fix: correct app.use()

server.js

@@ -1,52 +1,47 @@
-const nodemailer = require('nodemailer');
+// contactRoutes.js
 const express = require('express');
-const path = require('path');
+const router = express.Router();
-const { Pool } = require('pg');
 const rateLimit = require('express-rate-limit');
-require('dotenv').config();
+const { body, validationResult } = require('express-validator');
-const app = express();
-const port = process.env.SERVER_PORT || 3000;
 
-// Middleware to parse incoming JSON data from the frontend
+// The entire module is now a function that accepts 'contactController' and security middleware as an argument.
-app.use(express.json());
+module.exports = (contactController, securityMw) => {
     
-// Middleware to serve static files (like index.html, styles.css, script.js)
+    // 🛡️ Configure rate limiting to prevent DDoS and spamming
-const STATIC_DIR = process.env.STATIC_DIR || 'public'
+    const apiLimiter = rateLimit({
-app.use(express.static(path.join(__dirname, STATIC_DIR)));
+        windowMs: 15 * 60 * 1000, // 15 minutes
+        max: 5,
+        message: "Too many requests from this IP, please try again after 15 minutes."
+    });
 
-// Database connection pool setup using environment variables for security
+    // Define the route for form submissions with all middleware
-const pool = new Pool({
+    router.post('/submit-form',
-    user: process.env.DB_USER,
+        apiLimiter,
-    host: process.env.DB_HOST,
+        // The security middleware is now a separate step,
-    database: process.env.DB_DATABASE,
+        // containing both the honeypot check and hCaptcha verification.
-    password: process.env.DB_PASSWORD,
+        securityMw.formSecurityCheck,
-    port: process.env.DB_PORT,
+        [
-});
+            // express-validator: sanitation and validation
-
+            body('firstName').trim().escape(),
-// Nodemailer transporter setup for sending emails
+            body('lastName').trim().escape(),
-const transporter = nodemailer.createTransport({
+            body('email').isEmail().normalizeEmail(),
-    host: process.env.EMAIL_HOST,
+            body('organization').trim().escape(),
-    port: process.env.EMAIL_PORT,
+            body('phone').trim(),
-    secure: false,
+            body('message').trim().escape(),
-    requireTLS: true,
+        ],
-    auth: {
+        // Middleware to handle the express-validator results
-        user: process.env.EMAIL_USER,
+        (req, res, next) => {
-        pass: process.env.EMAIL_PASS,
+            const errors = validationResult(req);
+            if (!errors.isEmpty()) {
+                console.error('Validation failed:', errors.array());
+                return res.status(400).json({ success: false, message: 'Invalid form data.' });
+            }
+            next();
         },
-});
+        // The controller, which is the final step
+        contactController.submitForm
+    );
 
-const contactController = require('./controllers/contactController')(pool, transporter);
+    // Return the configured router
-
+    return router;
-// Import the security middleware
+};
-const securityMw = require('./middleware/securityMw');
-
-// Import contactRoutes and contactController, and pass in securityMw
-const contactRoutes = require('./routes/contactRoutes')(contactController, securityMw);
-
-// Use contactRoutes to connect the modular router to the main app
-app.use(contactRoutes);
-
-// Start the server
-app.listen(port, () => {
-    console.log(`Server listening at http://localhost:${port}`);
-});