wneessen
diff --git a/‎README.md
Lines changed: 58 additions & 22 deletions b/‎README.md
Lines changed: 58 additions & 22 deletions
diff --git a/‎apirequest/apirequest.go
Lines changed: 20 additions & 4 deletions b/‎apirequest/apirequest.go
Lines changed: 20 additions & 4 deletions
diff --git a/‎apirequest/form.go
Lines changed: 1 addition & 1 deletion b/‎apirequest/form.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎apirequest/gettoken.go
Lines changed: 15 additions & 16 deletions b/‎apirequest/gettoken.go
Lines changed: 15 additions & 16 deletions
@@ -69,7 +69,7 @@ Again the JSON syntax of the form configuration is very simple, yet flexible.
 
 ```json
 {
-    "id": 1,
+    "id": "test_form",
     "secret": "SuperSecretsString",
     "recipients": ["who@cares.net"],
     "sender": "website@example.com",
@@ -89,7 +89,7 @@ Again the JSON syntax of the form configuration is very simple, yet flexible.
     }
 }
 ```
-* `id (type: int)`: The id of the form (will be looked for in the `formid` parameter of the submission)
+* `id (type: string)`: The id of the form (will be looked for in the `formid` parameter of the token request)
 * `secret (type: string)`: Secret for the form. This will be used for the token generation
 * `recipients (type: []string)`: List of recipients, that should receive the mails with the submitted form data
 * `domains (type: []string)`: List of origin domains, that are allowed to use this form
@@ -110,41 +110,77 @@ Again the JSON syntax of the form configuration is very simple, yet flexible.
 `JS-Mailer` follows a two-step workflow. First your JavaScript requests a token from the API using the `/api/v1/token`
 endpoint. If the request is valid and website is authorized to request a token, the API will respond with a
 TokenResponseJson. This holds some data, which needs to be included into your form as hidden inputs. It will also
-provide a submission URL endpoint `/api/v1/send` that can be used as action in your form. Once the form is submitted,
-the API will then validate that all submitted data is correct and submit the form data to the configured recipients.
+provide a submission URL endpoint `/api/v1/send/<formid>/<token>` that can be used as action in your form. Once the form
+is submitted, the API will then validate that all submitted data is correct and submit the form data to the configured
+recipients.
 
-### API responses
-#### Token request
-The API response to a token request (`/api/v1/token`) looks like this:
+## API responses
+The API basically responds with two different types of JSON objects. A `success` response or an `error` response.
+
+### Success response
+The succss response JSON struct is very simple:
+
+```json
+{
+  "status_code": 200,
+  "status": "Ok",
+  "data": {}
+}
+```
+* `status_code (type: uint32)`: The HTTP status code of the success response
+* `status (type: string)`: The HTTP status string of the success response
+* `data (type: object)`: An object with abritrary data, based on the type of response
+
+#### Successful token retrieval data object
+The `data` object of the success response for a successful token retrieval looks like this:
 
 ```json
 {
-  "token": "0587ba3fff63ce2c54af0320b5a2d06612a0200aa139c1c150cbfae8a17084a8",
-  "create_time": 1628633657,
-  "expire_time": 1628634257,
-  "form_id": 1,
-  "url": "https://jsmailer.example.com/api/v1/send"
+  "token": "5b19fca2b154a2681f8d6014c63b5f81bdfdd01036a64f8a835465ab5247feff",
+  "form_id": "test_form",
+  "create_time": 1628670201,
+  "expire_time": 1628670801,
+  "url": "https://jsmailer.example.com/api/v1/send/test_form/5b19fca2b154a2681f8d6014c63b5f81bdfdd01036a64f8a835465ab5247feff",
+  "enc_type": "multipart/form-data",
+  "method": "post"
 }
 ```
-* `token (type: string)`: The security token that needs to be part of the actual form sending request
+* `token (type: string)`: The security token of this send request
+* `form_id (type: string)`: The form id of the current form (for reference or automatic inclusion via JS)
 * `create_time (type: int64)`: The epoch timestamp when the token was created
 * `expire_time (type: int64)`: The epoch timestamp when the token will expire
-* `form_id (type: uint)`: The form id of the current form (for reference or automatic inclusion via JS)
 * `url (type: string)`: API endpoint to set your form action to
+* `enc_type (type: string)`: The enctype for your form
+* `method (type: string)`: The method for your form
 
