RamakrushnaBiswal · PriyanshuValiya · Oct 24, 2024 · Oct 26, 2024 · coderabbitai · Oct 26, 2024
diff --git a/backend/controller/contact.controller.js b/backend/controller/contact.controller.js
@@ -0,0 +1,84 @@
+const { z } = require("zod");
+const nodemailer = require("nodemailer");
+const logger = require("../utils/logger");
+require("dotenv").config();
+
+const requiredEnvVars = ["EMAIL_USER", "EMAIL_PASS"];
+const missingEnvVars = requiredEnvVars.filter((envVar) => !process.env[envVar]);
+
+if (missingEnvVars.length > 0) {
+  throw new Error(
+    `Missing required environment variables: ${missingEnvVars.join(", ")}`
+  );
+}
+
+// Define the Zod schema for contact form validation
+const contactSchema = z.object({
+  mail: z.string().email(),
+  subject: z.string().min(5, "Subject must be at least 5 characters long."),
+  message: z.string().min(5, "Message must be at least 5 characters long."),
+});
+
+const createContactUs = async (req, res) => {
+  const validation = contactSchema.safeParse(req.body);
+
+  if (!validation.success) {
+    console.error("Error at validation");
+    return res.status(400).json({
+      status: "error",
+      errors: validation.error.errors,
+    });
+  }
+
+  const { mail, subject, message } = req.body;
+
+  try {
+    const transporter = nodemailer.createTransport({
+      service: "gmail",
+      host: "smtp.gmail.com",
+      port: 587,
+      secure: false,
+      auth: {
+        user: process.env.EMAIL_USER,
+        pass: process.env.EMAIL_PASS,
+      },
+      tls: {
+        rejectUnauthorized: false, // Disable strict SSL verification
+      },
+    });
+
+    const sanitizeInput = (str) => {
+      return str.replace(/[<>]/g, "").trim();
+    };
+
+    const mailOptions = {
+      from: `"Contact Form" <${process.env.EMAIL_USER}>`,
+      replyTo: sanitizeInput(mail),
+      to: process.env.EMAIL_USER,
+      subject: sanitizeInput(subject),
+      text: sanitizeInput(message),
+    };
+
+    // Use built-in promise interface
+    await transporter.sendMail(mailOptions);
-    await transporter.sendMail(mailOptions);
+    await transporter.sendMail(mailOptions);
+    res.status(200).json({
+      status: "success",
+      message: "Your message has been sent successfully.",
+    });
-    await transporter.sendMail(mailOptions);
+    await transporter.sendMail(mailOptions);
+    res.status(200).json({
+      status: "success",
+      message: "Your message has been sent successfully.",
+    });
+  } catch (err) {
+    logger.error("Validation failed", {
+      errors: validation.error.errors,
+      requestId: req.id,
+    });
+
+    const statusCode = err.code === "EAUTH" ? 401 : 500;
+    const errorMessage =
+      process.env.NODE_ENV === "production"
+        ? "There was an error sending your message. Please try again later."
+        : err.message;
+
+    res.status(statusCode).json({
+      status: "error",
+      message: errorMessage,
+      requestId: req.id,
+    });
+  }
+};
+
+module.exports = { createContactUs };
diff --git a/backend/routes/contactUsRouter.js b/backend/routes/contactUsRouter.js
@@ -0,0 +1,46 @@
+const express = require("express");
+const router = express.Router();
+const { createContactUs } = require("../controller/contact.controller");
+const rateLimit = require("express-rate-limit");
+const { body } = require("express-validator");
-const express = require("express");
-const router = express.Router();
-const { createContactUs } = require("../controller/contact.controller");
-const rateLimit = require("express-rate-limit");
-const { body } = require("express-validator");
+const express = require("express");
+const router = express.Router();
+const { createContactUs } = require("../controller/contact.controller");
+const rateLimit = require("express-rate-limit");
+const { body, validationResult } = require("express-validator");
-const express = require("express");
-const router = express.Router();
-const { createContactUs } = require("../controller/contact.controller");
-const rateLimit = require("express-rate-limit");
-const { body } = require("express-validator");
+const express = require("express");
+const router = express.Router();
+const { createContactUs } = require("../controller/contact.controller");
