public
/
contact-form
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
contact-form/main.go

main.go 5.7KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190 
  1. package main

  2. 

  3. import (

  4. 	"flag"

  5. 	"fmt"

  6. 	"github.com/gorilla/csrf"

  7. 	"github.com/gorilla/mux"

  8. 	"github.com/gorilla/sessions"

  9. 	"github.com/jamiealquiza/envy"

  10. 	"html/template"

  11. 	"log"

  12. 	"math/rand"

  13. 	"net/http"

  14. 	"net/smtp"

  15. 	"os"

  16. 	"strings"

  17. )

  18. 

  19. const (

  20. 	csrfFieldName = "csrf.Token"

  21. 	sessionName   = "contactform"

  22. 	bodyKey       = "body"

  23. 	replyToKey    = "replyTo"

  24. 	captchaKey    = "captchaId"

  25. )

  26. 

  27. var (

  28. 	fromAddress, toAddress, subject        *string

  29. 	smtpServer, smtpUsername, smtpPassword *string

  30. 	csrfKey, sessionKey                    *string

  31. 	smtpPort, port                         *int

  32. 	enableCaptcha                          *bool

  33. 	store                                  *sessions.CookieStore

  34. 	formTemplate                           *template.Template

  35. 	captchaTemplate                        *template.Template

  36. 	successTemplate, failureTemplate       *template.Template

  37. )

  38. 

  39. func sendMail(replyTo, message string) bool {

  40. 	auth := smtp.PlainAuth("", *smtpUsername, *smtpPassword, *smtpServer)

  41. 	body := fmt.Sprintf("To: %s\r\nSubject: %s\r\nReply-to: %s\r\nFrom: Online contact form <%s>\r\n\r\n%s\r\n", *toAddress, *subject, replyTo, *fromAddress, message)

  42. 	err := smtp.SendMail(fmt.Sprintf("%s:%d", *smtpServer, *smtpPort), auth, *fromAddress, []string{*toAddress}, []byte(body))

  43. 	if err != nil {

  44. 		log.Printf("Unable to send mail: %s", err)

  45. 		return false

  46. 	}

  47. 	return true

  48. }

  49. 

  50. func handleSubmit(rw http.ResponseWriter, req *http.Request) {

  51. 	body := ""

  52. 	for k, v := range req.Form {

  53. 		if k != csrfFieldName {

  54. 			body += fmt.Sprintf("%s:\r\n%s\r\n\r\n", strings.ToUpper(k), v[0])

  55. 		}

  56. 	}

  57. 

  58. 	replyTo := req.Form.Get("from")

  59. 	replyTo = strings.ReplaceAll(replyTo, "\n", "")

  60. 	replyTo = strings.ReplaceAll(replyTo, "\r", "")

  61. 

  62. 	if *enableCaptcha {

  63. 		beginCaptcha(rw, req, body, replyTo)

  64. 	} else if sendMail(replyTo, body) {

  65. 		rw.Header().Add("Location", "success")

  66. 		rw.WriteHeader(http.StatusSeeOther)

  67. 	} else {

  68. 		rw.Header().Add("Location", "failure")

  69. 		rw.WriteHeader(http.StatusSeeOther)

  70. 	}

  71. }

  72. 

  73. func showForm(rw http.ResponseWriter, req *http.Request) {

  74. 	params := make(map[string]string)

  75. 

  76. 	for k, vs := range req.URL.Query() {

  77. 		if len(vs) == 1 {

  78. 			params[k] = vs[0]

  79. 		}

  80. 	}

  81. 

  82. 	_ = formTemplate.ExecuteTemplate(rw, "form.html", map[string]interface{}{

  83. 		csrf.TemplateTag: csrf.TemplateField(req),

  84. 		"params":         params,

  85. 	})

  86. }

  87. 

  88. func showSuccess(rw http.ResponseWriter, req *http.Request) {

  89. 	_ = successTemplate.ExecuteTemplate(rw, "success.html", map[string]interface{}{

  90. 		csrf.TemplateTag: csrf.TemplateField(req),

  91. 	})

  92. }

  93. 

  94. func showFailure(rw http.ResponseWriter, req *http.Request) {

  95. 	_ = failureTemplate.ExecuteTemplate(rw, "failure.html", map[string]interface{}{

  96. 		csrf.TemplateTag: csrf.TemplateField(req),

  97. 	})

  98. }

  99. 

