fix: implement hCaptcha verification and remove "captchaToken" field from email messages

app/api/contact/route.ts

@@ -27,12 +27,14 @@ const generateEmailContent = (data: Record<string, string>) => {
   const htmlData = Object.entries(data).reduce(
     (str, [key, val]) =>
       str +
-      `<h3 class="form-heading">${escapeHtml(
+      (key == "captchaToken"
-        CONTACT_MESSAGE_FIELDS[key] || key
+        ? ""
-      )}</h3><p class="form-answer">${escapeHtml(val).replace(
+        : `<h3 class="form-heading">${escapeHtml(
-        /\n/g,
+            CONTACT_MESSAGE_FIELDS[key] || key
-        "<br/>"
+          )}</h3><p class="form-answer">${escapeHtml(val).replace(
-      )}</p>`,
+            /\n/g,
+            "<br/>"
+          )}</p>`),
     ""
   );
 
@@ -106,6 +108,27 @@ export async function POST(req: NextRequest) {
     const data = await req.json();
     console.log(data);
 
+    // Verify hCaptcha token
+    const hcaptchaResponse = await fetch(
+      `https://api.hcaptcha.com/siteverify`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: `secret=${process.env.HCAPTCHA_SECRET}&response=${data.captchaToken}`
+      }
+    );
+
+    const hcaptchaData = await hcaptchaResponse.json();
+
+    if (!hcaptchaData.success) {
+      return NextResponse.json(
+        { message: "Captcha verification failed." },
+        { status: 400 }
+      );
+    }
+
     await transporter.sendMail({
       ...mailOptions,
       ...generateEmailContent(data),