Your submission has been received.
" ); } // Fetch form settings first to check for reCAPTCHA status and other details let formSettings; try { const [forms] = await pool.query( "SELECT id, user_id, name, thank_you_url, thank_you_message, ntfy_enabled, is_archived, email_notifications_enabled, notification_email_address, recaptcha_enabled FROM forms WHERE uuid = ?", [formUuid] ); if (forms.length === 0) { return res.status(404).send("Form endpoint not found."); } formSettings = forms[0]; if (formSettings.is_archived) { return res .status(410) .send( "This form has been archived and is no longer accepting submissions." ); } } catch (dbError) { console.error("Error fetching form settings during submission:", dbError); return res .status(500) .send("Error processing submission due to database issue."); } // Perform reCAPTCHA verification if it's enabled for this form if (formSettings.recaptcha_enabled) { if (!recaptchaToken) { console.warn( `reCAPTCHA enabled for form ${formUuid} but no token provided by IP ${ipAddress}.` ); return res .status(403) .send( "reCAPTCHA is required for this form. Please complete the challenge." ); } const isRecaptchaValid = await verifyRecaptchaV2( recaptchaToken, ipAddress ); if (!isRecaptchaValid) { console.warn( `reCAPTCHA verification failed for form ${formUuid} from IP ${ipAddress}.` ); return res .status(403) .send("reCAPTCHA verification failed. Please try again."); } } // If reCAPTCHA is not enabled, or if it was enabled and passed, proceed. // Main submission processing logic (moved DB query for form details up) let formNameForNotification = formSettings.name || `Form ${formUuid}`; try { const ntfyEnabled = formSettings.ntfy_enabled; const formOwnerUserId = formSettings.user_id; // Prepare form object for email service const formForEmail = { name: formSettings.name, email_notifications_enabled: formSettings.email_notifications_enabled, notification_email_address: formSettings.notification_email_address, }; // Fetch form owner's email for default notification recipient let ownerEmail = null; if (formOwnerUserId) { const [users] = await pool.query( "SELECT email FROM users WHERE id = ?", [formOwnerUserId] ); if (users.length > 0) { ownerEmail = users[0].email; } else { console.warn( `Owner user with ID ${formOwnerUserId} not found for form ${formUuid}.` ); } } await pool.query( "INSERT INTO submissions (form_uuid, user_id, data, ip_address) VALUES (?, ?, ?, ?)", [formUuid, formOwnerUserId, JSON.stringify(submissionData), ipAddress] ); console.log( `Submission received for ${formUuid} (user: ${formOwnerUserId}):`, submissionData ); const submissionSummary = Object.entries(submissionData) .filter(([key]) => key !== "_thankyou") .map(([key, value]) => `${key}: ${value}`) .join(", "); if (ntfyEnabled) { await sendNtfyNotification( `New Submission: ${formNameForNotification}`, `Data: ${ submissionSummary || "No data fields" }\nFrom IP: ${ipAddress}`, "high", "incoming_form" ); } // Send email notification if (ownerEmail) { // Only attempt if we have an owner email (even if custom one is set, good to have fallback context) sendSubmissionNotification( formForEmail, submissionData, ownerEmail ).catch((err) => console.error( "Failed to send submission email directly in route:", err ) ); // Log error but don't block response } else if ( formForEmail.email_notifications_enabled && !formForEmail.notification_email_address ) { console.warn( `Email notification enabled for form ${formUuid} but owner email could not be determined and no custom address set.` ); } if (formSettings.thank_you_url) { return res.redirect(formSettings.thank_you_url); } if (formSettings.thank_you_message) { // Basic HTML escaping for safety const safeMessage = formSettings.thank_you_message .replace(/&/g, "&") .replace(//g, ">") .replace(/"/g, """) .replace(/'/g, "'"); return res.send(safeMessage); } if (submissionData._thankyou) { return res.redirect(submissionData._thankyou); } res.send( 'Your submission has been received.
