Initial version

Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:1.12 AS build
+
+WORKDIR /go/src/app
+
+COPY . .
+RUN CGO_ENABLED=0 GO111MODULE=on go install .
+
+FROM scratch
+COPY --from=build /go/bin/contact-form /contact-form
+COPY --from=build /go/src/app/*.html /templates/
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+WORKDIR /templates
+ENTRYPOINT ["/contact-form"]
+EXPOSE 8080

LICENCE.adoc

@@ -0,0 +1,21 @@
+= MIT License
+
+Copyright © 2019 Chris Smith
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.adoc

@@ -0,0 +1,53 @@
+= Go contact form
+
+== About
+
+Provides a simple, tiny webservice that serves a contact form and sends responses
+via e-mail.
+
+== Usage
+
+The simplest way to use this is via docker:
+
+    docker run -d csmith/contact-form -from form@server.com -to me@email.com .....
+
+You should place this service behind an TLS-terminating proxy, and ensure it
+is requested over a secure connection.
+
+== Command line flags
+
+----
+  -crsf-key string
+        CRSF key to use
+  -from string
+        address to send e-mail from
+  -port int
+        port to listen on for connections (default 8080)
+  -smtp-host string
+        SMTP server to connect to
+  -smtp-pass string
+        password to supply to the SMTP server
+  -smtp-port int
+        port to use when connecting to the SMTP server (default 25)
+  -smtp-user string
+        username to supply to the SMTP server
+  -subject string
+        e-mail subject (default "Contact form submission")
+  -to string
+        address to send e-mail to
+----
+
+_from_, _to_, _smtp-host_, _smtp-user_, and _smtp-pass_ are required; other options have vaguely sensible fallbacks.
+
+== Templates
+
+The form itself is loaded from `form.html` in the working directory; success and failure pages from `success.html`
+and `failure.html` respectively. Each is loaded as a https://golang.org/pkg/html/template/[go html.template] and
+can use the templating syntax described there.
+
+The form must contain the `{{ .csrfField }}` template field, which will automatically insert the CSRF token for
+the request.
+
+== Licence
+
+This software is licensed under the MIT licence. See the LICENCE.adoc file for the full text.

failure.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html" charset="UTF-8"/>
+    <title>Contact me</title>
+    <style type="text/css">
+        .page {
+            width: 480px;
+            padding: 8% 0 0;
+            margin: auto;
+        }
+
+        .form {
+            position: relative;
+            z-index: 1;
+            background: #FFFFFF;
+            max-width: 360px;
+            margin: 0 auto 100px;
+            padding: 45px;
+            text-align: center;
+            box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.2), 0 5px 5px 0 rgba(0, 0, 0, 0.24);
+            font-family: sans-serif;
+        }
+    </style>
+</head>
+<body>
+<div class="page">
+    <div class="form">
+        Your message could not be sent at this time.
+        Please go back and try again.
+    </div>
+</div>
+</body>
+</html>

form.html

@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html" charset="UTF-8"/>
+    <title>Contact me</title>
+    <style type="text/css">
+        .page {
+            width: 640px;
+            padding: 8% 0 0;
+            margin: auto;
+        }
+
+        .form {
+            position: relative;
+            z-index: 1;
+            background: #FFFFFF;
+            max-width: 640px;
+            margin: 0 auto 100px;
+            padding: 25px 45px 35px 45px;
+            text-align: center;
+            box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.2), 0 5px 5px 0 rgba(0, 0, 0, 0.24);
+        }
+
+        .form input, .form textarea {
+            outline: 0;
+            background: #f2f2f2;
+            width: 100%;
+            border: 0;
+            margin: 0 0 15px;
+            padding: 15px;
+            box-sizing: border-box;
+            font-size: 14px;
+        }
+
+        .form textarea {
+            resize: vertical;
+        }
+
+        .form button {
+            text-transform: uppercase;
+            outline: 0;
+            background: #4CAF50;
+            width: 100%;
+            border: 0;
+            padding: 15px;
+            color: #FFFFFF;
+            font-size: 14px;
+            transition: all 0.3 ease;
+            cursor: pointer;
+        }
+
+        .form button:hover, .form button:active, .form button:focus {
+            background: #43A047;
+        }
+
+        h1 {
+            font-family: sans-serif;
+            font-variant: all-small-caps;
+            font-size: 1.4em;
+            margin: 0 0 0.9em 0;
+        }
+    </style>
+</head>
+<body>
+<div class="page">
+    <div class="form">
+        <form action="submit" method="post">
+            <h1>Contact me</h1>
+            {{ .csrfField }}
+            <input type="text" name="name" placeholder="Your name">
+            <input type="email" name="from" placeholder="Your e-mail address">
+            <textarea name="message" placeholder="Your message"></textarea>
+            <button>SEND</button>
+        </form>
+    </div>
+</div>
+</body>
+</html>

