fix: implement hCaptcha verification and remove "captchaToken" field from email messages

This commit is contained in:
Dorian Niemiec 2024-09-07 12:26:34 +02:00
parent 8e9deea0bf
commit 35ba0b2694

View file

@ -27,12 +27,14 @@ const generateEmailContent = (data: Record<string, string>) => {
const htmlData = Object.entries(data).reduce( const htmlData = Object.entries(data).reduce(
(str, [key, val]) => (str, [key, val]) =>
str + str +
`<h3 class="form-heading">${escapeHtml( (key == "captchaToken"
CONTACT_MESSAGE_FIELDS[key] || key ? ""
)}</h3><p class="form-answer">${escapeHtml(val).replace( : `<h3 class="form-heading">${escapeHtml(
/\n/g, CONTACT_MESSAGE_FIELDS[key] || key
"<br/>" )}</h3><p class="form-answer">${escapeHtml(val).replace(
)}</p>`, /\n/g,
"<br/>"
)}</p>`),
"" ""
); );
@ -106,6 +108,27 @@ export async function POST(req: NextRequest) {
const data = await req.json(); const data = await req.json();
console.log(data); console.log(data);
// Verify hCaptcha token
const hcaptchaResponse = await fetch(
`https://api.hcaptcha.com/siteverify`,
{
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: `secret=${process.env.HCAPTCHA_SECRET}&response=${data.captchaToken}`
}
);
const hcaptchaData = await hcaptchaResponse.json();
if (!hcaptchaData.success) {
return NextResponse.json(
{ message: "Captcha verification failed." },
{ status: 400 }
);
}
await transporter.sendMail({ await transporter.sendMail({
...mailOptions, ...mailOptions,
...generateEmailContent(data), ...generateEmailContent(data),