web-dev-path/pages/api/validateReCaptcha.js at 41862517ced6035f1da2c1e92da0a697ccb36e3f · Web-Dev-Path/web-dev-path · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import sendEmail from './sendEmail.js';
import { subscribeToMailchimp } from '../../lib/mailchimp';

export default async function handler(req, res) {
  const { method } = req;

  if (method === 'POST') {
    const SECRET_KEY = process.env.RECAPTCHA_SECRET_KEY;
    // Extract the email, name, and captcha code from the request body
    // in case it is a call from the ContactUsForm, it will contain
    // data used to send email, as well
    const { name, email, subject, message, subscribe, gReCaptchaToken } =
      req.body;

    // If email or captcha are missing return an error
    if (!email || !name || !gReCaptchaToken) {
      return res.status(422).json({
        message: 'Unprocessable request, please provide the required fields',
      });
    }

    // Validate email format
    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
    if (!emailRegex.test(email)) {
      return res.status(422).json({
        message: 'Invalid email format',
      });
    }

    // Validate name length (max 100 characters)
    if (name.length > 100) {
      return res.status(422).json({
        message: 'Name must be 100 characters or less',
      });
    }

    // Validate message length if provided (max 5000 characters)
    if (message && message.length > 5000) {
      return res.status(422).json({
        message: 'Message must be 5000 characters or less',
      });
    }

    try {
      // Ping the google recaptcha verify API to verify the captcha code you received
      const response = await fetch(
        `https://www.google.com/recaptcha/api/siteverify?secret=${SECRET_KEY}&response=${gReCaptchaToken}`,
        {
          headers: {
            'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8',
          },
          method: 'POST',
        },
      );
      const captchaValidation = await response.json();
      if (captchaValidation.success) {
        // in case this call is coming from ContactUsForm, it will send an email too
        if (subject || message) {
          // it sends the email
          const sendEmailOK = await sendEmail(
            email,
            name,
            subject,
            message,
            subscribe,
          );

          if (sendEmailOK.status !== 'okay') {
            return res.status(400).json({ message: sendEmailOK.message });
          }
        }

        if (subscribe) {
          const result = await subscribeToMailchimp(email, name);
          if (!result.success) {
            console.error('Mailchimp subscribe failed: ', result.error);
            return res
              .status(400)
              .json({ message: result.error?.detail || 'Subscription failed' });
          }
        }

        // Return 200 if everything is successful
        return res.status(200).send('OK');
      }

      return res.status(422).json({
        message: 'Unprocessable request, Invalid captcha code',
      });
    } catch (error) {
      console.log(error);
      return res.status(422).json({ message: 'Something went wrong' });
    }
  }
  // Return 404 if someone pings the API with a method other than
  // POST
  return res.status(404).send('Not found');
}