1
0
Fork
You've already forked web-form
0
No description
  • Rust 89.1%
  • Dockerfile 10.9%
Find a file
ConYel ebd79c8a0f
refactor(web-form): add security features
- Add honeypot detection with hidden website_url field
- Add rate limiting (5 req/60s)
- Add audit logging for security events
- Add input length validation (name: 200, help: 5000)
- Add service field allowlist validation
- Add error codes (4001-5002)
- Add 15 tests for validation and security
- Normalize email to lowercase
2026年04月26日 23:48:27 +02:00
crates/web-form refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
.dockerignore make thing do 2024年09月04日 15:13:05 -04:00
.env.example refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
.gitignore refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
Cargo.lock make thing do 2024年09月04日 15:13:05 -04:00
Cargo.toml clean up unused deps 2024年06月08日 19:18:51 -04:00
Devfile refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
docker-compose.yml refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
Dockerfile refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
PRODUCTION.md refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00
README.md refactor(web-form): add security features 2026年04月26日 23:48:27 +02:00

web-form - Contact Form Handler

Self-hosted contact form handler for static websites. Built with Rust + Axum.

Quick Start

Build with Podman

# Build the container
podman build -t web-form:latest .

Run

# With environment variables
podman run -d \
 -p 127.0.0.1:4200:4200 \
 -e WEBMAIL_USERNAME=your-migadu-email@domain.com \
 -e WEBMAIL_PASSWORD=your-migadu-password \
 -e WEBMAIL_TARGET=where-you-want-to-receive@domain.com \
 web-form:latest

Or using docker-compose

# Set environment variables
export WEBMAIL_USERNAME=your-email@domain.com
export WEBMAIL_PASSWORD=your-password
export WEBMAIL_TARGET=target@domain.com
# Run
docker-compose up -d

Environment Variables

SECURITY: Never commit credentials to git!

Option 1: Environment variables directly

export WEBMAIL_USERNAME=your-migadu-email@domain.com
export WEBMAIL_PASSWORD=your-migadu-password
export WEBMAIL_TARGET=target@domain.com
# Copy the example
cp .env.example .env
# Edit .env with real credentials
nano .env
# Run
docker-compose up -d

The .env file is in .gitignore - won't be committed.

Form Fields

The form expects these fields:

  • name (optional) - Sender name
  • email (required) - Sender email
  • company_name (optional) - Company/organization
  • service (required) - Service type
  • help (required) - Message
  • hear_about (optional) - How they found you
  • other_source (hidden honeypot) - Bots only

Integration with Caddy

Add this to your Caddyfile:

web-form.yourdomain.com {
 reverse_proxy localhost:4200
}

Or with Anubis in front:

web-form.yourdomain.com {
 reverse_proxy localhost:3000 # Anubis
}

Security

  • Honeypot field (other_source) catches bots
  • Run behind Anubis for bot filtering
  • Only listens on localhost by default
  • Use TLS in production

Build for Production

podman build --no-cache -t web-form:latest .

Notes

  • Redirects to /contact.html on success/failure
  • Sets cookie is=ok or is=err for feedback
  • Uses Migadu SMTP relay by default