SubscriptionForm handles subscription requests coming from public HTML subscription forms.
(c echo.Context)
| 459 | // SubscriptionForm handles subscription requests coming from public |
| 460 | // HTML subscription forms. |
| 461 | func (a *App) SubscriptionForm(c echo.Context) error { |
| 462 | if !a.cfg.EnablePublicSubPage { |
| 463 | return echo.NewHTTPError(http.StatusNotFound, a.i18n.T("public.invalidFeature")) |
| 464 | |
| 465 | } |
| 466 | |
| 467 | // If there's a nonce value, a bot could've filled the form. |
| 468 | if c.FormValue("nonce") != "" { |
| 469 | return echo.NewHTTPError(http.StatusBadGateway, a.i18n.T("public.invalidFeature")) |
| 470 | } |
| 471 | |
| 472 | // Process CAPTCHA. |
| 473 | if a.captcha.IsEnabled() { |
| 474 | var val string |
| 475 | |
| 476 | // Get the appropriate captcha response field based on provider. |
| 477 | switch a.captcha.GetProvider() { |
| 478 | case captcha.ProviderHCaptcha: |
| 479 | val = c.FormValue("h-captcha-response") |
| 480 | case captcha.ProviderAltcha: |
| 481 | val = c.FormValue("altcha") |
| 482 | default: |
| 483 | return c.Render(http.StatusBadRequest, tplMessage, |
| 484 | makeMsgTpl(a.i18n.T("public.errorTitle"), "", a.i18n.T("public.invalidCaptcha"))) |
| 485 | } |
| 486 | |
| 487 | if val == "" { |
| 488 | return c.Render(http.StatusBadRequest, tplMessage, |
| 489 | makeMsgTpl(a.i18n.T("public.errorTitle"), "", a.i18n.T("public.invalidCaptcha"))) |
| 490 | } |
| 491 | |
| 492 | err, ok := a.captcha.Verify(val) |
| 493 | if err != nil { |
| 494 | a.log.Printf("captcha request failed: %v", err) |
| 495 | } |
| 496 | |
| 497 | if !ok { |
| 498 | return c.Render(http.StatusBadRequest, tplMessage, |
| 499 | makeMsgTpl(a.i18n.T("public.errorTitle"), "", a.i18n.T("public.invalidCaptcha"))) |
| 500 | } |
| 501 | } |
| 502 | |
| 503 | hasOptin, err := a.processSubForm(c) |
| 504 | if err != nil { |
| 505 | e, ok := err.(*echo.HTTPError) |
| 506 | if !ok { |
| 507 | return err |
| 508 | } |
| 509 | |
| 510 | return c.Render(e.Code, tplMessage, makeMsgTpl(a.i18n.T("public.errorTitle"), "", fmt.Sprintf("%s", e.Message))) |
| 511 | } |
| 512 | |
| 513 | // Redirect to a custom page if a trusted '?next' is set. |
| 514 | if nextURL := strings.TrimSpace(c.FormValue("next")); nextURL != "" { |
| 515 | for _, d := range a.cfg.Security.TrustedURLs { |
| 516 | if d != "*" && nextURL == d { |
| 517 | return c.Redirect(http.StatusSeeOther, nextURL) |
| 518 | } |
nothing calls this directly
no test coverage detected