package main import ( "github.com/microcosm-cc/bluemonday" "html" "net/http" "net/url" ) type FormValues map[string][]string func FormHandler(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { _, _ = w.Write([]byte("MailyGo works!")) return } if r.Method != http.MethodPost { w.WriteHeader(http.StatusMethodNotAllowed) _, _ = w.Write([]byte("The HTTP method is not allowed, make a POST request")) return } _ = r.ParseForm() sanitizedForm := sanitizeForm(r.PostForm) if !isBot(sanitizedForm) { sendForm(sanitizedForm) } sendResponse(sanitizedForm, w) return } func sanitizeForm(values url.Values) FormValues { p := bluemonday.StrictPolicy() sanitizedForm := make(FormValues) for key, values := range values { var sanitizedValues []string for _, value := range values { sanitizedValues = append(sanitizedValues, html.UnescapeString(p.Sanitize(value))) } sanitizedForm[html.UnescapeString(p.Sanitize(key))] = sanitizedValues } return sanitizedForm } func isBot(values FormValues) bool { for _, honeyPot := range appConfig.HoneyPots { if len(values[honeyPot]) > 0 { for _, value := range values[honeyPot] { if value != "" { return true } } } } return false } func sendResponse(values FormValues, w http.ResponseWriter) { if len(values["_redirectTo"]) == 1 && values["_redirectTo"][0] != "" { w.Header().Add("Location", values["_redirectTo"][0]) w.WriteHeader(http.StatusSeeOther) _, _ = w.Write([]byte("Go to " + values["_redirectTo"][0])) return } else { w.WriteHeader(http.StatusCreated) _, _ = w.Write([]byte("Submitted form")) return } }