import nodemailer from 'nodemailer' import { z } from 'zod' const contactSchema = z.object({ name: z.string().min(2).max(100), email: z.string().email().max(200), message: z.string().min(10).max(5000), }) const htmlEscapes: Record = { '&': '&', '<': '<', '>': '>', '"': '"', "'": ''', } function escapeHtml(value: string): string { return value.replace(/[&<>"']/g, (c) => htmlEscapes[c] ?? c) } export default defineEventHandler(async (event) => { const body = await readBody(event) const parsed = contactSchema.safeParse(body) if (!parsed.success) { throw createError({ statusCode: 400, message: 'Invalid payload' }) } const { name, email, message } = parsed.data const config = useRuntimeConfig(event) const transporter = nodemailer.createTransport({ host: config.smtpHost, port: 465, secure: true, auth: { user: config.smtpUser, pass: config.smtpPass, }, }) const escapedName = escapeHtml(name) const escapedEmail = escapeHtml(email) const escapedMessage = escapeHtml(message) const dateStr = new Date().toLocaleString('fr-FR', { day: 'numeric', month: 'long', year: 'numeric', hour: '2-digit', minute: '2-digit', timeZone: 'Europe/Paris', }) const html = `

Killian' DAL-CIN

New Message

contact@portfolio

            $ from: ${escapedName}

            $ email: ${escapedEmail}

            $ date: ${dateStr}

Message

${escapedMessage.replace(/\n/g, '
')}

killiandalcin.fr

Built with Nuxt

` await transporter.sendMail({ from: `"Portfolio Killian'" <${config.smtpUser}>`, to: config.smtpTo, replyTo: email, subject: `Nouveau message — ${name}`, text: `De: ${name} <${email}>\n\n${message}`, html, }) return { success: true } })