From 50461f164490b7bd98c7fe19ec32ea5ab084ad84 Mon Sep 17 00:00:00 2001
From: nomi-nonsz <me@nonszy.space>
Date: Thu, 1 Jan 2026 16:31:00 +0700
Subject: [PATCH] not ready for html message

---
 src/app/api/contact/route.ts | 12 ++++++------
 src/lib/server-utils.ts      | 10 ++++++++--
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/src/app/api/contact/route.ts b/src/app/api/contact/route.ts
index d51a086..7c4f101 100644
--- a/src/app/api/contact/route.ts
+++ b/src/app/api/contact/route.ts
@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 
-import { rateLimited, sanitize, sendEmail } from "@/lib/server-utils";
+import { rateLimited, sendEmail } from "@/lib/server-utils";
 import { trimTooLong } from "@/lib/strings";
 
 import validator from "validator";
@@ -20,7 +20,8 @@ const validateInput = (data: any) => {
     (
       !data.name.trim() ||
       !data.email.trim() ||
-      !validator.isEmail(data.email)
+      !validator.isEmail(data.email) ||
+      data.email.length > 30
     ) ||
     !data.message.trim()
   )
@@ -56,11 +57,10 @@ export async function POST(req: NextRequest) {
   }
 
   try {
-    const name = trimTooLong(data.name as string, 20);
-    const rawMessage = trimTooLong(data.message, 5000);
-    const message = sanitize(validator.escape(rawMessage));
+    const email = data.anon || !data.email ? process.env.SMTP_USER : data.email;
+    const name = trimTooLong(data.anon || !data.name ? 'Anonymous' : data.name, 20);
 
-    await sendEmail(name, data.email, message);
+    await sendEmail(name, email, data.message);
 
     return NextResponse.json({ status: "ok" });
   }
diff --git a/src/lib/server-utils.ts b/src/lib/server-utils.ts
index 97fcbe4..b1d895a 100644
--- a/src/lib/server-utils.ts
+++ b/src/lib/server-utils.ts
@@ -4,6 +4,8 @@ import DOMPurify from "dompurify";
 
 import { redis } from "./redis";
 import { transporter } from "./mailer";
+import { trimTooLong } from "./strings";
+import { escape } from "validator";
 
 export async function rateLimited(clientId: string) {
   const key = `contact:${clientId}`;
@@ -37,12 +39,16 @@ export async function validateTurnstile(token: string, remoteip: string) {
 }
 
 export async function sendEmail(name: string, email: string, message: string) {
+  const rawMessage = trimTooLong(message, 5000);
+  const messageHTML = sanitize(escape(rawMessage));
+
   await transporter.sendMail({
     from: `Nonszy Contact Form <${process.env.SMTP_USER}>`,
     replyTo: email,
     to: process.env.SMTP_REPLY,
-    subject: `Message from ${name}`,
-    text: message
+    subject: `[CONTACT_FORM] from ${name}`,
+    text: rawMessage,
+    // html: messageHTML
   })
 }