#41 - Ajouter une sécurité sur la page nous contacter #59

Merged
dbroqua merged 1 commit from feature/41 into develop 2022-09-01 11:37:58 +02:00
4 changed files with 83 additions and 37 deletions
Showing only changes of commit 2e3ccd26f2 - Show all commits

View file

@ -67,6 +67,7 @@
"passport-local": "^1.0.0", "passport-local": "^1.0.0",
"rimraf": "^3.0.2", "rimraf": "^3.0.2",
"sass": "^1.49.7", "sass": "^1.49.7",
"svg-captcha": "^1.4.0",
"uuid": "^8.3.2", "uuid": "^8.3.2",
"vue": "^3.2.31" "vue": "^3.2.31"
}, },

View file

@ -197,7 +197,11 @@ class Albums extends Pages {
}); });
if (!album) { if (!album) {
throw new ErrorEvent(404, "Impossible de trouver cet album"); throw new ErrorEvent(
404,
"Mise à jour",
"Impossible de trouver cet album"
);
} }
const values = await getAlbumDetails(album.discogsId); const values = await getAlbumDetails(album.discogsId);
@ -221,7 +225,11 @@ class Albums extends Pages {
return true; return true;
} }
throw new ErrorEvent(404, "Impossible de trouver cet album"); throw new ErrorEvent(
404,
"Suppression",
"Impossible de trouver cet album"
);
} }
/** /**

View file

@ -1,5 +1,6 @@
import express from "express"; import express from "express";
import nodemailer from "nodemailer"; import nodemailer from "nodemailer";
import svgCaptcha from "svg-captcha";
import { sendResponse } from "../../../libs/format"; import { sendResponse } from "../../../libs/format";
@ -9,14 +10,40 @@ import ErrorEvent from "../../../libs/error";
// eslint-disable-next-line new-cap // eslint-disable-next-line new-cap
const router = express.Router(); const router = express.Router();
router.route("/").post(async (req, res, next) => { router
.route("/")
.get(async (req, res, next) => {
try {
const captcha = svgCaptcha.create({
size: 4,
noise: 2,
color: true,
});
req.session.captcha = captcha.text;
res.type("svg");
return res.status(200).send(captcha.data);
} catch (err) {
return next(err);
}
})
.post(async (req, res, next) => {
try { try {
if (mailMethod === "smtp") { if (mailMethod === "smtp") {
const { email, name, message } = req.body; const { email, name, message, captcha } = req.body;
if (!captcha || captcha !== req.session.captcha) {
throw new ErrorEvent(
406,
"Captcha",
"Le captcha n'est pas valide"
);
}
if (!email || !message) { if (!email || !message) {
throw new ErrorEvent( throw new ErrorEvent(
406, 406,
"Erreur de saisie",
"Le formulaire n'est pas correctement saisi" "Le formulaire n'est pas correctement saisi"
); );
} }
@ -24,9 +51,9 @@ router.route("/").post(async (req, res, next) => {
const transporter = nodemailer.createTransport(smtpConfig); const transporter = nodemailer.createTransport(smtpConfig);
const text = `Bonjour, const text = `Bonjour,
Vous venez de recevoir un nouveau message de ${name} (${email}) : Vous venez de recevoir un nouveau message de ${name} (${email}) :
${message} ${message}
`; `;
const data = await transporter.sendMail({ const data = await transporter.sendMail({
@ -41,10 +68,10 @@ ${message}
return sendResponse(req, res, { messageId, response }); return sendResponse(req, res, { messageId, response });
} }
throw new ErrorEvent(500, "Méthode non configurée"); throw new ErrorEvent(500, "Routeur", "Méthode non configurée");
} catch (err) { } catch (err) {
return next(err); return next(err);
} }
}); });
export default router; export default router;

View file

@ -17,6 +17,14 @@
<textarea name="message" id="message" rows="6" required v-model="message" ></textarea> <textarea name="message" id="message" rows="6" required v-model="message" ></textarea>
</div> </div>
<% if (config.mailMethod !== 'formspree' ) { %>
<img src="/api/v1/contact" alt="Captcha" />
<div class="field">
<label for="captcha">Captcha</label>
<input type="text" name="captcha" id="captcha" v-model="captcha" required />
</div>
<% } %>
<button type="submit" class="button is-primary" :disabled="loading"> <button type="submit" class="button is-primary" :disabled="loading">
<% if (config.mailMethod !== 'formspree' ) { %> <% if (config.mailMethod !== 'formspree' ) { %>
<i class="icon-spin animate-spin" v-if="loading"></i> <i class="icon-spin animate-spin" v-if="loading"></i>
@ -34,6 +42,7 @@
email: '', email: '',
name: '', name: '',
message: '', message: '',
captcha: '',
loading: false, loading: false,
} }
}, },
@ -50,10 +59,11 @@
const { const {
email, email,
message, message,
name name,
captcha,
} = this; } = this;
axios.post('/api/v1/contact', {email, name, message}) axios.post('/api/v1/contact', {email, name, message, captcha})
.then( () => { .then( () => {
showToastr("Message correctement envoyé", true); showToastr("Message correctement envoyé", true);
}) })