-#### Send response
+#### Sent successful data object
+The `data` object of the success response for a successfully sent message looks like this:
 
-The API response to a send request (`/api/v1/send`) looks like this:
+The API response to a send request (`/api/v1/send/<formid>/<token>`) looks like this:
 ```json
 {
-  "status_code": 200,
-  "success_message": "Message successfully sent",
-  "form_id": 1
+  "form_id": "test_form",
+  "send_time": 1628670331
+}
+```
+* `form_id (type: string)`: The form id of the current form (for reference)
+* `send_time (type: int64)`: The epoch timestamp when the message was sent
+
+### Error response
+The error response JSON struct is also very simple:
+
+```json
+{
+  "status_code": 404,
+  "status": "Not Found",
+  "error_message": "Validation failed",
+  "error_data": "Not a valid send URL"
 }
 ```
-* `status_code (type: uint32)`: The HTTP status code
-* `success_message (type: string)`: The success message
-* `form_id (type: uint)`: The form id of the current form (for reference)
+* `status_code (type: uint32)`: The HTTP status code of the success response
+* `status (type: string)`: The HTTP status string of the success response
+* `error_message (type: string)`: The general error message why this request failed
+* `error_data (type: interface{})`: Optional details in addtion to the error message (i. e. missing fields)
 
 ## Example implementation
 
 
@@ -4,8 +4,10 @@ import (
 	"github.com/ReneKroon/ttlcache/v2"
 	log "github.com/sirupsen/logrus"
 	"github.com/wneessen/js-mailer/config"
+	"github.com/wneessen/js-mailer/form"
 	"github.com/wneessen/js-mailer/response"
 	"net/http"
+	"strings"
 )
 
 // ApiRequest reflects a new Api request object
@@ -14,6 +16,9 @@ type ApiRequest struct {
 	Config  *config.Config
 	IsHttps bool
 	Scheme  string
+	FormId  string
+	Token   string
+	FormObj *form.Form
 }
 
 // RequestHandler handles an incoming HTTP request on the API routes and
@@ -41,14 +46,25 @@ func (a *ApiRequest) RequestHandler(w http.ResponseWriter, r *http.Request) {
 	// Set general response header
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 
-	switch r.URL.String() {
-	case "/api/v1/token":
+	switch {
+	case r.URL.String() == "/api/v1/token":
 		a.GetToken(w, r)
 		return
-	case "/api/v1/send":
+	case strings.HasPrefix(r.URL.String(), "/api/v1/send/"):
+		code, err := a.SendFormParse(r)
+		if err != nil {
+			l.Errorf("Failed to parse send request: %s", err)
+			response.ErrorJsonData(w, code, "Failed parsing send request", err.Error())
+			return
+		}
+		code, err = a.SendFormValidate(r)
+		if err != nil {
+			response.ErrorJsonData(w, code, "Validation failed", err.Error())
+			return
+		}
 		a.SendForm(w, r)
 		return
 	default:
-		response.ErrorJson(w, 404, "Not found")
+		response.ErrorJson(w, 404, "Unknown API route")
 	}
 }
@@ -21,7 +21,7 @@ func (a *ApiRequest) GetForm(i string) (form.Form, error) {
 		if err != nil {
 			return formObj, err
 		}
-		if err := a.Cache.Set(fmt.Sprintf("formObj_%d", formObj.Id), formObj); err != nil {
+		if err := a.Cache.Set(fmt.Sprintf("formObj_%s", formObj.Id), formObj); err != nil {
 			return formObj, err
 		}
 	}
 
@@ -2,7 +2,6 @@ package apirequest
 
 import (
 	"crypto/sha256"
-	"encoding/json"
 	"fmt"
 	log "github.com/sirupsen/logrus"
 	"github.com/wneessen/js-mailer/response"
@@ -13,10 +12,12 @@ import (
 // TokenResponseJson reflects the JSON response struct for token request
 type TokenResponseJson struct {
 	Token      string `json:"token"`
+	FormId     string `json:"form_id"`
 	CreateTime int64  `json:"create_time,omitempty"`
 	ExpireTime int64  `json:"expire_time,omitempty"`
-	FormId     int    `json:"form_id"`
 	Url        string `json:"url"`
+	EncType    string `json:"enc_type"`
+	Method     string `json:"method"`
 }
 