  100. func randomKey() string {

  101. 	var runes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")

  102. 	b := make([]rune, 32)

  103. 	for i := range b {

  104. 		b[i] = runes[rand.Intn(len(runes))]

  105. 	}

  106. 	return string(b)

  107. }

  108. 

  109. func checkFlag(value string, name string) {

  110. 	if len(value) == 0 {

  111. 		_, _ = fmt.Fprintf(os.Stderr, "No %s specified\n", name)

  112. 		flag.Usage()

  113. 		os.Exit(1)

  114. 	}

  115. }

  116. 

  117. func loadTemplate(file string) (result *template.Template) {

  118. 	var err error

  119. 	result, err = template.ParseFiles(file)

  120. 	if err != nil {

  121. 		_, _ = fmt.Fprintf(os.Stderr, "Unable to load %s: %s\n", file, err.Error())

  122. 		os.Exit(1)

  123. 	}

  124. 	return

  125. }

  126. 

  127. func main() {

  128. 	fromAddress = flag.String("from", "", "address to send e-mail from")

  129. 	toAddress = flag.String("to", "", "address to send e-mail to")

  130. 	subject = flag.String("subject", "Contact form submission", "e-mail subject")

  131. 	smtpServer = flag.String("smtp-host", "", "SMTP server to connect to")

  132. 	smtpPort = flag.Int("smtp-port", 25, "port to use when connecting to the SMTP server")

  133. 	smtpUsername = flag.String("smtp-user", "", "username to supply to the SMTP server")

  134. 	smtpPassword = flag.String("smtp-pass", "", "password to supply to the SMTP server")

  135. 	csrfKey = flag.String("crsf-key", "", "CRSF key to use")

  136. 	sessionKey = flag.String("session-key", "", "Session key to use (for captcha support)")

  137. 	enableCaptcha = flag.Bool("enable-captcha", false, "Whether to require captchas to be completed")

  138. 	port = flag.Int("port", 8080, "port to listen on for connections")

  139. 

  140. 	envy.Parse("CONTACT")

  141. 	flag.Parse()

  142. 

  143. 	checkFlag(*fromAddress, "from address")

  144. 	checkFlag(*toAddress, "to address")

  145. 	checkFlag(*smtpServer, "SMTP server")

  146. 	checkFlag(*smtpUsername, "SMTP username")

  147. 	checkFlag(*smtpPassword, "SMTP password")

  148. 

  149. 	if len(*csrfKey) != 32 {

  150. 		newKey := randomKey()

  151. 		csrfKey = &newKey

  152. 	}

  153. 

  154. 	if len(*sessionKey) != 32 {

  155. 		newKey := randomKey()

  156. 		sessionKey = &newKey

  157. 	}

  158. 

  159. 	store = sessions.NewCookieStore([]byte(*sessionKey))

  160. 	store.Options =  &sessions.Options{

  161. 		MaxAge:   0,

  162. 		Secure:   true, // Set to false for local development

  163. 		HttpOnly: true,

  164. 		SameSite: http.SameSiteStrictMode,

  165. 	}

  166. 

  167. 	formTemplate = loadTemplate("form.html")

  168. 	captchaTemplate = loadTemplate("captcha.html")

  169. 	successTemplate = loadTemplate("success.html")

  170. 	failureTemplate = loadTemplate("failure.html")

  171. 

  172. 	r := mux.NewRouter()

  173. 	r.HandleFunc("/", showForm).Methods("GET")

  174. 	r.HandleFunc("/success", showSuccess).Methods("GET")

  175. 	r.HandleFunc("/failure", showFailure).Methods("GET")

  176. 	r.HandleFunc("/submit", handleSubmit).Methods("POST")

  177. 

  178. 	// Captcha endpoints

  179. 	r.HandleFunc("/captcha", showCaptcha).Methods("GET")

  180. 	r.HandleFunc("/captcha.png", writeCaptchaImage).Methods("GET")

  181. 	r.HandleFunc("/captcha.wav", writeCaptchaAudio).Methods("GET")

  182. 	r.HandleFunc("/solve", handleSolve).Methods("POST")

  183. 

  184. 	// If developing locally, you'll need to pass csrf.Secure(false) as an argument below.

  185. 	CSRF := csrf.Protect([]byte(*csrfKey), csrf.FieldName(csrfFieldName))

  186. 	err := http.ListenAndServe(fmt.Sprintf(":%d", *port), CSRF(r))

  187. 	if err != nil {

  188. 		_, _ = fmt.Fprintf(os.Stderr, "Unable to listen on port %d: %s\n", *port, err.Error())

  189. 	}

  190. }