feat: Contact Form (Feature 022) — backend & frontend (#4132)

Author: Copilot

app/Http/Controllers/Contact/ContactController.php

@@ -0,0 +1,138 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Http\Controllers\Contact;
+
+use App\Http\Requests\Contact\ContactMessagesListRequest;
+use App\Http\Requests\Contact\DeleteContactMessageRequest;
+use App\Http\Requests\Contact\StoreContactMessageRequest;
+use App\Http\Requests\Contact\UpdateContactMessageRequest;
+use App\Http\Resources\Collections\ContactMessageCollectionResource;
+use App\Http\Resources\GalleryConfigs\ContactConfig;
+use App\Http\Resources\Models\ContactMessageResource;
+use App\Models\ContactMessage;
+use Illuminate\Http\Response;
+use Illuminate\Routing\Controller;
+
+class ContactController extends Controller
+{
+	/**
+	 * Return the contact form configuration values.
+	 *
+	 * @return ContactConfig
+	 */
+	public function init(): ContactConfig
+	{
+		return new ContactConfig();
+	}
+
+	/**
+	 * Store a new contact message from a public visitor.
+	 *
+	 * @param StoreContactMessageRequest $request
+	 *
+	 * @return array{success:bool,message:string}
+	 */
+	public function store(StoreContactMessageRequest $request): array
+	{
+		// Validate security answer if configured
+		$security_question = $request->configs()->getValueAsString('contact_form_security_question');
+		$security_answer = $request->configs()->getValueAsString('contact_form_security_answer');
+		if ($security_question !== '' && $security_answer !== '') {
+			if (strcasecmp(trim($request->securityAnswer()), trim($security_answer)) !== 0) {
+				abort(422, 'Incorrect answer to the security question.');
+			}
+		}
+
+		// Validate consent if configured
+		$is_consent_required = $request->configs()->getValueAsBool('contact_form_custom_consent_required');
+		if ($is_consent_required && !$request->consentAgreed()) {
+			abort(422, 'You must agree to the privacy policy.');
+		}
+
+		ContactMessage::create([
+			'name' => $request->senderName(),
+			'email' => $request->senderEmail(),
+			'message' => $request->senderMessage(),
+			'ip_address' => $request->ip(),
+			'user_agent' => $request->userAgent(),
+		]);
+
+		return ['success' => true, 'message' => 'Thank you for your message. We will get back to you soon.'];
+	}
+
+	/**
+	 * List all contact messages (admin only).
+	 *
+	 * @param ContactMessagesListRequest $request
+	 *
+	 * @return ContactMessageCollectionResource
+	 */
+	public function index(ContactMessagesListRequest $request): ContactMessageCollectionResource
+	{
+		$per_page = min((int) $request->query('per_page', 20), 100);
+		$page = max((int) $request->query('page', 1), 1);
+		$search = $request->query('search', '');
+		$is_read_filter = $request->query('is_read', null);
+
+		$query = ContactMessage::query()->orderBy('created_at', 'desc');
+
+		if (is_string($search) && $search !== '') {
+			$escaped = str_replace(['\\', '%', '_'], ['\\\\', '\\%', '\\_'], $search);
+			$query->where(function ($q) use ($escaped): void {
+				$q->where('name', 'like', '%' . $escaped . '%')
+					->orWhere('email', 'like', '%' . $escaped . '%')
+					->orWhere('message', 'like', '%' . $escaped . '%');
+			});
+		}
+
+		if ($is_read_filter !== null) {
+			$query->where('is_read', filter_var($is_read_filter, FILTER_VALIDATE_BOOLEAN));
+		}
+
+		$total = $query->count();
+		$messages = $query->offset(($page - 1) * $per_page)->limit($per_page)->get();
+
+		return new ContactMessageCollectionResource(
+			$messages->map(fn (ContactMessage $m) => new ContactMessageResource($m)),
+			$total,
+			$per_page,
+			$page,
+		);
+	}
+
+	/**
+	 * Update a contact message (mark as read/unread).
+	 *
+	 * @param UpdateContactMessageRequest $request
+	 *
+	 * @return ContactMessageResource
+	 */
+	public function update(UpdateContactMessageRequest $request): ContactMessageResource
+	{
+		$message = $request->contactMessage();
+		$message->is_read = $request->isRead();
+		$message->save();
+
+		return new ContactMessageResource($message);
+	}
+
+	/**
+	 * Delete a contact message.
+	 *
+	 * @param DeleteContactMessageRequest $request
+	 *
+	 * @return Response
+	 */
+	public function destroy(DeleteContactMessageRequest $request): Response
+	{
+		$request->contactMessage()->delete();
+
+		return response()->noContent();
+	}
+}

app/Http/Middleware/ConfigIntegrity.php

@@ -101,6 +101,10 @@ class ConfigIntegrity
 		'best_pictures_count',
 		'enable_my_best_pictures',
 		'my_best_pictures_count',
+		'contact_form_enabled',
+		'contact_form_security_question',
+		'contact_form_security_answer',
+		'contact_form_custom_consent_required',
 	];
 
 	public const PRO_FIELDS = [
@@ -118,9 +122,18 @@ class ConfigIntegrity
 		'webshop_auto_fulfill_enabled',
 		'webshop_manual_fulfill_enabled',
 		'photos_star_visibility',
+		'contact_form_custom_consent_text',
+		'contact_form_custom_privacy_url',
+		'contact_form_custom_submit_button_text',
 		'album_enhanced_display_enabled',
 		'album_header_size',
 		'album_header_landing_title_enabled',
+		'contact_form_header',
+		'contact_form_headline',
+		'contact_form_contact_method',
+		'contact_form_message_label',
+		'contact_form_message_answer',
+		'contact_form_thank_you_message',
 	];
 