+const rateLimit = require("express-rate-limit");
+const { body, validationResult } = require("express-validator");
+
+// Error handling middleware
+router.use((err, req, res, next) => {
+  console.error(err.stack);
+  const statusCode = err.statusCode || 500;
+  const errorType = err.type || "InternalServerError";
+  res.status(500).json({
+    status: "error",
+    message: err.message || "An error occurred processing your request",
+    type: errorType,
+    ...(process.env.NODE_ENV === "development" && { stack: err.stack }),
+  });
+});
-router.use((err, req, res, next) => {
-  console.error(err.stack);
-  const statusCode = err.statusCode || 500;
-  const errorType = err.type || "InternalServerError";
-  res.status(500).json({
-    status: "error",
-    message: err.message || "An error occurred processing your request",
-    type: errorType,
-    ...(process.env.NODE_ENV === "development" && { stack: err.stack }),
-  });
-});
+router.use((err, req, res, next) => {
+  console.error(err.stack);
+  const statusCode = err.statusCode || 500;
+  const errorType = err.type || "InternalServerError";
+  res.status(statusCode).json({
+    status: "error",
+    message: err.message || "An error occurred processing your request",
+    type: errorType,
+    ...(process.env.NODE_ENV === "development" && { stack: err.stack }),
+  });
+});
-router.use((err, req, res, next) => {
-  console.error(err.stack);
-  const statusCode = err.statusCode || 500;
-  const errorType = err.type || "InternalServerError";
-  res.status(500).json({
-    status: "error",
-    message: err.message || "An error occurred processing your request",
-    type: errorType,
-    ...(process.env.NODE_ENV === "development" && { stack: err.stack }),
-  });
-});
+router.use((err, req, res, next) => {
+  console.error(err.stack);
+  const statusCode = err.statusCode || 500;
+  const errorType = err.type || "InternalServerError";
+  res.status(statusCode).json({
+    status: "error",
+    message: err.message || "An error occurred processing your request",
+    type: errorType,
+    ...(process.env.NODE_ENV === "development" && { stack: err.stack }),
+  });
+});
+
+const contactFormLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 5, // limit each IP to 5 requests per window
+  message: {
+    status: "error",
+    message: "Too many requests, please try again later",
+  },
+});
+
+router.post(
+  "/",
+  contactFormLimiter,
+  [
+    body("email").isEmail().normalizeEmail(),
+    body("name").trim().isLength({ min: 2 }).escape(),
+    body("message").trim().isLength({ min: 10, max: 1000 }).escape(),
+  ],
+  async (req, res, next) => {
+    const errors = validationResult(req);
+    if (!errors.isEmpty()) {
+      return res.status(400).json({ status: "error", errors: errors.array() });
+    }
+    await createContactUs(req, res, next);
+  }
-  async (req, res, next) => {
-    const errors = validationResult(req);
-    if (!errors.isEmpty()) {
-      return res.status(400).json({ status: "error", errors: errors.array() });
-    }
-    await createContactUs(req, res, next);
-  }
+  async (req, res, next) => {
+    try {
+      const errors = validationResult(req);
+      if (!errors.isEmpty()) {
+        return res.status(400).json({ status: "error", errors: errors.array() });
+      }
+      await createContactUs(req, res, next);
+    } catch (error) {
+      next(error);
+    }
+  }
-  async (req, res, next) => {
-    const errors = validationResult(req);
-    if (!errors.isEmpty()) {
-      return res.status(400).json({ status: "error", errors: errors.array() });
-    }
-    await createContactUs(req, res, next);
-  }
+  async (req, res, next) => {
+    try {
+      const errors = validationResult(req);
+      if (!errors.isEmpty()) {
+        return res.status(400).json({ status: "error", errors: errors.array() });
+      }
+      await createContactUs(req, res, next);
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+module.exports = router;
diff --git a/backend/routes/index.js b/backend/routes/index.js
@@ -1,57 +1,99 @@
 const express = require("express");
-const logger = require("../config/logger"); // Import your Winston logger
+const logger = require("../config/logger"); // Import Winston logger
 require("dotenv").config();
 
