chris/beachPartyBalloons
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add server-side content filtering to block spam

Browse Source 
- Require message to have at least 3 words — catches single-token
  random strings like 'EhdRpaTrHsSahuiuz'
- Require message to be at least 10 characters
- Validate email format server-side (was client-side only)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chris 2026-06-16 08:21:58 -04:00
parent eef6d0cb7d
commit 14fc9df9d2
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main-site/server.js
View File

@ -164,6 +164,14 @@ apiRouter.post('/contact', upload.array('photos', 3), async (req, res) => {
return res.status(400).json({ success: false, message: 'Please fill in all required fields.' }); return res.status(400).json({ success: false, message: 'Please fill in all required fields.' });
} }
if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email.trim())) {
return res.status(400).json({ success: false, message: 'Please enter a valid email address.' });
}
if (message.trim().length < 10 || message.trim().split(/\s+/).length < 3) {
return res.status(400).json({ success: false, message: 'Please enter a more detailed message.' });
}
const attachments = []; const attachments = [];
for (const file of (req.files || [])) { for (const file of (req.files || [])) {
const webpBuffer = await sharp(file.buffer).webp({ quality: 85 }).toBuffer(); const webpBuffer = await sharp(file.buffer).webp({ quality: 85 }).toBuffer();