Add contact antispam and fix gallery video playback.

English-only messages, rate limiting, min fill time, and normalized email validation; improve modal video serving with posters, correct MIME types, and no gzip on gallery media. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-04 00:38:48 +12:00
parent a9095727bf
commit 6c215d40e6
16 changed files with 385 additions and 16 deletions
--- a/app/internal/handlers/contact_antispam.go
+++ b/app/internal/handlers/contact_antispam.go
@@ -0,0 +1,50 @@
+package handlers
+
+import (
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+)
+
+const contactSeenCookie = "tk_contact_seen"
+
+func clientIP(r *http.Request) string {
+	if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
+		if i := strings.Index(xff, ","); i >= 0 {
+			xff = xff[:i]
+		}
+		if ip := strings.TrimSpace(xff); ip != "" {
+			return ip
+		}
+	}
+	host, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		return r.RemoteAddr
+	}
+	return host
+}
+
+func setContactFormSeen(w http.ResponseWriter) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     contactSeenCookie,
+		Value:    strconv.FormatInt(time.Now().Unix(), 10),
+		Path:     "/",
+		HttpOnly: true,
+		SameSite: http.SameSiteLaxMode,
+		MaxAge:   int((10 * time.Minute).Seconds()),
+	})
+}
+
+func contactFormSeenUnix(r *http.Request) int64 {
+	c, err := r.Cookie(contactSeenCookie)
+	if err != nil {
+		return 0
+	}
+	v, err := strconv.ParseInt(c.Value, 10, 64)
+	if err != nil {
+		return 0
+	}
+	return v
+}