X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fmessages.js;h=441abdb3bcfd97c14aada886108c8c342891aea2;hb=2bb4666e276e837add0958554a11b38f7f4d9357;hp=74ec8bd41c375dcdfa99520c2d9e032a3474231b;hpb=625022fdcf750f0aff8fcd699f7e9b89730e1d10;p=vchess.git

diff --git a/server/routes/messages.js b/server/routes/messages.js
index 74ec8bd4..441abdb3 100644
--- a/server/routes/messages.js
+++ b/server/routes/messages.js
@@ -1,22 +1,18 @@
-// Router for contact form sending
-
 let router = require("express").Router();
-const mailer = require(__dirname.replace("/routes", "/utils/mailer"));
+const access = require("../utils/access");
+const sendEmail = require("../utils/mailer");
+const params = require("../config/parameters");
 
 // Send a message through contact form
-router.post("/messages", (req,res,next) => {
-	if (!req.xhr)
-		return res.json({errmsg: "Unauthorized access"});
-	const from = req.body["email"];
-	const subject = req.body["subject"];
-	const body = req.body["body"];
-	// TODO: sanitize ?
-	mailer.send(from, mailer.contact, subject, body, err => {
-		if (!!err)
-			return res.json({errmsg:err});
-		// OK, everything fine
-		res.json({}); //ignored
-	});
+router.post("/messages", access.ajax, (req,res) => {
+  const from = req.body["email"];
+  // Replace potential newline characters in subject
+  const subject = req.body["subject"].replace(/\r?\n|\r/g, " ");
+  const body = req.body["content"];
+
+  sendEmail(from, params.mail.contact, subject, body, err => {
+    res.json(err || {});
+  });
 });
 
 module.exports = router;