a

routes/contactRoutes.js

@@ -1,11 +1,10 @@
-// contactRoutes.js
 module.exports = (contactController, securityMw) => {
     const express = require('express');
     const router = express.Router();
     const rateLimit = require('express-rate-limit');
     const { body, validationResult } = require('express-validator');
 
-    // Configure rate limiting to prevent spam
+    // Rate limiter to prevent spam
     const apiLimiter = rateLimit({
         windowMs: 15 * 60 * 1000, // 15 minutes
         max: 5,
@@ -16,20 +15,23 @@ module.exports = (contactController, securityMw) => {
         apiLimiter,
         securityMw.formSecurityCheck,
         [
-            // Sanitize and validate form data
             body('firstName').trim().escape(),
             body('lastName').trim().escape(),
             body('email').isEmail().normalizeEmail(),
             body('organization').trim().escape(),
             body('phone').trim(),
             body('message').trim().escape(),
+            body('contactMethod')
+                .notEmpty().withMessage('Contact method is required.')
+                .isIn(['email', 'phone']).withMessage('Contact method must be email or phone.'),
+            body('privacyAccepted')
+                .isBoolean().withMessage('Privacy acceptance must be true or false.'),
         ],
-        // Handle validation results
         (req, res, next) => {
             const errors = validationResult(req);
             if (!errors.isEmpty()) {
                 console.error('Validation failed:', errors.array());
-                return res.status(400).json({ success: false, message: 'Invalid form data.' });
+                return res.status(400).json({ success: false, message: 'Invalid form data.', errors: errors.array() });
             }
             next();
         },