feat(api): add contact form endpoint for website enquiries

Add POST /api/v1/contact endpoint to handle contact form submissions from the marketing website. Includes: - ContactSchema for validation with HTML sanitization - Honeypot field for spam protection - Rate limiting (5 per hour) - Email notification to info@secuird.tech via NotificationService
2026-04-17 15:55:19 +09:30
parent 7480e9d62b
commit 29d54ca109
4 changed files with 188 additions and 1 deletions
@@ -0,0 +1,51 @@
+"""Contact form validation schemas."""
+import logging
+import re
+
+from marshmallow import Schema, fields, validate, validates_schema, ValidationError
+
+logger = logging.getLogger(__name__)
+
+
+class ContactSchema(Schema):
+    """Schema for contact form submissions."""
+
+    email = fields.Email(required=True)
+    name = fields.Str(
+        allow_none=True,
+        load_default=None,
+        validate=validate.Length(max=255),
+    )
+    company = fields.Str(
+        allow_none=True,
+        load_default=None,
+        validate=validate.Length(max=255),
+    )
+    enquiry_type = fields.Str(
+        required=True,
+        validate=validate.OneOf(["demo_request", "sales_enquiry", "general", "support"]),
+    )
+    message = fields.Str(
+        allow_none=True,
+        load_default=None,
+        validate=validate.Length(max=2000),
+    )
+    interest_area = fields.Str(
+        allow_none=True,
+        load_default=None,
+        validate=validate.Length(max=100),
+    )
+    _hp = fields.Str(
+        allow_none=True,
+        load_default=None,
+        load_from="_hp",
+    )
+
+    @validates_schema
+    def sanitize_html(self, data, **kwargs):
+        """Strip HTML tags from all text fields to prevent XSS."""
+        text_fields = ["name", "company", "message", "interest_area"]
+        for field in text_fields:
+            value = data.get(field)
+            if value and isinstance(value, str):
+                data[field] = re.sub(r"<[^>]*>", "", value)