 // GetToken handles the HTTP token requests and return a TokenResponseJson on success or
@@ -29,20 +30,20 @@ func (a *ApiRequest) GetToken(w http.ResponseWriter, r *http.Request) {
 	var formId string
 	if err := r.ParseMultipartForm(a.Config.Forms.MaxLength); err != nil {
 		l.Errorf("Failed to parse form parameters: %s", err)
-		response.ErrorJson(w, 500, "Internal Server Error")
+		response.ErrorJson(w, 500, err.Error())
 		return
 	}
 	formId = r.Form.Get("formid")
 	if formId == "" {
-		response.ErrorJson(w, 400, "Bad Request")
+		response.ErrorJson(w, 400, "Missing formid")
 		return
 	}
 
 	// Let's try to read formobj from cache
 	formObj, err := a.GetForm(formId)
 	if err != nil {
 		l.Errorf("Failed get formObj: %s", err)
-		response.ErrorJson(w, 500, "Internal Server Error")
+		response.ErrorJson(w, 500, err.Error())
 		return
 	}
 
@@ -51,7 +52,7 @@ func (a *ApiRequest) GetToken(w http.ResponseWriter, r *http.Request) {
 	reqOrigin := r.Header.Get("origin")
 	if reqOrigin == "" {
 		l.Errorf("No origin domain set in HTTP request")
-		response.ErrorJson(w, 401, "Unauthorized")
+		response.ErrorJson(w, 401, "Domain is not allowed to access the requested form")
 		return
 	}
 	for _, d := range formObj.Domains {
@@ -61,32 +62,30 @@ func (a *ApiRequest) GetToken(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	if !isValid {
-		l.Errorf("Domain %q not in allowed domains list for form %d", reqOrigin, formObj.Id)
-		response.ErrorJson(w, 401, "Unauthorized")
+		l.Errorf("Domain %q not in allowed domains list for form %s", reqOrigin, formObj.Id)
+		response.ErrorJson(w, 401, "Domain is not allowed to access the requested form")
 		return
 	}
 	w.Header().Set("Access-Control-Allow-Origin", reqOrigin)
 
 	// Generate the token
 	nowTime := time.Now()
 	expTime := time.Now().Add(time.Minute * 10)
-	tokenText := fmt.Sprintf("%s_%d_%d_%d_%s", reqOrigin, nowTime.Unix(), expTime.Unix(), formObj.Id, formObj.Secret)
+	tokenText := fmt.Sprintf("%s_%d_%d_%s_%s", reqOrigin, nowTime.Unix(), expTime.Unix(), formObj.Id, formObj.Secret)
 	tokenSha := fmt.Sprintf("%x", sha256.Sum256([]byte(tokenText)))
 	respToken := TokenResponseJson{
 		Token:      tokenSha,
+		FormId:     formObj.Id,
 		CreateTime: nowTime.Unix(),
 		ExpireTime: expTime.Unix(),
-		FormId:     formObj.Id,
-		Url:        fmt.Sprintf("%s://%s/api/v1/send", a.Scheme, r.Host),
+		Url:        fmt.Sprintf("%s://%s/api/v1/send/%s/%s", a.Scheme, r.Host, formObj.Id, tokenSha),
+		EncType:    "multipart/form-data",
+		Method:     "post",
 	}
 	if err := a.Cache.Set(tokenSha, respToken); err != nil {
 		l.Errorf("Failed to store response token in cache: %s", err)
 		response.ErrorJson(w, 500, "Internal Server Error")
 		return
 	}
-	if err := json.NewEncoder(w).Encode(respToken); err != nil {
-		l.Errorf("Failed to encode response token JSON: %s", err)
-		response.ErrorJson(w, 500, "Internal Server Error")
-		return
-	}
+	response.SuccessJson(w, 200, respToken)
 }
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ func (a *ApiRequest) GetForm(i string) (form.Form, error) {`
`21`	`21`	`if err != nil {`
`22`	`22`	`return formObj, err`
`23`	`23`	`}`
`24`		`- if err := a.Cache.Set(fmt.Sprintf("formObj_%d", formObj.Id), formObj); err != nil {`
	`24`	`+ if err := a.Cache.Set(fmt.Sprintf("formObj_%s", formObj.Id), formObj); err != nil {`
`25`	`25`	`return formObj, err`
`26`	`26`	`}`
`27`	`27`	`}`