diff --git a/endpoints/contact.post.py b/endpoints/contact.post.py index 7bd246d..7831b01 100644 --- a/endpoints/contact.post.py +++ b/endpoints/contact.post.py @@ -11,6 +11,12 @@ async def create_contact_submission( contact_data: ContactCreate, db: Session = Depends(get_db) ): + """Create a new contact submission with email validation""" + # Sanitize input data sanitized_data = sanitize_contact_data(contact_data) + + # Create contact using helper function contact = create_contact(db=db, contact_data=sanitized_data) + + # Format response return format_contact_response(contact) \ No newline at end of file diff --git a/helpers/contact_helpers.py b/helpers/contact_helpers.py index 5973f6e..b8d4bb2 100644 --- a/helpers/contact_helpers.py +++ b/helpers/contact_helpers.py @@ -1,12 +1,13 @@ from typing import Dict from sqlalchemy.orm import Session from fastapi import HTTPException +from email_validator import validate_email, EmailNotValidError from models.contact import Contact from schemas.contact import ContactCreate, ContactSchema def validate_contact_data(contact_data: ContactCreate) -> Dict[str, str]: """ - Validates contact form submission data. + Validates contact form submission data with enhanced email validation. Args: contact_data (ContactCreate): The contact form data to validate. @@ -24,6 +25,12 @@ def validate_contact_data(contact_data: ContactCreate) -> Dict[str, str]: if not contact_data.email: errors["email"] = "Email is required" + else: + try: + # Validate email format using email-validator + validate_email(contact_data.email) + except EmailNotValidError as e: + errors["email"] = str(e) if not contact_data.message or not contact_data.message.strip(): errors["message"] = "Message is required" @@ -68,21 +75,34 @@ def create_contact(db: Session, contact_data: ContactCreate) -> Contact: def sanitize_contact_data(contact_data: ContactCreate) -> ContactCreate: """ - Sanitizes contact form input data. + Sanitizes contact form input data and ensures email format. Args: contact_data (ContactCreate): The raw contact form data. Returns: ContactCreate: The sanitized contact form data. + + Raises: + HTTPException: If email format is invalid after sanitization. """ - # Create a new dict with sanitized values - sanitized_data = ContactCreate( - name=contact_data.name.strip(), - email=contact_data.email.strip().lower(), - message=contact_data.message.strip() - ) - return sanitized_data + try: + # Sanitize and validate email + email = contact_data.email.strip().lower() + validate_email(email) + + # Create a new dict with sanitized values + sanitized_data = ContactCreate( + name=contact_data.name.strip(), + email=email, + message=contact_data.message.strip() + ) + return sanitized_data + except EmailNotValidError as e: + raise HTTPException( + status_code=400, + detail={"message": "Invalid email format", "error": str(e)} + ) def format_contact_response(contact: Contact) -> ContactSchema: """ diff --git a/schemas/contact.py b/schemas/contact.py index cde746b..9d8a1d1 100644 --- a/schemas/contact.py +++ b/schemas/contact.py @@ -5,7 +5,7 @@ from uuid import UUID class ContactBase(BaseModel): name: str = Field(..., min_length=1, max_length=255, description="Contact name") - email: EmailStr = Field(..., description="Contact email address") + email: EmailStr = Field(..., description="Contact email address", regex=r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$") message: str = Field(..., min_length=1, description="Contact message") class ContactCreate(ContactBase): @@ -13,7 +13,7 @@ class ContactCreate(ContactBase): class ContactUpdate(BaseModel): name: Optional[str] = Field(None, min_length=1, max_length=255, description="Contact name") - email: Optional[EmailStr] = Field(None, description="Contact email address") + email: Optional[EmailStr] = Field(None, description="Contact email address", regex=r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$") message: Optional[str] = Field(None, min_length=1, description="Contact message") class ContactSchema(ContactBase):