: %w", err)
|
|
}
|
|
|
|
// Prepare email content
|
|
subject := "[CV Contact] "
|
|
if data.Subject != "" {
|
|
subject += data.Subject
|
|
} else {
|
|
subject += "New Message from " + data.Name
|
|
}
|
|
|
|
// Build email bodies (HTML and plain text)
|
|
htmlBody, textBody, err := e.buildEmailBody(data)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to build email body: %w", err)
|
|
}
|
|
|
|
// Send multipart email
|
|
if err := e.sendMultipartEmail(subject, htmlBody, textBody, data.Email); err != nil {
|
|
return fmt.Errorf("failed to send email: %w", err)
|
|
}
|
|
|
|
// Log successful send (without sensitive data)
|
|
log.Printf("Contact form email sent successfully to %s from %s", e.config.ToEmail, data.Email)
|
|
|
|
return nil
|
|
}
|
|
|
|
// emailTemplateData wraps ContactFormData with display-safe fields
|
|
type emailTemplateData struct {
|
|
Name string
|
|
Email string
|
|
Company string
|
|
Subject string
|
|
Message string
|
|
IP string
|
|
Time time.Time
|
|
}
|
|
|
|
// buildEmailBody creates both HTML and plain text email bodies
|
|
func (e *EmailService) buildEmailBody(data *ContactFormData) (htmlBody, textBody string, err error) {
|
|
// Prepare template data with safe defaults
|
|
tmplData := emailTemplateData{
|
|
Name: data.Name,
|
|
Email: data.Email,
|
|
Company: data.Company,
|
|
Subject: data.Subject,
|
|
Message: data.Message,
|
|
IP: data.IP,
|
|
Time: data.Time,
|
|
}
|
|
|
|
// Set defaults for empty fields
|
|
if tmplData.Name == "" {
|
|
tmplData.Name = "Not provided"
|
|
}
|
|
|
|
// Build HTML body
|
|
htmlTmpl, err := htmltemplate.New("contact-html").Parse(ContactEmailHTMLTemplate())
|
|
if err != nil {
|
|
return "", "", fmt.Errorf("failed to parse HTML template: %w", err)
|
|
}
|
|
|
|
var htmlBuf bytes.Buffer
|
|
if err := htmlTmpl.Execute(&htmlBuf, tmplData); err != nil {
|
|
return "", "", fmt.Errorf("failed to execute HTML template: %w", err)
|
|
}
|
|
|
|
// Build plain text body
|
|
textTmpl, err := texttemplate.New("contact-text").Parse(ContactEmailPlainTemplate())
|
|
if err != nil {
|
|
return "", "", fmt.Errorf("failed to parse text template: %w", err)
|
|
}
|
|
|
|
var textBuf bytes.Buffer
|
|
if err := textTmpl.Execute(&textBuf, tmplData); err != nil {
|
|
return "", "", fmt.Errorf("failed to execute text template: %w", err)
|
|
}
|
|
|
|
return htmlBuf.String(), textBuf.String(), nil
|
|
}
|
|
|
|
|
|
// sendMultipartEmail sends an email with both HTML and plain text parts
|
|
func (e *EmailService) sendMultipartEmail(subject, htmlBody, textBody, replyTo string) error {
|
|
// Validate config
|
|
if e.config.SMTPHost == "" || e.config.SMTPPort == "" {
|
|
return fmt.Errorf("SMTP configuration incomplete")
|
|
}
|
|
if e.config.SMTPUser == "" || e.config.SMTPPassword == "" {
|
|
return fmt.Errorf("SMTP credentials missing")
|
|
}
|
|
if e.config.ToEmail == "" {
|
|
return fmt.Errorf("recipient email not configured")
|
|
}
|
|
|
|
from := e.config.FromEmail
|
|
if from == "" {
|
|
from = e.config.SMTPUser
|
|
}
|
|
to := e.config.ToEmail
|
|
|
|
// Build multipart message
|
|
message := e.formatMultipartMessage(from, to, replyTo, subject, htmlBody, textBody)
|
|
|
|
// SMTP server address
|
|
addr := fmt.Sprintf("%s:%s", e.config.SMTPHost, e.config.SMTPPort)
|
|
|
|
// Setup authentication
|
|
