technicalkiwi/website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add contact antispam and fix gallery video playback.

Browse Source 
English-only messages, rate limiting, min fill time, and normalized email
validation; improve modal video serving with posters, correct MIME types, and
no gzip on gallery media.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Jimmy
2026-06-04 00:38:48 +12:00
parent a9095727bf
commit 6c215d40e6
16 changed files with 385 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/internal/handlers/handlers.go
View File

@@ -3,15 +3,16 @@ package handlers
import (
"log"
"net/http"
"strings"
"sync"
"time"
"technical.kiwi/website/internal/auth"
"technical.kiwi/website/internal/contact"
"technical.kiwi/website/internal/contactcheck"
"technical.kiwi/website/internal/gallery"
"technical.kiwi/website/internal/mail"
"technical.kiwi/website/internal/middleware"
"technical.kiwi/website/internal/ratelimit"
"technical.kiwi/website/templates"
)
@@ -26,6 +27,7 @@ type Server struct {
ContactEnabled bool
Auth auth.Config
Sessions *auth.Sessions
contactRL *ratelimit.IPWindow
galleryMu sync.RWMutex
}
@@ -59,6 +61,7 @@ func New(imagesDir, staticDir string, mailCfg *mail.Config) (*Server, error) {
ContactEnabled: mailCfg != nil,
Auth: authCfg,
Sessions: auth.NewSessions(),
contactRL: ratelimit.NewIPWindow(5, time.Hour),
}
if authCfg.Enabled {
log.Print("admin: enabled at /admin/")
@@ -92,6 +95,9 @@ func (s *Server) snapshot() ([]gallery.Image, gallery.Image, bool) {
func (s *Server) index(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cache-Control", "no-cache")
if s.ContactEnabled {
setContactFormSeen(w)
}
images, hero, hasHero := s.snapshot()
templates.Home(images, hero, hasHero, s.ContactEnabled).Render(r.Context(), w)
}
@@ -107,11 +113,21 @@ func (s *Server) contact(w http.ResponseWriter, r *http.Request) {
return
}
if strings.TrimSpace(r.FormValue("website")) != "" {
if contactcheck.SpamHoneypot(r.FormValue(contactcheck.HoneypotField)) {
templates.ContactSuccess().Render(r.Context(), w)
return
}
if contactcheck.FormFilledTooFast(contactFormSeenUnix(r), time.Now()) {
templates.ContactSuccess().Render(r.Context(), w)
return
}
if !s.contactRL.Allow(clientIP(r)) {
templates.ContactRateLimited().Render(r.Context(), w)
return
}
sub, errs := contact.Parse(
r.FormValue("name"),
r.FormValue("email"),