 	/**

app/Http/Requests/Contact/ContactMessagesListRequest.php

@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Http\Requests\Contact;
+
+use App\Http\Requests\AbstractEmptyRequest;
+use App\Models\User;
+use App\Policies\UserPolicy;
+use Illuminate\Support\Facades\Gate;
+
+class ContactMessagesListRequest extends AbstractEmptyRequest
+{
+	/**
+	 * {@inheritDoc}
+	 */
+	public function authorize(): bool
+	{
+		return Gate::check(UserPolicy::CAN_CREATE_OR_EDIT_OR_DELETE, [User::class]);
+	}
+}

app/Http/Requests/Contact/DeleteContactMessageRequest.php

@@ -0,0 +1,53 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Http\Requests\Contact;
+
+use App\Http\Requests\BaseApiRequest;
+use App\Models\ContactMessage;
+use App\Models\User;
+use App\Policies\UserPolicy;
+use Illuminate\Support\Facades\Gate;
+
+class DeleteContactMessageRequest extends BaseApiRequest
+{
+	protected ContactMessage $contact_message;
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function authorize(): bool
+	{
+		return Gate::check(UserPolicy::CAN_CREATE_OR_EDIT_OR_DELETE, [User::class]);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function rules(): array
+	{
+		return [
+			'id' => ['required', 'integer'],
+		];
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected function processValidatedValues(array $values, array $files): void
+	{
+		/** @var int $id */
+		$id = $values['id'];
+		$this->contact_message = ContactMessage::query()->findOrFail($id);
+	}
+
+	public function contactMessage(): ContactMessage
+	{
+		return $this->contact_message;
+	}
+}

app/Http/Requests/Contact/StoreContactMessageRequest.php

@@ -0,0 +1,79 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Http\Requests\Contact;
+
+use App\Http\Requests\BaseApiRequest;
+
+class StoreContactMessageRequest extends BaseApiRequest
+{
+	protected string $name = '';
+	protected string $email = '';
+	protected string $message_body = '';
+	protected string $security_answer = '';
+	protected bool $consent_agreed = false;
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function authorize(): bool
+	{
+		return true;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function rules(): array
+	{
+		return [
+			'name' => ['required', 'string', 'max:255'],
+			'email' => ['required', 'string', 'max:255'],
+			'message' => ['required', 'string', 'min:10', 'max:5000'],
+			'security_answer' => ['sometimes', 'nullable', 'string'],
+			'consent_agreed' => ['sometimes', 'boolean'],
+		];
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected function processValidatedValues(array $values, array $files): void
+	{
+		$this->name = $values['name'];
+		$this->email = $values['email'];
+		$this->message_body = $values['message'];
+		$this->security_answer = $values['security_answer'] ?? '';
+		$this->consent_agreed = self::toBoolean($values['consent_agreed'] ?? false);
+	}
+
+	public function senderName(): string
+	{
+		return $this->name;
+	}
+
+	public function senderEmail(): string
+	{
+		return $this->email;
+	}
+
+	public function senderMessage(): string
+	{
+		return $this->message_body;
+	}
+
+	public function securityAnswer(): string
+	{
+		return $this->security_answer;
+	}
+
+	public function consentAgreed(): bool
+	{
+		return $this->consent_agreed;
+	}
+}

app/Http/Requests/Contact/UpdateContactMessageRequest.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * SPDX-License-Identifier: MIT
+ * Copyright (c) 2017-2018 Tobias Reich
+ * Copyright (c) 2018-2026 LycheeOrg.
+ */
+
+namespace App\Http\Requests\Contact;
+
+use App\Http\Requests\BaseApiRequest;
+use App\Models\ContactMessage;
+use App\Models\User;
+use App\Policies\UserPolicy;
+use Illuminate\Support\Facades\Gate;
+
+class UpdateContactMessageRequest extends BaseApiRequest
+{
+	protected ContactMessage $contact_message;
+	protected bool $is_read = false;
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function authorize(): bool
+	{
+		return Gate::check(UserPolicy::CAN_CREATE_OR_EDIT_OR_DELETE, [User::class]);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function rules(): array
+	{
+		return [
+			'id' => ['required', 'integer'],
+			'is_read' => ['required', 'boolean'],
+		];
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected function processValidatedValues(array $values, array $files): void
+	{
+		/** @var int $id */
+		$id = $values['id'];
+		$this->contact_message = ContactMessage::query()->findOrFail($id);
+		$this->is_read = self::toBoolean($values['is_read']);
+	}
+
+	public function contactMessage(): ContactMessage
+	{
+		return $this->contact_message;
+	}
+
+	public function isRead(): bool
+	{
+		return $this->is_read;
+	}
+}