Enhance API functionality and security: Added rate limiting and domain validation across multiple API endpoints, improved error handling for missing or invalid parameters, and refactored email handling in contact form for better security and maintainability. Updated README.md with production build instructions and prerequisites.
This commit is contained in:
smueller
64
backend/config/contact-config.php
Normal file
64
backend/config/contact-config.php
Normal file
@@ -0,0 +1,64 @@
|
||||
<?php
|
||||
/**
|
||||
* Zentrale Betreff-Konfiguration für das Kontaktformular
|
||||
*/
|
||||
|
||||
/**
|
||||
* @return array<string, string> Betreff-Schlüssel => Anzeigename
|
||||
*/
|
||||
function getContactSubjectMap(): array {
|
||||
return [
|
||||
'allgemeine-anfrage' => 'Allgemeine Anfrage',
|
||||
'vpc-anfrage' => 'Virtual Private Container Anfrage',
|
||||
'vps-anfrage' => 'Virtual Private Server Anfrage',
|
||||
'mail-gateway-anfrage' => 'Mail Gateway Anfrage',
|
||||
'webhosting-anfrage' => 'Webhosting Anfrage',
|
||||
'it-beratung' => 'IT-Beratung',
|
||||
'it-support' => 'IT-Support & Fehlerbehebung',
|
||||
'netzwerk-wlan' => 'Netzwerk & WLAN-Einrichtung',
|
||||
'it-sicherheit-backup' => 'IT-Sicherheit & Backup',
|
||||
'webseiten-hosting-service' => 'Webseiten- & Hosting-Service',
|
||||
'wartung-betreuung' => 'Wartung & Betreuung',
|
||||
'support' => 'Technischer Support',
|
||||
'beratung' => 'Persönliche Beratung',
|
||||
'migration' => 'Migration/Umzug',
|
||||
'sonstiges' => 'Sonstige Anfrage',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $subjectKey
|
||||
*/
|
||||
function isAllowedContactSubject(string $subjectKey): bool {
|
||||
return array_key_exists($subjectKey, getContactSubjectMap());
|
||||
}
|
||||
|
||||
/**
|
||||
* Betreff aus ?product= oder ?package= für die Kontaktseite ableiten
|
||||
*/
|
||||
function getPreselectedContactSubject(): string {
|
||||
$productMap = [
|
||||
'vpc' => 'vpc-anfrage',
|
||||
'vps' => 'vps-anfrage',
|
||||
'mail-gateway' => 'mail-gateway-anfrage',
|
||||
'webhosting' => 'webhosting-anfrage',
|
||||
];
|
||||
|
||||
if (!empty($_GET['product'])) {
|
||||
$product = strtolower(preg_replace('/[^a-z0-9-]/', '', (string) $_GET['product']));
|
||||
if (isset($productMap[$product])) {
|
||||
return $productMap[$product];
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($_GET['package'])) {
|
||||
$package = strtolower(preg_replace('/[^a-z0-9-]/', '', (string) $_GET['package']));
|
||||
foreach ($productMap as $productId => $subjectKey) {
|
||||
if (str_starts_with($package, $productId . '-')) {
|
||||
return $subjectKey;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
@@ -140,24 +140,6 @@ function isValidEmail($email) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// CSRF Token generieren (wird in functions.php verwendet)
|
||||
// Hinweis: Diese Funktion existiert auch in functions.php - hier nur als Fallback
|
||||
if (!function_exists('generateCSRFToken')) {
|
||||
function generateCSRFToken() {
|
||||
if (!isset($_SESSION['csrf_token'])) {
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
return $_SESSION['csrf_token'];
|
||||
}
|
||||
}
|
||||
|
||||
// CSRF Token validieren
|
||||
if (!function_exists('validateCSRFToken')) {
|
||||
function validateCSRFToken($token) {
|
||||
return isset($_SESSION['csrf_token']) && hash_equals($_SESSION['csrf_token'], $token);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Hilfsfunktion zum Abrufen der Konfiguration als Array
|
||||
* Kompatibilität mit contact-handler.php
|
||||
@@ -183,6 +165,9 @@ function getHexaHostConfig($key = null) {
|
||||
// Sicherheit
|
||||
'max_requests_per_hour' => MAX_REQUESTS_PER_HOUR,
|
||||
'honeypot_field' => 'website',
|
||||
'enable_csrf' => ENABLE_CSRF_PROTECTION,
|
||||
'min_message_length' => MIN_MESSAGE_LENGTH,
|
||||
'max_message_length' => MAX_MESSAGE_LENGTH,
|
||||
|
||||
// Debug
|
||||
'debug_mode' => DEBUG_MODE,
|
||||
|
||||
Reference in New Issue
Block a user