-const config = {
-  JWT_SECRET: process.env.JWT_SECRET,
-  GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
-  GOOGLE_CLIENT_SECRET: process.env.GOOGLE_CLIENT_SECRET,
+const router = express.Router();
+
+// Utility function to safely load modules and handle errors
+const safeRequire = (modulePath, fallbackMessage) => {
+  try {
+    return require(modulePath);
+  } catch (error) {
+    const errorDetails = {
+      module: modulePath.split("/").pop(),
+      message: error.message,
+      stack: process.env.NODE_ENV === "development" ? error.stack : undefined,
+    };
+    logger.error("Module loading error:", errorDetails);
+
+    // Return a pre-defined handler to avoid creating closures
+    return safeRequire.errorHandler(fallbackMessage);
+  }
 };
 
-const router = express.Router();
+// Pre-defined error handler to avoid creating closures
+safeRequire.errorHandler = (message) => (req, res) => {
+  res.status(503).json({
+    status: "error",
+    message:
+      process.env.NODE_ENV === "production"
+        ? message
+        : `Service unavailable: ${message}`,
+  });
+};
 
-let feedbackRouter;
-
-try {
-  feedbackRouter = require("./feedbackRouter");
-} catch (error) {
-  logger.error("Error loading feedbackRouter:", error); // Log the error with Winston
-  feedbackRouter = (req, res) => {
-    res
-      .status(500)
-      .json({ error: "Feedback functionality is currently unavailable" });
-  };
-}
-
-let eventRouter;
-try {
-  eventRouter = require("./eventRouter");
-} catch (error) {
-  logger.error("Error loading eventRouter:", error); // Log the error with Winston
-  eventRouter = (req, res) => {
-    res
-      .status(500)
-      .json({ error: "Event functionality is currently unavailable" });
-  };
-}
+// Safely load routers with error handling
+const feedbackRouter = safeRequire(
+  "./feedbackRouter",
+  "Feedback functionality is currently unavailable"
+);
+const contactUsRouter = safeRequire(
+  "./contactUsRouter",
+  "Contact Us functionality is currently unavailable"
+);
+const eventRouter = safeRequire(
+  "./eventRouter",
+  "Event functionality is currently unavailable"
+);
 
 router.get("/", (req, res) => {
   return res.json({
     message: "Welcome to the restaurant API!",
     version: "1.0.0",
     endpoints: {
       Reservation: "/reservation",
-      Feedback: "/feedback", // Added feedback endpoint documentation
+      Feedback: "/feedback",
     },
     documentation: "https://api-docs-url.com",
   });
 });
 
-
-router.get("/", (req, res) => {
-  return res.json({
-    message: "Welcome to the restaurant API!",
-    version: "1.0.0",
-    endpoints: {
-      Reservation: "/reservation",
-      Feedback: "/feedback", // Added feedback endpoint documentation
-      Feedback: "/feedback",
-    },
-    documentation: "https://api-docs-url.com",
-  });
-});
+router.get("/", (req, res) => {
+  return res.json({
+    message: "Welcome to the restaurant API!",
+    version: "1.0.0",
+    endpoints: {
+      Reservation: "/reservation",
+      Feedback: "/feedback",
+      Contact: "/contact",
+    },
+    documentation: "https://api-docs-url.com",
+  });
+});
-
-router.get("/", (req, res) => {
-  return res.json({
-    message: "Welcome to the restaurant API!",
-    version: "1.0.0",
-    endpoints: {
-      Reservation: "/reservation",
-      Feedback: "/feedback", // Added feedback endpoint documentation
-      Feedback: "/feedback",
-    },
-    documentation: "https://api-docs-url.com",
-  });
-});
+router.get("/", (req, res) => {
+  return res.json({
+    message: "Welcome to the restaurant API!",
+    version: "1.0.0",
+    endpoints: {
+      Reservation: "/reservation",
+      Feedback: "/feedback",
+      Contact: "/contact",
+    },
+    documentation: "https://api-docs-url.com",
+  });
+});
+// Authentication routes
+router.use(
+  "/admin",
+  safeRequire("./adminRouter", "Admin functionality is currently unavailable")
+);
+router.use(
+  "/user",
+  safeRequire("./customerRouter", "User functionality is currently unavailable")
+);
+router.use(
+  "/forgot",
+  safeRequire(
+    "./forgotRouter",
+    "Forgot password functionality is currently unavailable"
+  )
+);
+
+// Core feature routes
+router.use(
+  "/reservation",
+  safeRequire(
+    "./reservationRouter",
+    "Reservation functionality is currently unavailable"
+  )
+);
 router.use("/event", eventRouter);
-router.use("/admin", require("./adminRouter"));
+
+// Feedback and communication routes
 router.use("/feedback", feedbackRouter);
-router.use("/user", require("./customerRouter"));
-router.use("/reservation", require("./reservationRouter"));
-router.use("/newsletter", require("./newsletterRoute"));
-router.use("/forgot", require("./forgotRouter"));
+router.use("/contact", contactUsRouter);
+router.use(
+  "/newsletter",
+  safeRequire(
+    "./newsletterRoute",
+    "Newsletter functionality is currently unavailable"
+  )
+);
+
 module.exports = router;