go.mod

@@ -0,0 +1,8 @@
+module contact-form
+
+go 1.12
+
+require (
+	github.com/gorilla/csrf v1.5.1 // indirect
+	github.com/gorilla/mux v1.7.1 // indirect
+)

go.sum

@@ -0,0 +1,9 @@
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/csrf v1.5.1 h1:UASc2+EB0T51tvl6/2ls2ciA8/qC7KdTO7DsOEKbttQ=
+github.com/gorilla/csrf v1.5.1/go.mod h1:HTDW7xFOO1aHddQUmghe9/2zTvg7AYCnRCs7MxTGu/0=
+github.com/gorilla/mux v1.7.1 h1:Dw4jY2nghMMRsh1ol8dv1axHkDwMQK2DHerMNJsIpJU=
+github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

main.go

@@ -0,0 +1,136 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"github.com/gorilla/csrf"
+	"github.com/gorilla/mux"
+	"html/template"
+	"log"
+	"math/rand"
+	"net/http"
+	"net/smtp"
+	"os"
+	"strings"
+)
+
+const (
+	csrfFieldName = "csrf.Token"
+)
+
+var (
+	fromAddress, toAddress, subject, smtpServer, smtpUsername, smtpPassword, csrfKey *string
+	smtpPort, port                                                                   *int
+	formTemplate, successTemplate, failureTemplate                                   *template.Template
+)
+
+func sendMail(replyTo, message string) bool {
+	auth := smtp.PlainAuth("", *smtpUsername, *smtpPassword, *smtpServer)
+	body := fmt.Sprintf("To: %s\r\nSubject: %s\r\nReply-to: %s\r\nFrom: Online contact form <%s>\r\n\r\n%s\r\n", *toAddress, *subject, replyTo, *fromAddress, message)
+	err := smtp.SendMail(fmt.Sprintf("%s:%d", *smtpServer, *smtpPort), auth, *fromAddress, []string{*toAddress}, []byte(body))
+	if err != nil {
+		log.Printf("Unable to send mail: %s", err)
+		return false
+	}
+	return true
+}
+
+func handleForm(rw http.ResponseWriter, req *http.Request) {
+	body := ""
+	for k, v := range req.Form {
+		if k != csrfFieldName {
+			body += fmt.Sprintf("%s:\r\n%s\r\n\r\n", strings.ToUpper(k), v[0])
+		}
+	}
+	if sendMail(req.Form.Get("from"), body) {
+		rw.Header().Add("Location", "success")
+	} else {
+		rw.Header().Add("Location", "failure")
+	}
+	rw.WriteHeader(http.StatusTemporaryRedirect)
+}
+
+func showForm(rw http.ResponseWriter, req *http.Request) {
+	_ = formTemplate.ExecuteTemplate(rw, "form.html", map[string]interface{}{
+		csrf.TemplateTag: csrf.TemplateField(req),
+	})
+}
+
+func showSuccess(rw http.ResponseWriter, req *http.Request) {
+	_ = successTemplate.ExecuteTemplate(rw, "success.html", map[string]interface{}{
+		csrf.TemplateTag: csrf.TemplateField(req),
+	})
+}
+
+func showFailure(rw http.ResponseWriter, req *http.Request) {
+	_ = failureTemplate.ExecuteTemplate(rw, "failure.html", map[string]interface{}{
+		csrf.TemplateTag: csrf.TemplateField(req),
+	})
+}
+
+func randomKey() string {
+	var runes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+	b := make([]rune, 32)
+	for i := range b {
+		b[i] = runes[rand.Intn(len(runes))]
+	}
+	return string(b)
+}
+
+func checkFlag(value string, name string) {