auth := smtp.PlainAuth("", e.config.SMTPUser, e.config.SMTPPassword, e.config.SMTPHost)
|
|
|
|
// Connect to SMTP server with TLS
|
|
client, err := e.connectSMTP(addr)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to connect to SMTP server: %w", err)
|
|
}
|
|
defer client.Close()
|
|
|
|
// Authenticate
|
|
if err = client.Auth(auth); err != nil {
|
|
return fmt.Errorf("SMTP authentication failed: %w", err)
|
|
}
|
|
|
|
// Set sender and recipient
|
|
if err = client.Mail(from); err != nil {
|
|
return fmt.Errorf("failed to set sender: %w", err)
|
|
}
|
|
if err = client.Rcpt(to); err != nil {
|
|
return fmt.Errorf("failed to set recipient: %w", err)
|
|
}
|
|
|
|
// Send message
|
|
w, err := client.Data()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to get data writer: %w", err)
|
|
}
|
|
|
|
_, err = w.Write([]byte(message))
|
|
if err != nil {
|
|
return fmt.Errorf("failed to write message: %w", err)
|
|
}
|
|
|
|
err = w.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to close writer: %w", err)
|
|
}
|
|
|
|
return client.Quit()
|
|
}
|
|
|
|
// sendEmail sends an email using SMTP (plain text only - legacy)
|
|
func (e *EmailService) sendEmail(subject, body string) error {
|
|
// Validate config
|
|
if e.config.SMTPHost == "" || e.config.SMTPPort == "" {
|
|
return fmt.Errorf("SMTP configuration incomplete")
|
|
}
|
|
if e.config.SMTPUser == "" || e.config.SMTPPassword == "" {
|
|
return fmt.Errorf("SMTP credentials missing")
|
|
}
|
|
if e.config.ToEmail == "" {
|
|
return fmt.Errorf("recipient email not configured")
|
|
}
|
|
|
|
// Build email message
|
|
from := e.config.FromEmail
|
|
if from == "" {
|
|
from = e.config.SMTPUser
|
|
}
|
|
|
|
to := e.config.ToEmail
|
|
message := e.formatMessage(from, to, subject, body)
|
|
|
|
// SMTP server address
|
|
addr := fmt.Sprintf("%s:%s", e.config.SMTPHost, e.config.SMTPPort)
|
|
|
|
// Setup authentication
|
|
auth := smtp.PlainAuth("", e.config.SMTPUser, e.config.SMTPPassword, e.config.SMTPHost)
|
|
|
|
// Connect to SMTP server with TLS
|
|
client, err := e.connectSMTP(addr)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to connect to SMTP server: %w", err)
|
|
}
|
|
defer client.Close()
|
|
|
|
// Authenticate
|
|
if err = client.Auth(auth); err != nil {
|
|
return fmt.Errorf("SMTP authentication failed: %w", err)
|
|
}
|
|
|
|
// Set sender and recipient
|
|
if err = client.Mail(from); err != nil {
|
|
return fmt.Errorf("failed to set sender: %w", err)
|
|
}
|
|
if err = client.Rcpt(to); err != nil {
|
|
return fmt.Errorf("failed to set recipient: %w", err)
|
|
}
|
|
|
|
// Send message
|
|
w, err := client.Data()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to get data writer: %w", err)
|
|
}
|
|
|
|
_, err = w.Write([]byte(message))
|
|
if err != nil {
|
|
return fmt.Errorf("failed to write message: %w", err)
|
|
}
|
|
|
|
err = w.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to close writer: %w", err)
|
|
}
|
|
|
|
return client.Quit()
|
|
}
|
|
|
|
// connectSMTP establishes an SMTP connection with TLS
|
|
func (e *EmailService) connectSMTP(addr string) (*smtp.Client, error) {
|
|
tlsConfig := &tls.Config{
|
|
ServerName: e.config.SMTPHost,
|
|
MinVersion: tls.VersionTLS12,
|
|
}
|
|
|
|
// Port 465 uses implicit SSL (direct TLS connection)
|
|
// Port 587 uses STARTTLS (plain connection upgraded to TLS)
|
|
