41 lines
1.3 KiB
JavaScript
41 lines
1.3 KiB
JavaScript
// contactRoutes.js
|
|
module.exports = (contactController, securityMw) => {
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const rateLimit = require('express-rate-limit');
|
|
const { body, validationResult } = require('express-validator');
|
|
|
|
// Configure rate limiting to prevent spam
|
|
const apiLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 5,
|
|
message: "Too many requests from this IP, please try again after 15 minutes."
|
|
});
|
|
|
|
router.post('/submit-form',
|
|
apiLimiter,
|
|
securityMw.formSecurityCheck,
|
|
[
|
|
// Sanitize and validate form data
|
|
body('firstName').trim().escape(),
|
|
body('lastName').trim().escape(),
|
|
body('email').isEmail().normalizeEmail(),
|
|
body('organization').trim().escape(),
|
|
body('phone').trim(),
|
|
body('message').trim().escape(),
|
|
],
|
|
// Handle validation results
|
|
(req, res, next) => {
|
|
const errors = validationResult(req);
|
|
if (!errors.isEmpty()) {
|
|
console.error('Validation failed:', errors.array());
|
|
return res.status(400).json({ success: false, message: 'Invalid form data.' });
|
|
}
|
|
next();
|
|
},
|
|
contactController.submitForm
|
|
);
|
|
|
|
return router;
|
|
};
|