added admin login to frontend + obscurification for contact details

backend/src/main.rs

@@ -9,7 +9,7 @@ use axum::{
     http::{HeaderValue, header},
     routing::{delete, get, post},
 };
-use std::{env, fs, path::PathBuf, sync::Arc};
+use std::{collections::HashMap, env, fs, path::PathBuf, sync::Arc};
 use tokio::sync::Mutex;
 use tower_http::{
     cors::{AllowOrigin, CorsLayer},
@@ -22,6 +22,7 @@ pub struct AppState {
     pub data_dir: PathBuf,
     pub cookie_secure: bool,
     pub post_lock: Mutex<()>,
+    pub contact_rate_limit: Mutex<HashMap<String, Vec<i64>>>,
 }
 
 #[tokio::main]
@@ -61,6 +62,7 @@ async fn main() {
         data_dir,
         cookie_secure,
         post_lock: Mutex::new(()),
+        contact_rate_limit: Mutex::new(HashMap::new()),
     });
 
     // CORS — locked down by default. Set FRONTEND_ORIGIN to the public URL of
@@ -107,6 +109,12 @@ async fn main() {
             delete(handlers::upload::delete_upload),
         )
         .route("/api/upload", post(handlers::upload::upload_file))
+        .route("/api/contact", post(handlers::contact::submit_contact))
+        .route("/api/messages", get(handlers::contact::list_messages))
+        .route(
+            "/api/messages/{id}",
+            delete(handlers::contact::delete_message),
+        )
         .route("/healthz", get(|| async { "ok" }))
         .nest_service("/uploads", ServeDir::new(uploads_dir))
         .layer(DefaultBodyLimit::max(50 * 1024 * 1024))