if e.config.SMTPPort == "465" {
|
|
// Implicit SSL: Connect with TLS from the start
|
|
conn, err := tls.Dial("tcp", addr, tlsConfig)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("TLS dial failed: %w", err)
|
|
}
|
|
client, err := smtp.NewClient(conn, e.config.SMTPHost)
|
|
if err != nil {
|
|
conn.Close()
|
|
return nil, fmt.Errorf("SMTP client creation failed: %w", err)
|
|
}
|
|
return client, nil
|
|
}
|
|
|
|
// STARTTLS: Connect plain, then upgrade to TLS
|
|
client, err := smtp.Dial(addr)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err = client.StartTLS(tlsConfig); err != nil {
|
|
client.Close()
|
|
return nil, err
|
|
}
|
|
|
|
return client, nil
|
|
}
|
|
|
|
// formatMultipartMessage formats a multipart email with HTML and plain text
|
|
func (e *EmailService) formatMultipartMessage(from, to, replyTo, subject, htmlBody, textBody string) string {
|
|
// Generate boundary for multipart
|
|
boundary := fmt.Sprintf("----=_Part_%d", time.Now().UnixNano())
|
|
|
|
var message strings.Builder
|
|
|
|
// Headers
|
|
message.WriteString(fmt.Sprintf("From: %s\r\n", from))
|
|
message.WriteString(fmt.Sprintf("To: %s\r\n", to))
|
|
if replyTo != "" {
|
|
message.WriteString(fmt.Sprintf("Reply-To: %s\r\n", replyTo))
|
|
}
|
|
message.WriteString(fmt.Sprintf("Subject: %s\r\n", subject))
|
|
message.WriteString("MIME-Version: 1.0\r\n")
|
|
message.WriteString(fmt.Sprintf("Content-Type: multipart/alternative; boundary=\"%s\"\r\n", boundary))
|
|
message.WriteString(fmt.Sprintf("Date: %s\r\n", time.Now().Format(time.RFC1123Z)))
|
|
message.WriteString("\r\n")
|
|
|
|
// Plain text part
|
|
message.WriteString(fmt.Sprintf("--%s\r\n", boundary))
|
|
message.WriteString("Content-Type: text/plain; charset=\"utf-8\"\r\n")
|
|
message.WriteString("Content-Transfer-Encoding: quoted-printable\r\n")
|
|
message.WriteString("\r\n")
|
|
message.WriteString(textBody)
|
|
message.WriteString("\r\n")
|
|
|
|
// HTML part
|
|
message.WriteString(fmt.Sprintf("--%s\r\n", boundary))
|
|
message.WriteString("Content-Type: text/html; charset=\"utf-8\"\r\n")
|
|
message.WriteString("Content-Transfer-Encoding: base64\r\n")
|
|
message.WriteString("\r\n")
|
|
// Encode HTML as base64 for safe transmission
|
|
encoded := base64.StdEncoding.EncodeToString([]byte(htmlBody))
|
|
// Split into 76-character lines per RFC 2045
|
|
for i := 0; i < len(encoded); i += 76 {
|
|
end := i + 76
|
|
if end > len(encoded) {
|
|
end = len(encoded)
|
|
}
|
|
message.WriteString(encoded[i:end])
|
|
message.WriteString("\r\n")
|
|
}
|
|
|
|
// End boundary
|
|
message.WriteString(fmt.Sprintf("--%s--\r\n", boundary))
|
|
|
|
return message.String()
|
|
}
|
|
|
|
// formatMessage formats an email message with proper headers (plain text only)
|
|
func (e *EmailService) formatMessage(from, to, subject, body string) string {
|
|
headers := make(map[string]string)
|
|
headers["From"] = from
|
|
headers["To"] = to
|
|
headers["Subject"] = subject
|
|
headers["MIME-Version"] = "1.0"
|
|
headers["Content-Type"] = "text/plain; charset=\"utf-8\""
|
|
headers["Date"] = time.Now().Format(time.RFC1123Z)
|
|
|
|
var message strings.Builder
|
|
for k, v := range headers {
|
|
message.WriteString(fmt.Sprintf("%s: %s\r\n", k, v))
|
|
}
|
|
message.WriteString("\r\n")
|
|
message.WriteString(body)
|
|
|
|
return message.String()
|
|
}
|