package main import ( "html" "net/http" "net/url" "github.com/microcosm-cc/bluemonday" ) type FormValues map[string][]string func FormHandler(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { _, _ = w.Write([]byte("MailyGo works!")) return } if r.Method != http.MethodPost { w.WriteHeader(http.StatusMethodNotAllowed) _, _ = w.Write([]byte("The HTTP method is not allowed, make a POST request")) return } _ = r.ParseForm() sanitizedForm := sanitizeForm(&r.PostForm) go func() { if !isBot(sanitizedForm) { sendForm(sanitizedForm) } }() sendResponse(sanitizedForm, w) return } func sanitizeForm(values *url.Values) *FormValues { p := bluemonday.StrictPolicy() sanitizedForm := make(FormValues) for key, values := range *values { var sanitizedValues []string for _, value := range values { sanitizedValues = append(sanitizedValues, html.UnescapeString(p.Sanitize(value))) } sanitizedForm[html.UnescapeString(p.Sanitize(key))] = sanitizedValues } return &sanitizedForm } func isBot(values *FormValues) bool { for _, honeyPot := range appConfig.HoneyPots { if len((*values)[honeyPot]) > 0 { for _, value := range (*values)[honeyPot] { if value != "" { return true } } } } return checkValues(values) } func sendResponse(values *FormValues, w http.ResponseWriter) { if len((*values)["_redirectTo"]) == 1 && (*values)["_redirectTo"][0] != "" { w.Header().Add("Location", (*values)["_redirectTo"][0]) w.WriteHeader(http.StatusSeeOther) _, _ = w.Write([]byte("Go to " + (*values)["_redirectTo"][0])) return } else { w.WriteHeader(http.StatusCreated) _, _ = w.Write([]byte("Submitted form")) return } }