From 6fb6e9734179a13c387e227d2097dd8d591d4715 Mon Sep 17 00:00:00 2001
From: iamkiddy <francisyoungson@gmail.com>
Date: Mon, 1 Dec 2025 17:53:17 +0000
Subject: [PATCH] Enhance submitContactForm function to improve input
 sanitization and response handling. Update documentation to clarify that the
 endpoint does not require authentication. Implement checks for empty
 responses and specific error handling for authentication issues, ensuring a
 more robust user experience during form submissions.

---
 lib/actions/auth.ts | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/lib/actions/auth.ts b/lib/actions/auth.ts
index ce85bb7..06c2d54 100644
--- a/lib/actions/auth.ts
+++ b/lib/actions/auth.ts
@@ -452,7 +452,7 @@ export interface ContactFormResponse {
 }
 
 /**
- * Submit contact form
+ * Submit contact form (public endpoint - no authentication required)
  */
 export async function submitContactForm(
   data: ContactFormInput
@@ -462,18 +462,34 @@ export async function submitContactForm(
       method: "POST",
       headers: {
         "Content-Type": "application/json",
+        "Accept": "application/json",
       },
       body: JSON.stringify({
-        name: data.name,
-        email: data.email,
-        phone: data.phone,
-        message: data.message,
+        name: data.name.trim(),
+        email: data.email.trim().toLowerCase(),
+        phone: data.phone.trim(),
+        message: data.message.trim(),
       }),
     });
 
-    const responseData = await response.json();
+    // Handle empty responses
+    const contentType = response.headers.get("content-type");
+    let responseData: any;
+    
+    if (contentType && contentType.includes("application/json")) {
+      const text = await response.text();
+      responseData = text ? JSON.parse(text) : {};
+    } else {
+      const text = await response.text();
+      responseData = text ? { message: text } : {};
+    }
 
     if (!response.ok) {
+      // Check for authentication error specifically
+      if (response.status === 401 || response.status === 403) {
+        throw new Error("Contact form submission requires authentication. Please contact support if this is a public form.");
+      }
+      
       const error: ApiError = responseData;
       throw new Error(extractErrorMessage(error));
     }
@@ -483,7 +499,7 @@ export async function submitContactForm(
     if (error instanceof Error) {
       throw error;
     }
-    throw new Error("Failed to submit contact form");
+    throw new Error("Failed to submit contact form. Please try again later.");
   }
 }
 
-- 
2.39.5