agentcraft/website/src/pages/api/subscribe.ts at 0c14faa33c94d2da7092b616edbfe314127212f1 · CamelCod/agentcraft · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import type { APIRoute } from 'astro';
import { addLead } from '../../lib/notion';
import { sendWelcomeEmail, sendResourceEmail } from '../../lib/email';

export const POST: APIRoute = async ({ request }) => {
  try {
    // Parse request body
    const body = await request.json();
    const { email, name, source, resourceDownloaded, downloadLink } = body;

    // Validate email
    if (!email || !isValidEmail(email)) {
      return new Response(
        JSON.stringify({ error: 'Invalid email address' }),
        { status: 400, headers: { 'Content-Type': 'application/json' } }
      );
    }

    // Validate source
    const validSources = ['Blog', 'Analysis', 'Resource', 'Newsletter'];
    if (!source || !validSources.includes(source)) {
      return new Response(
        JSON.stringify({ error: 'Invalid source' }),
        { status: 400, headers: { 'Content-Type': 'application/json' } }
      );
    }

    // Validate download link if provided (prevent open redirect vulnerabilities)
    if (downloadLink && !isValidDownloadLink(downloadLink)) {
      return new Response(
        JSON.stringify({ error: 'Invalid download link' }),
        { status: 400, headers: { 'Content-Type': 'application/json' } }
      );
    }

    // Add lead to Notion
    const leadAdded = await addLead(
      email,
      name || '',
      source,
      resourceDownloaded || ''
    );

    if (!leadAdded) {
      console.error('Failed to add lead to Notion');
      // Continue anyway, don't fail the user experience
    }

    // Send appropriate email
    let emailSent = false;
    if (resourceDownloaded && source === 'Resource' && downloadLink) {
      emailSent = await sendResourceEmail(
        email,
        name || 'there',
        resourceDownloaded,
        downloadLink
      );
    } else {
      emailSent = await sendWelcomeEmail(email, name || 'there');
    }

    if (!emailSent) {
      console.error('Failed to send email');
      // Continue anyway, don't fail the user experience
    }

    return new Response(
      JSON.stringify({
        success: true,
        message: 'Successfully subscribed!'
      }),
      {
        status: 200,
        headers: { 'Content-Type': 'application/json' }
      }
    );
  } catch (error) {
    console.error('Error in subscribe endpoint:', error);
    return new Response(
      JSON.stringify({
        error: 'Internal server error',
        message: 'Failed to process subscription'
      }),
      {
        status: 500,
        headers: { 'Content-Type': 'application/json' }
      }
    );
  }
};

// Email validation helper
function isValidEmail(email: string): boolean {
  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
  return emailRegex.test(email);
}

// URL validation helper to prevent open redirects
function isValidDownloadLink(url: string): boolean {
  try {
    const parsedUrl = new URL(url);
    // Allow only http/https protocols
    if (!['http:', 'https:'].includes(parsedUrl.protocol)) {
      return false;
    }
    // Optionally, you could add allowlist of domains here
    return true;
  } catch {
    // If URL parsing fails, it's invalid
    return false;
  }
}