From d5dea7b42ac7485a4f32a5377cc9d69d033eb7b2 Mon Sep 17 00:00:00 2001 From: dereklseitz Date: Thu, 21 Aug 2025 17:34:17 -0500 Subject: [PATCH] fix: correct app.use() --- server.js | 89 ++++++++++++++++++++++++++----------------------------- 1 file changed, 42 insertions(+), 47 deletions(-) diff --git a/server.js b/server.js index 45bab46..47b6c08 100644 --- a/server.js +++ b/server.js @@ -1,52 +1,47 @@ -const nodemailer = require('nodemailer'); +// contactRoutes.js const express = require('express'); -const path = require('path'); -const { Pool } = require('pg'); +const router = express.Router(); const rateLimit = require('express-rate-limit'); -require('dotenv').config(); -const app = express(); -const port = process.env.SERVER_PORT || 3000; +const { body, validationResult } = require('express-validator'); -// Middleware to parse incoming JSON data from the frontend -app.use(express.json()); +// The entire module is now a function that accepts 'contactController' and security middleware as an argument. +module.exports = (contactController, securityMw) => { + + // 🛡️ Configure rate limiting to prevent DDoS and spamming + const apiLimiter = rateLimit({ + windowMs: 15 * 60 * 1000, // 15 minutes + max: 5, + message: "Too many requests from this IP, please try again after 15 minutes." + }); -// Middleware to serve static files (like index.html, styles.css, script.js) -const STATIC_DIR = process.env.STATIC_DIR || 'public' -app.use(express.static(path.join(__dirname, STATIC_DIR))); + // Define the route for form submissions with all middleware + router.post('/submit-form', + apiLimiter, + // The security middleware is now a separate step, + // containing both the honeypot check and hCaptcha verification. + securityMw.formSecurityCheck, + [ + // express-validator: sanitation and validation + body('firstName').trim().escape(), + body('lastName').trim().escape(), + body('email').isEmail().normalizeEmail(), + body('organization').trim().escape(), + body('phone').trim(), + body('message').trim().escape(), + ], + // Middleware to handle the express-validator results + (req, res, next) => { + const errors = validationResult(req); + if (!errors.isEmpty()) { + console.error('Validation failed:', errors.array()); + return res.status(400).json({ success: false, message: 'Invalid form data.' }); + } + next(); + }, + // The controller, which is the final step + contactController.submitForm + ); -// Database connection pool setup using environment variables for security -const pool = new Pool({ - user: process.env.DB_USER, - host: process.env.DB_HOST, - database: process.env.DB_DATABASE, - password: process.env.DB_PASSWORD, - port: process.env.DB_PORT, -}); - -// Nodemailer transporter setup for sending emails -const transporter = nodemailer.createTransport({ - host: process.env.EMAIL_HOST, - port: process.env.EMAIL_PORT, - secure: false, - requireTLS: true, - auth: { - user: process.env.EMAIL_USER, - pass: process.env.EMAIL_PASS, - }, -}); - -const contactController = require('./controllers/contactController')(pool, transporter); - -// Import the security middleware -const securityMw = require('./middleware/securityMw'); - -// Import contactRoutes and contactController, and pass in securityMw -const contactRoutes = require('./routes/contactRoutes')(contactController, securityMw); - -// Use contactRoutes to connect the modular router to the main app -app.use(contactRoutes); - -// Start the server -app.listen(port, () => { - console.log(`Server listening at http://localhost:${port}`); -}); \ No newline at end of file + // Return the configured router + return router; +}; \ No newline at end of file