From 14fc9df9d2b2a4bafb927761f4cca23899dc4462 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 16 Jun 2026 08:21:58 -0400 Subject: [PATCH] Add server-side content filtering to block spam MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Require message to have at least 3 words — catches single-token random strings like 'EhdRpaTrHsSahuiuz' - Require message to be at least 10 characters - Validate email format server-side (was client-side only) Co-Authored-By: Claude Sonnet 4.6 --- main-site/server.js | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/main-site/server.js b/main-site/server.js index c2f1612..13f982c 100644 --- a/main-site/server.js +++ b/main-site/server.js @@ -164,6 +164,14 @@ apiRouter.post('/contact', upload.array('photos', 3), async (req, res) => { return res.status(400).json({ success: false, message: 'Please fill in all required fields.' }); } + if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) { + return res.status(400).json({ success: false, message: 'Please enter a valid email address.' }); + } + + if (message.trim().length < 10 || message.trim().split(/\s+/).length < 3) { + return res.status(400).json({ success: false, message: 'Please enter a more detailed message.' }); + } + const attachments = []; for (const file of (req.files || [])) { const webpBuffer = await sharp(file.buffer).webp({ quality: 85 }).toBuffer();