From 2015a1a3416ee49469eb4060932b005690db78c9 Mon Sep 17 00:00:00 2001 From: Rodrigue Chakode Date: Tue, 26 Oct 2021 20:14:24 +0200 Subject: [PATCH] improvement of the contact form processing: * always use CONTACT_REPLY_EMAIL as sender email (issue #6) * add the ability to use a hidden field to set the redirection page --- README.md | 4 ++-- samples/hugo-partial-contact-form.html | 2 ++ sendmail.go | 19 ++++++++++--------- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 1330e92..8a40ddc 100644 --- a/README.md +++ b/README.md @@ -171,10 +171,10 @@ Regardless of the deployment platform (Google App Engine, Kubernetes, Docker), t * `SMTP_VERITY_CERT`: Tell whether the SMTP certificate should be validated against top level authorities. If you're using a self-signed certificate on the SMTP server, this value must be set to `false`. * `SMTP_CLIENT_USERNAME`: Set the username to connect to the SMTP server. * `SMTP_CLIENT_PASSWORD`: Set the password to connect to the SMTP server. -* `CONTACT_REPLY_EMAIL`: Set an email address for the reply email. It's not necessary a valid email address, for example if don't want the user to reply you can use something like `noreply@example.com`. +* `CONTACT_REPLY_EMAIL`: Set an email address for the reply email. It's not necessary a valid email address; for example if don't want the user to reply the email, you can set something like `noreply@example.com`. * `CONTACT_REPLY_BCC_EMAIL`: Sets an email address for bcc copy of the email sent to the user. This is useful for tracking and follow up. * `DEMO_URL`: Specific for demo forms, it can be used to set the URL of the demo site that will be included to the user reply email (e.g. `https://demo.example.com/`). -* `ALLOWED_ORIGINS`: Set a list of comma-separated domains that the `hugo-mx-gateway` App shoudl trust. This is for security reason to filter requests. Only requests with an `Origin` header belonging to the defined origins will be accepted, through it's only required that the request has a valid `Referer` header. It's expected in the future to these request filtering and admission rules. +* `ALLOWED_ORIGINS`: Set a list of comma-separated list of domains that the `hugo-mx-gateway` App should trust. For security reason, only requests with an `Origin` header belonging to the defined list of origins will be accepted. * `RECAPTCHA_PRIVATE_KEY` (optional): The [reCaptcha](https://www.google.com/recaptcha/intro/v3.html) private key. * `TEMPLATE_DEMO_REQUEST_REPLY` (optional): Specify the path of the template to reply a demo request. The default templare is `templates/template_reply_demo_request.html`. The template is based on [Go Template](https://golang.org/pkg/text/template/). * `TEMPLATE_CONTACT_REQUEST_REPLY` (optional): Specify the path of the template to reply a contact request. The default templare is `templates/template_reply_contact_request.html`. The template is based on [Go Template](https://golang.org/pkg/text/template/). diff --git a/samples/hugo-partial-contact-form.html b/samples/hugo-partial-contact-form.html index 45da82d..af1ed54 100644 --- a/samples/hugo-partial-contact-form.html +++ b/samples/hugo-partial-contact-form.html @@ -23,6 +23,8 @@ + +
diff --git a/sendmail.go b/sendmail.go index 8ed3345..f66401f 100644 --- a/sendmail.go +++ b/sendmail.go @@ -47,6 +47,7 @@ type ContactRequest struct { Subject string `json:"subject,omitempty"` Message string `json:"message,omitempty"` RequestTarget string `json:"requestType,omitempty"` + OriginURI string `json:"originURI,omitempty"` } type ContactResponse struct { @@ -109,7 +110,7 @@ func (m *SendMailRequest) Execute() error { return fmt.Errorf("failed issuing MAIL command (%s)", err) } - // Set recipents + // Set recipients for _, recipient := range m.to { err = smtpClient.Rcpt(recipient) if err != nil { @@ -219,6 +220,7 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) { Subject: httpReq.FormValue("subject"), Message: httpReq.FormValue("message"), RequestTarget: httpReq.FormValue("target"), + OriginURI: httpReq.FormValue("requestOrigin"), } var recipients []string @@ -254,20 +256,19 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) { } replyTplFile := "" - contactEmail := viper.GetString("CONTACT_REPLY_EMAIL") if contactRequest.RequestTarget == "demo" { replyTplFile = viper.GetString("TEMPLATE_DEMO_REQUEST_REPLY") if replyTplFile == "" { replyTplFile = "./templates/template_reply_demo_request.html" } } else { - contactEmail = contactRequest.Email replyTplFile = viper.GetString("TEMPLATE_CONTACT_REQUEST_REPLY") if replyTplFile == "" { replyTplFile = "./templates/template_reply_contact_request.html" } } + contactEmail := viper.GetString("CONTACT_REPLY_EMAIL") sendMailReq := NewSendMailRequest( contactEmail, recipients, @@ -296,20 +297,20 @@ func SendMail(httpResp http.ResponseWriter, httpReq *http.Request) { contactResponse.Message = "Invalid request, please review your input and try again." } - refererURL, err := url.Parse(httpReq.Header.Get("Referer")) + originURL, err := url.Parse(contactRequest.OriginURI) if err != nil { - log.Println(err.Error()) - refererURL = &url.URL{} // continue with default (empty) url + log.Printf("error parsing the origin URL %s (%s)", originURL, err.Error()) + originURL = &url.URL{} // continue with default (empty) url } - q := refererURL.Query() + q := originURL.Query() q.Set("status", contactResponse.Status) q.Set("message", contactResponse.Message) - refererURL.RawQuery = q.Encode() + originURL.RawQuery = q.Encode() respRawData, _ := json.Marshal(contactResponse) - httpResp.Header().Set("Location", refererURL.String()) + httpResp.Header().Set("Location", originURL.String()) httpResp.WriteHeader(http.StatusSeeOther) httpResp.Header().Set("Content-Type", "application/json; charset=UTF-8") httpResp.Write(respRawData)