Gitlab-Migration/rhein-sw-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor contact API route to enhance captcha validation

Browse Source
This commit is contained in:
Thatsaphorn
2025-04-27 18:41:14 +02:00
parent ddad30bcf8
commit 8990548c6a
1 changed files with 47 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
app/api/contact/route.ts
View File

@@ -1,63 +1,54 @@
import {NextRequest, NextResponse} from "next/server"; import {NextRequest, NextResponse} from 'next/server';
import nodemailer from "nodemailer";
const HCAPTCHA_SECRET = process.env.HCAPTCHA_SECRET ?? '';
const SHARED_API_KEY = process.env.SHARED_API_KEY ?? '';
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const {captcha, ...data} = await req.json(); try {
const {name, email, company, phone, website, message} = data; const body = await req.json();
const origin = req.headers.get("origin") || "http://localhost:3000";
const captchaToken = body.captcha;
const isDev = process.env.NODE_ENV === "development"; if (!captchaToken) {
const hCaptchaSecret = isDev return NextResponse.json({success: false, error: 'Captcha is required'}, {status: 400});
? "0x0000000000000000000000000000000000000000" // hCaptcha test secret
: "ES_ff59a664dc764f92870bf2c7b4eab7c5";
// ✅ hCaptcha verification
const captchaRes = await fetch("https://hcaptcha.com/siteverify", {
method: "POST",
headers: {"Content-Type": "application/x-www-form-urlencoded"},
body: `response=${captcha}&secret=${hCaptchaSecret}`,
});
const captchaResult = await captchaRes.json();
if (!captchaResult.success) {
return NextResponse.json({success: false, error: "CAPTCHA-Verifizierung fehlgeschlagen."}, {status: 403});
} }
// ✅ Send mail with Ethereal (for dev) or real SMTP later // Step 1: Verify hCaptcha token with their API
const testAccount = await nodemailer.createTestAccount(); const verifyResponse = await fetch('https://api.hcaptcha.com/siteverify', {
const transporter = nodemailer.createTransport({ method: 'POST',
host: testAccount.smtp.host, headers: {'Content-Type': 'application/x-www-form-urlencoded'},
port: testAccount.smtp.port, body: new URLSearchParams({
secure: testAccount.smtp.secure, secret: HCAPTCHA_SECRET,
auth: { response: captchaToken,
user: testAccount.user, }),
pass: testAccount.pass, });
const captchaResult = await verifyResponse.json();
if (!captchaResult.success) {
return NextResponse.json({success: false, error: 'Captcha verification failed'}, {status: 403});
}
// Step 2: Forward valid contact request to Spring Boot backend
const backendRes = await fetch('http://localhost:8080/api/contact', {
method: 'POST',
headers: {
"Origin": origin,
'Content-Type': 'application/json',
'X-Frontend-Key': SHARED_API_KEY,
}, },
body: JSON.stringify(body),
}); });
const mailToMe = { const backendText = await backendRes.text();
from: email,
to: "thatsaphorn@outlook.de",
subject: "Neue Nachricht vom Kontaktformular",
html: `
<p><strong>Name:</strong> ${name}</p>
<p><strong>E-Mail:</strong> ${email}</p>
<p><strong>Firma:</strong> ${company || "—"}</p>
<p><strong>Telefon:</strong> ${phone || "—"}</p>
<p><strong>Webseite:</strong> ${website || "—"}</p>
<p><strong>Nachricht:</strong></p>
<p>${message}</p>
`,
};
try { if (!backendRes.ok) {
const info = await transporter.sendMail(mailToMe); return NextResponse.json({success: false, error: backendText}, {status: backendRes.status});
}
return NextResponse.json({ return NextResponse.json({success: true, message: backendText});
success: true, } catch (err: any) {
previewUrl: nodemailer.getTestMessageUrl(info), console.error('[ContactAPI] error:', err);
}); return NextResponse.json({success: false, error: err.message}, {status: 500});
} catch (err) {
console.error("Mail send error:", err);
return NextResponse.json({success: false, error: "Mailversand fehlgeschlagen."}, {status: 500});
} }
} }