diff --git a/controllers/contactController.js b/controllers/contactController.js index e27ec0a..c31512b 100644 --- a/controllers/contactController.js +++ b/controllers/contactController.js @@ -1,14 +1,49 @@ -// contactController.js module.exports = (pool, transporter) => { - const submitForm = async (req, res) => { - const { firstName, lastName, organization, email, phone, contactMethod, message, privacyAccepted } = req.body; + const { + firstName, + lastName, + organization, + email, + phone, + contactMethod, + message, + privacyAccepted + } = req.body; + + if ( + !firstName || !lastName || !email || !message || + typeof contactMethod === 'undefined' || + typeof privacyAccepted === 'undefined' + ) { + console.error('Missing required fields in submission:', req.body); + return res.status(400).json({ message: 'Missing required form fields.' }); + } try { const result = await pool.query( - `INSERT INTO submissions(first_name, last_name, organization, email, phone, contact_method, message, privacy_accepted, time_submitted) - VALUES($1, $2, $3, $4, $5, $6, $7, $8, NOW()) RETURNING *`, - [firstName, lastName, organization, email, phone, contactMethod, message, privacyAccepted] + `INSERT INTO submissions( + first_name, + last_name, + organization, + email, + phone, + contact_method, + message, + privacy_accepted, + time_submitted + ) VALUES($1, $2, $3, $4, $5, $6, $7, $8, NOW()) + RETURNING *`, + [ + firstName, + lastName, + organization, + email, + phone, + contactMethod, + message, + privacyAccepted + ] ); console.log('Successfully saved submission to the database:', result.rows[0]); @@ -43,10 +78,10 @@ module.exports = (pool, transporter) => { }); } catch (err) { - console.error('An error occurred during form submission:', err.stack); + console.error('Error occurred during form submission:', err.stack || err); res.status(500).json({ - message: 'An error occurred. Please try again.', - error: err.message + message: 'An error occurred while submitting the form.', + error: err.message || 'Unknown error' }); } }; @@ -54,4 +89,4 @@ module.exports = (pool, transporter) => { return { submitForm, }; -}; \ No newline at end of file +}; diff --git a/routes/contactRoutes.js b/routes/contactRoutes.js index fe0f7be..3cd1e54 100644 --- a/routes/contactRoutes.js +++ b/routes/contactRoutes.js @@ -1,11 +1,10 @@ -// contactRoutes.js module.exports = (contactController, securityMw) => { const express = require('express'); const router = express.Router(); const rateLimit = require('express-rate-limit'); const { body, validationResult } = require('express-validator'); - // Configure rate limiting to prevent spam + // Rate limiter to prevent spam const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, @@ -16,20 +15,23 @@ module.exports = (contactController, securityMw) => { apiLimiter, securityMw.formSecurityCheck, [ - // Sanitize and validate form data body('firstName').trim().escape(), body('lastName').trim().escape(), body('email').isEmail().normalizeEmail(), body('organization').trim().escape(), body('phone').trim(), body('message').trim().escape(), + body('contactMethod') + .notEmpty().withMessage('Contact method is required.') + .isIn(['email', 'phone']).withMessage('Contact method must be email or phone.'), + body('privacyAccepted') + .isBoolean().withMessage('Privacy acceptance must be true or false.'), ], - // Handle validation results (req, res, next) => { const errors = validationResult(req); if (!errors.isEmpty()) { console.error('Validation failed:', errors.array()); - return res.status(400).json({ success: false, message: 'Invalid form data.' }); + return res.status(400).json({ success: false, message: 'Invalid form data.', errors: errors.array() }); } next(); },