a

routes/contactRoutes.js

@@ -4,9 +4,6 @@ module.exports = (contactController) => {
     const router = express.Router();
     const rateLimit = require('express-rate-limit');
     const { body, validationResult } = require('express-validator');
-    // Remove the old require statement since we are getting the controller as an argument
-    // const contactController = require('../controllers/contactController');
-    const { formSecurityCheck } = require('../middleware/securityMw');
 
     // 🛡️ Configure rate limiting to prevent DDoS and spamming
     const apiLimiter = rateLimit({
@@ -18,7 +15,14 @@ module.exports = (contactController) => {
     // Define the route for form submissions
     router.post('/submit-form',
         apiLimiter,
-        
+        // In-line honeypot check
+        (req, res, next) => {
+            if (req.body.url) {
+                console.warn('Bot detected! Honeypot field was filled.');
+                return res.status(200).json({ success: true, message: 'Thank you for your submission.' });
+            }
+            next();
+        },
         [
             // express-validator: sanitation and validation
             body('firstName').trim().escape(),
@@ -37,8 +41,6 @@ module.exports = (contactController) => {
             }
             next();
         },
-        // The security middleware
-        // formSecurityCheck,
         // The controller, which is the final step
         contactController.submitForm
     );