Add contact antispam and fix gallery video playback.

English-only messages, rate limiting, min fill time, and normalized email
validation; improve modal video serving with posters, correct MIME types, and
no gzip on gallery media.

Co-authored-by: Cursor <cursoragent@cursor.com>

app/internal/middleware/middleware.go

@@ -46,6 +46,7 @@ func CacheStatic(dir string, maxAge time.Duration) http.Handler {
 
 // CacheImages wraps image serving; thumbs cache longer than originals.
 func CacheImages(dir string) http.Handler {
+	fs := http.FileServer(http.Dir(dir))
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		rel := strings.TrimPrefix(r.URL.Path, "/")
 		if strings.HasPrefix(rel, "thumbs/") || strings.HasPrefix(rel, "hero/") {
@@ -53,10 +54,28 @@ func CacheImages(dir string) http.Handler {
 		} else {
 			w.Header().Set("Cache-Control", "public, max-age=86400")
 		}
-		http.FileServer(http.Dir(dir)).ServeHTTP(w, r)
+		if ct := mediaContentType(r.URL.Path); ct != "" {
+			w.Header().Set("Content-Type", ct)
+		}
+		fs.ServeHTTP(w, r)
 	})
 }
 
+func mediaContentType(urlPath string) string {
+	switch strings.ToLower(filepath.Ext(urlPath)) {
+	case ".jpg", ".jpeg":
+		return "image/jpeg"
+	case ".mp4":
+		return "video/mp4"
+	case ".webm":
+		return "video/webm"
+	case ".mov":
+		return "video/quicktime"
+	default:
+		return ""
+	}
+}
+
 func formatMaxAge(d time.Duration) string {
 	return strconv.Itoa(int(d.Seconds()))
 }
@@ -66,6 +85,10 @@ func shouldSkipGzip(r *http.Request) bool {
 	if r.Header.Get("Range") != "" {
 		return true
 	}
+	// Gallery originals and derivatives must never be gzip-compressed.
+	if strings.HasPrefix(r.URL.Path, "/images/") {
+		return true
+	}
 
 	ext := strings.ToLower(filepath.Ext(r.URL.Path))
 	if ext == "" {