nomi-nonsz/nonszy-space
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

not ready for html message

Browse Source
This commit is contained in:
Nomi Nonsense (Nonszy) 2026-01-01 16:31:00 +07:00
parent 7cd5113ef0
commit 50461f1644
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/app/api/contact/route.ts
View File

@ -1,6 +1,6 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { rateLimited, sanitize, sendEmail } from "@/lib/server-utils"; import { rateLimited, sendEmail } from "@/lib/server-utils";
import { trimTooLong } from "@/lib/strings"; import { trimTooLong } from "@/lib/strings";
import validator from "validator"; import validator from "validator";
@ -20,7 +20,8 @@ const validateInput = (data: any) => {
( (
!data.name.trim() || !data.name.trim() ||
!data.email.trim() || !data.email.trim() ||
!validator.isEmail(data.email) !validator.isEmail(data.email) ||
data.email.length > 30
) || ) ||
!data.message.trim() !data.message.trim()
) )
@ -56,11 +57,10 @@ export async function POST(req: NextRequest) {
} }
try { try {
const name = trimTooLong(data.name as string, 20); const email = data.anon || !data.email ? process.env.SMTP_USER : data.email;
const rawMessage = trimTooLong(data.message, 5000); const name = trimTooLong(data.anon || !data.name ? 'Anonymous' : data.name, 20);
const message = sanitize(validator.escape(rawMessage));
await sendEmail(name, data.email, message); await sendEmail(name, email, data.message);
return NextResponse.json({ status: "ok" }); return NextResponse.json({ status: "ok" });
} }

10
src/lib/server-utils.ts
View File

@ -4,6 +4,8 @@ import DOMPurify from "dompurify";
import { redis } from "./redis"; import { redis } from "./redis";
import { transporter } from "./mailer"; import { transporter } from "./mailer";
import { trimTooLong } from "./strings";
import { escape } from "validator";
export async function rateLimited(clientId: string) { export async function rateLimited(clientId: string) {
const key = `contact:${clientId}`; const key = `contact:${clientId}`;
@ -37,12 +39,16 @@ export async function validateTurnstile(token: string, remoteip: string) {
} }
export async function sendEmail(name: string, email: string, message: string) { export async function sendEmail(name: string, email: string, message: string) {
const rawMessage = trimTooLong(message, 5000);
const messageHTML = sanitize(escape(rawMessage));
await transporter.sendMail({ await transporter.sendMail({
from: `Nonszy Contact Form <${process.env.SMTP_USER}>`, from: `Nonszy Contact Form <${process.env.SMTP_USER}>`,
replyTo: email, replyTo: email,
to: process.env.SMTP_REPLY, to: process.env.SMTP_REPLY,
subject: `Message from ${name}`, subject: `[CONTACT_FORM] from ${name}`,
text: message text: rawMessage,
// html: messageHTML
}) })
} }