Skip to content

Software Requirement Specification (SRS) - Contact Form & Message Management

FieldDetail
Company Nameruizdev7
Document TitleContact Form & Message Management - SRS
Document NumberSRS-004
Version1.0
Specification Date17-November-24
StatusImplemented
RoleNameDate
Project ManagerJoseph Ruiz17-November-24
Tech LeadJoseph Ruiz17-November-24
VersionDateChanges MadeAuthor
1.017-November-24Initial SRS DocumentationJoseph Ruiz

This document specifies the requirements for the implementation of a Contact Form and Message Management System in the ruizdev7 Portfolio application.
The objective is to provide visitors with a user-friendly communication channel and administrators with tools to manage, track, and respond to incoming messages effectively.

The Contact Form & Message Management System includes the following components:

  • Public Contact Form: Accessible to all visitors without authentication for submitting inquiries.
  • Message Storage: Persistent storage of all contact submissions with metadata.
  • Message Management: Administrative interface for viewing, filtering, and managing messages.
  • Read Status Tracking: Mark messages as read/unread for follow-up management.
  • Pagination Support: Efficient retrieval of large message volumes.
  • Validation & Security: Input validation, XSS prevention, and spam protection.
  • Email Notification: (Future) Automatic email notifications for new submissions.

The implementation ensures:

  • Data privacy and secure message handling
  • Prevention of spam and malicious submissions
  • Efficient message retrieval for administrators
  • User-friendly submission experience
  • Contact Message: A user-submitted inquiry containing name, email, subject, and message body.
  • Read Status: Boolean indicator showing whether an administrator has reviewed a message.
  • Pagination: Dividing message lists into pages for improved performance and usability.
  • Validation: Client and server-side checks ensuring data integrity and security.
  • XSS (Cross-Site Scripting): Security vulnerability prevented through input sanitization.

Priority: High
Description:

FieldDetail
Use Case NameSubmit Contact Form
Subject AreaCommunication
Business EventThis use case applies when a visitor wants to send a message through the contact form.
ActorsGeneral visitor (no authentication required), ruizdev7 Platform.
Use Case OverviewThis use case covers the submission and storage of contact form messages.
PreconditionsNone (public endpoint).
Termination OutcomeMessage is validated, stored in database, and confirmation is sent to visitor.
Condition Affecting OutcomeValidation errors, missing required fields, database errors, or spam detection.
Use Case DescriptionThe system validates form inputs (name, email, subject, message), sanitizes data to prevent XSS, stores the message with timestamp, and returns success confirmation.
Use Case AssociationsUC-028: View Contact Messages.
Traceability ToSRS-004.
Input SummaryName (string, required), Email (valid email format, required), Subject (string, required), Message (text, required).
Output SummarySuccess message: “Thank you for your message! I’ll get back to you soon.”
Usability IndexCritical, primary communication channel for visitors.
Use Case NotesNo authentication required. Consider implementing reCAPTCHA for spam prevention.
CriterionDescription / Acceptance Condition
Form SubmissionVisitors can submit messages without authentication.
Input ValidationSystem validates all required fields and email format.
XSS PreventionInput is sanitized to prevent cross-site scripting attacks.
Message StorageAll submissions are stored with timestamp and metadata.
Admin AccessAuthenticated admins can view all messages with pagination.
Read TrackingAdmins can mark messages as read.
Response TimeForm submission processed in <500ms.
PaginationMessage list supports configurable pagination (default 10 per page).
Error HandlingClear error messages for validation failures.
Success FeedbackConfirmation message displayed to users after submission.
CategoryRequirement
PerformanceForm submission <500ms, message retrieval <300ms.
SecurityInput validation, XSS prevention, CSRF protection, rate limiting.
Availability99.9% uptime for contact form endpoint.
ScalabilitySupport for 10,000+ stored messages without performance degradation.
UsabilityIntuitive form with clear labels and error messages.
Data RetentionMessages retained indefinitely unless manually deleted.
PrivacyEmail addresses stored securely and not shared.

Table: tbl_contact_messages

  • ccn_contact_message (Primary Key, Auto-increment)
  • name (String, Max 100 chars, Required)
  • email (String, Valid email format, Required)
  • subject (String, Max 200 chars, Required)
  • message (Text, Max 2000 chars, Required)
  • read (Boolean, Default: False)
  • created_at (Timestamp, Auto-generated)
  • ip_address (String, Optional, for spam tracking)
  • user_agent (String, Optional, for spam tracking)
MethodEndpointDescriptionAuthPermission
POST/api/v1/contactSubmit contact formNoNone
GET/api/v1/contactGet messages (paginated)YesJWT
PUT/api/v1/contact/{id}/readMark message as readYesJWT
DELETE/api/v1/contact/{id}Delete message (future)YesJWT

ContactFormSchema (Marshmallow):

  • name: Required, String, 1-100 characters
  • email: Required, Valid email format
  • subject: Required, String, 1-200 characters
  • message: Required, String, 1-2000 characters

Security Validations:

  • Email regex validation
  • HTML tag stripping to prevent XSS
  • SQL injection prevention through ORM
  • Rate limiting: Max 5 submissions per IP per hour (recommended)

Success Response (POST):

{
"message": "Thank you for your message! I'll get back to you soon.",
"status": "success"
}

Error Response:

{
"error": "Validation error",
"details": {
"email": ["Not a valid email address."],
"message": ["Field cannot be empty."]
}
}

Messages List Response (GET):

{
"messages": [
{
"ccn_contact_message": 1,
"name": "John Doe",
"email": "john@example.com",
"subject": "Inquiry about services",
"message": "I would like to know more...",
"read": false,
"created_at": "2024-11-17T10:30:00Z"
}
],
"pagination": {
"page": 1,
"per_page": 10,
"total": 25,
"pages": 3,
"has_next": true,
"has_prev": false
}
}

Contact.jsx:

  • Form with react-hook-form
  • Validation with client-side checks
  • Toast notifications for success/error
  • Loading states during submission

ContactMessages.jsx:

  • Admin panel for viewing messages
  • Pagination controls
  • Read/unread status indicators
  • Mark as read functionality
  1. Input Validation:

    • Client-side: React Hook Form validation
    • Server-side: Marshmallow schema validation
  2. XSS Prevention:

    • HTML escaping in display
    • Input sanitization before storage
  3. CSRF Protection:

    • Flask-WTF CSRF tokens
    • SameSite cookie attributes
  4. Rate Limiting:

    • IP-based submission throttling
    • Exponential backoff for repeated failures
  5. Spam Prevention:

    • Honeypot fields (hidden inputs)
    • Time-based submission validation
    • Consider: Google reCAPTCHA integration

Planned Features:

  • Send email to admin on new submission
  • Auto-reply to submitter confirming receipt
  • Email template system
  • Integration with SendGrid or AWS SES
FieldDetail
Stakeholdersruizdev7 Team, Portfolio Visitors
Attachments[API_DOCUMENTATION.md]
Tech StackFlask, SQLAlchemy, Marshmallow, React Hook Form
Frontend ComponentsContact.jsx, ContactMessages.jsx
Future EnhancementsEmail notifications, reCAPTCHA, advanced filtering
Name/TitleSignatureDate
Client Representativeruizdev717-November-24
Company Representativeruizdev717-November-24