fix: implement hCaptcha verification and remove "captchaToken" field from email messages

2024-09-07 12:26:34 +02:00 · 2024-09-07 12:26:34 +02:00 · 35ba0b2694
commit 35ba0b2694
parent 8e9deea0bf
1 changed files with 29 additions and 6 deletions
--- a/app/api/contact/route.ts
+++ b/app/api/contact/route.ts
@ -27,12 +27,14 @@ const generateEmailContent = (data: Record<string, string>) => {
  const htmlData = Object.entries(data).reduce(
    (str, [key, val]) =>
      str +
-      `<h3 class="form-heading">${escapeHtml(
+      (key == "captchaToken"
+        ? ""
+        : `<h3 class="form-heading">${escapeHtml(
            CONTACT_MESSAGE_FIELDS[key] || key
          )}</h3><p class="form-answer">${escapeHtml(val).replace(
            /\n/g,
            "<br/>"
-      )}</p>`,
+          )}</p>`),
    ""
  );

@ -106,6 +108,27 @@ export async function POST(req: NextRequest) {
    const data = await req.json();
    console.log(data);

+    // Verify hCaptcha token
+    const hcaptchaResponse = await fetch(
+      `https://api.hcaptcha.com/siteverify`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded"
+        },
+        body: `secret=${process.env.HCAPTCHA_SECRET}&response=${data.captchaToken}`
+      }
+    );
+
+    const hcaptchaData = await hcaptchaResponse.json();
+
+    if (!hcaptchaData.success) {
+      return NextResponse.json(
+        { message: "Captcha verification failed." },
+        { status: 400 }
+      );
+    }
+
    await transporter.sendMail({
      ...mailOptions,
      ...generateEmailContent(data),