' ); } catch (error) { console.error("Error processing submission:", error); await sendNtfyNotification( `Submission Error: ${formNameForNotification}`, `Failed to process submission for ${formUuid} from IP ${ipAddress}. Error: ${error.message}`, "max" ); res.status(500).send("Error processing submission."); } } ); module.exports = router;Thank you for signing up for Formies! To complete your registration, please verify your email address by clicking the button below:
If the button doesn't work, you can copy and paste this link into your browser:
${verificationUrl}
This link will expire in 24 hours.
If you didn't create an account with Formies, you can safely ignore this email.
We received a request to reset your password for your Formies account. If you made this request, click the button below to reset your password:
If the button doesn't work, you can copy and paste this link into your browser:
${resetUrl}
This link will expire in 1 hour.
If you didn't request a password reset, you can safely ignore this email. Your password won't be changed.
Welcome to Formies! Your email has been verified and your account is now active.
You can now start creating beautiful forms and collecting submissions. Here's what you can do:
This email confirms that your password has been successfully changed for your Formies account.
If you didn't make this change, please contact our support team immediately.
For your security, here are some tips:
You have a new submission for your form: ${formName}.
`; body += "Here are the details:
Thank you for using Formies!
"; return body; } /** * Sends a submission notification email. * @param {object} form - Form details (name, email_notifications_enabled, notification_email_address). * @param {object} submissionData - The actual data submitted to the form. * @param {string} userOwnerEmail - The email of the user who owns the form. */ async function sendSubmissionNotification( form, submissionData, userOwnerEmail ) { if (!resend) { logger.warn( "Resend SDK not initialized due to missing API key. Skipping email notification." ); return; } if (!emailFromAddress) { logger.warn( "EMAIL_FROM_ADDRESS not configured. Skipping email notification." ); return; } if (!form || !form.email_notifications_enabled) { logger.info( `Email notifications are disabled for form: ${form ? form.name : "Unknown Form"}. Skipping.` ); return; } const recipientEmail = form.notification_email_address || userOwnerEmail; if (!recipientEmail) { logger.warn( `No recipient email address found for form: ${form.name}. Skipping notification.` ); return; } const subject = `New Submission for Form: ${form.name}`; const htmlBody = createEmailHtmlBody(form.name, submissionData); try { const { data, error } = await resend.emails.send({ from: emailFromAddress, to: recipientEmail, subject: subject, html: htmlBody, }); if (error) { logger.error("Error sending submission email via Resend:", error); // Do not let email failure break the submission flow (as per 2.3.4) return; // Or throw a specific error to be caught upstream if needed for more complex handling } logger.info( `Submission email sent successfully to ${recipientEmail} for form ${form.name}. Message ID: ${data ? data.id : "N/A"}` ); } catch (err) { logger.error("Exception caught while sending submission email:", err); // Do not let email failure break the submission flow } } module.exports = { sendSubmissionNotification, // Potentially export createEmailHtmlBody if it needs to be used elsewhere or for testing };Account settings will be here.
<% } else if (view === 'form_settings') { %> <% if (typeof successMessage !== 'undefined' && successMessage) { %>Important: This is the only time you will see this API key. Copy it now and store it securely.
<%= newlyGeneratedApiKey %>| Name | Identifier (Prefix) | Created At | Last Used | Actions |
|---|---|---|---|---|
| <%= key.key_name %> | <%= key.api_key_identifier %> | <%= new Date(key.created_at).toLocaleDateString() %> | <%= key.last_used_at ? new Date(key.last_used_at).toLocaleDateString() : 'Never' %> |
You have not generated any API keys yet.
<% } %>| Form Name | Submissions | Endpoint URL | Created Date | Status | Actions |
|---|---|---|---|---|---|
| <%= form.name %> | <%= form.submission_count %> |
<%= appUrl %>/submit/<%= form.uuid %>
|
<%= new Date(form.created_at).toLocaleDateString() %> | <%= form.is_archived ? 'Archived' : 'Active' %> | View Submissions Settings |
You haven't created any forms yet. Create one now!
<% } %>