txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5f85a7cc8d439ccd811b236ee75b254cd1c412c1
cv-site/main.go
T
juanatsap 58c1237326 feat: Add secure contact form with comprehensive security features 
- Add contact form dialog with HTMX integration (hx-post)
- Implement browser-only access middleware (blocks curl/Postman/wget)
- Add rate limiting (5 requests/hour per IP) for contact endpoint
- Implement honeypot and timing-based bot detection
- Add input validation (email format, message length 10-5000 chars)
- Create contact button in desktop and mobile navigation (last position)

Security features:
- Browser-only middleware validates User-Agent, Referer/Origin, HX-Request headers
- Honeypot field returns fake success to fool bots while logging spam
- Timing validation rejects forms submitted < 2 seconds
- All security events logged for monitoring

Documentation:
- docs/SECURITY.md - Comprehensive security documentation
- docs/HACK-CHALLENGE.md - "Try to Hack Me!" challenge for security researchers
- docs/SECURITY-AUDIT-REPORT.md - Full security audit report
- docs/CONTACT-FORM-QUICKSTART.md - Integration guide

Form fields: email (required), name, company, subject, message (required)
2025-11-30 14:31:58 +00:00

102 lines
2.9 KiB
Go
Raw Blame History

package main
import (
"context"
"errors"
"log"
"net/http"
"os"
"os/signal"
"syscall"
"time"
"github.com/joho/godotenv"
"github.com/juanatsap/cv-site/internal/config"
"github.com/juanatsap/cv-site/internal/handlers"
"github.com/juanatsap/cv-site/internal/routes"
"github.com/juanatsap/cv-site/internal/templates"
)
const version = "1.1.0"
func main() {
// Initialize logger
log.SetFlags(log.LstdFlags | log.Lshortfile)
log.Println("🚀 Starting CV Server v" + version)
// Load .env file (ignore error if file doesn't exist)
if err := godotenv.Load(); err != nil {
log.Println("⚠️ No .env file found, using system environment variables")
} else {
log.Println("📂 .env file loaded")
}
// Load configuration
cfg := config.Load()
log.Printf("⚙️ Configuration loaded (env: %s)", os.Getenv("GO_ENV"))
// Initialize template manager
templateMgr, err := templates.NewManager(&cfg.Template)
if err != nil {
log.Fatalf("❌ Failed to initialize templates: %v", err)
}
// Initialize handlers
cvHandler := handlers.NewCVHandler(templateMgr, cfg.Address())
healthHandler := handlers.NewHealthHandler(version)
// Setup routes and middleware
handler := routes.Setup(cvHandler, healthHandler)
// Create server with timeouts
server := &http.Server{
Addr: ":" + cfg.Server.Port,
Handler: handler,
ReadTimeout: time.Duration(cfg.Server.ReadTimeout) * time.Second,
WriteTimeout: time.Duration(cfg.Server.WriteTimeout) * time.Second,
IdleTimeout: 120 * time.Second,
}
// Start server in goroutine
serverErrors := make(chan error, 1)
go func() {
log.Printf("🌐 Server listening on http://%s:%s", cfg.Server.Host, cfg.Server.Port)
log.Printf("🇬🇧 English: http://%s:%s/?lang=en", cfg.Server.Host, cfg.Server.Port)
log.Printf("🇪🇸 Spanish: http://%s:%s/?lang=es", cfg.Server.Host, cfg.Server.Port)
log.Printf("❤️ Health: http://%s:%s/health", cfg.Server.Host, cfg.Server.Port)
log.Println("⏹️ Press Ctrl+C to shutdown")
serverErrors <- server.ListenAndServe()
}()
// Setup graceful shutdown
shutdown := make(chan os.Signal, 1)
signal.Notify(shutdown, os.Interrupt, syscall.SIGTERM)
// Wait for shutdown signal or server error
select {
case err := <-serverErrors:
if !errors.Is(err, http.ErrServerClosed) {
log.Fatalf("❌ Server error: %v", err)
}
case sig := <-shutdown:
log.Printf("🛑 Shutdown signal received: %v", sig)
// Create shutdown context with timeout
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
// Attempt graceful shutdown of HTTP server
log.Println("🛑 Shutting down HTTP server...")
if err := server.Shutdown(ctx); err != nil {
log.Printf("⚠️ Graceful shutdown failed, forcing: %v", err)
if err := server.Close(); err != nil {
log.Fatalf("❌ Failed to close server: %v", err)
}
}
log.Println("✓ Server stopped gracefully")
}
}
Reference in New Issue View Git Blame Copy Permalink