juanatsap
58c1237326
feat: Add secure contact form with comprehensive security features
- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)
Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring
Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide
Form fields: email (required), name, company, subject, message (required)
2025-11-30 14:31:58 +00:00
..
2025-11-20 18:05:45 +00:00
2025-11-30 09:29:35 +00:00
2025-11-30 13:47:49 +00:00
2025-11-30 13:47:49 +00:00
2025-11-30 12:38:31 +00:00
2025-11-20 17:28:23 +00:00
2025-11-20 17:56:47 +00:00
2025-11-25 06:10:26 +00:00
2025-11-30 14:28:51 +00:00
2025-11-20 17:28:23 +00:00
2025-11-30 09:29:35 +00:00
2025-11-30 14:31:58 +00:00
2025-11-20 17:01:50 +00:00
2025-11-30 09:29:35 +00:00
2025-11-12 17:53:24 +00:00
2025-11-20 14:06:01 +00:00
2025-11-30 09:29:35 +00:00