import { NextResponse } from 'next/server'; import { Resend } from 'resend'; const resend = new Resend(process.env.RESEND_API_KEY); function escapeHtml(str: string): string { return str .replace(/&/g, '&') .replace(//g, '>') .replace(/"/g, '"'); } export async function POST(request: Request) { try { const body = await request.json(); const { name, email, message } = body; if (!name || typeof name !== 'string' || name.trim().length === 0) { return NextResponse.json({ error: 'Name is required' }, { status: 400 }); } if (!email || typeof email !== 'string' || !email.includes('@') || !email.includes('.')) { return NextResponse.json({ error: 'Valid email is required' }, { status: 400 }); } if (!message || typeof message !== 'string' || message.trim().length === 0) { return NextResponse.json({ error: 'Message is required' }, { status: 400 }); } const safeName = escapeHtml(name.trim()); const safeEmail = escapeHtml(email.trim()); const safeMessage = escapeHtml(message.trim()); const { error } = await resend.emails.send({ from: 'XHIVA Art ', to: 'xhivart@gmail.com', replyTo: email.trim(), subject: `New message from ${name.trim()} — XHIVA Art`, html: `

New Message from XHIVA Art

NAME

${safeName}

EMAIL

${safeEmail}

MESSAGE

${safeMessage}

Sent from xhivart.jeffemmett.com contact form

`, }); if (error) { console.error('Resend error:', error); return NextResponse.json({ error: 'Failed to send message' }, { status: 500 }); } return NextResponse.json({ success: true }); } catch (err) { console.error('Contact API error:', err); return NextResponse.json({ error: 'Internal server error' }, { status: 500 }); } }