+	if len(value) == 0 {
+		_, _ = fmt.Fprintf(os.Stderr, "No %s specified\n", name)
+		flag.Usage()
+		os.Exit(1)
+	}
+}
+
+func loadTemplate(file string) (result *template.Template) {
+	var err error
+	result, err = template.ParseFiles(file)
+	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "Unable to load %s: %s\n", file, err.Error())
+		os.Exit(1)
+	}
+	return
+}
+
+func main() {
+	fromAddress = flag.String("from", "", "address to send e-mail from")
+	toAddress = flag.String("to", "", "address to send e-mail to")
+	subject = flag.String("subject", "Contact form submission", "e-mail subject")
+	smtpServer = flag.String("smtp-host", "", "SMTP server to connect to")
+	smtpPort = flag.Int("smtp-port", 25, "port to use when connecting to the SMTP server")
+	smtpUsername = flag.String("smtp-user", "", "username to supply to the SMTP server")
+	smtpPassword = flag.String("smtp-pass", "", "password to supply to the SMTP server")
+	csrfKey = flag.String("crsf-key", "", "CRSF key to use")
+	port = flag.Int("port", 8080, "port to listen on for connections")
+	flag.Parse()
+
+	checkFlag(*fromAddress, "from address")
+	checkFlag(*toAddress, "to address")
+	checkFlag(*smtpServer, "SMTP server")
+	checkFlag(*smtpUsername, "SMTP username")
+	checkFlag(*smtpPassword, "SMTP password")
+
+	if len(*csrfKey) != 32 {
+		newKey := randomKey()
+		csrfKey = &newKey
+	}
+
+	formTemplate = loadTemplate("form.html")
+	successTemplate = loadTemplate("success.html")
+	failureTemplate = loadTemplate("failure.html")
+
+	r := mux.NewRouter()
+	r.HandleFunc("/", showForm).Methods("GET")
+	r.HandleFunc("/success", showSuccess).Methods("GET")
+	r.HandleFunc("/failure", showFailure).Methods("GET")
+	r.HandleFunc("/submit", handleForm).Methods("POST")
+
+	CSRF := csrf.Protect([]byte(*csrfKey), csrf.FieldName(csrfFieldName))
+	err := http.ListenAndServe(fmt.Sprintf(":%d", *port), CSRF(r))
+	if err != nil {
+		_, _ = fmt.Fprintf(os.Stderr, "Unable to listen on port %d: %s\n", *port, err.Error())
+	}
+}

success.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta http-equiv="Content-Type" content="text/html" charset="UTF-8"/>
+    <title>Contact me</title>
+    <style type="text/css">
+        .page {
+            width: 480px;
+            padding: 8% 0 0;
+            margin: auto;
+        }
+
+        .form {
+            position: relative;
+            z-index: 1;
+            background: #FFFFFF;
+            max-width: 360px;
+            margin: 0 auto 100px;
+            padding: 45px;
+            text-align: center;
+            box-shadow: 0 0 20px 0 rgba(0, 0, 0, 0.2), 0 5px 5px 0 rgba(0, 0, 0, 0.24);
+            font-family: sans-serif;
+        }
+    </style>
+</head>
+<body>
+<div class="page">
+    <div class="form">
+        Your message has been sent. Thank you!
+    </div>
+</div>
+</body>
+</html>