A production-ready serverless contact form API built on Google Cloud Platform that handles form submissions, stores data securely, and sends email notifications.
π Status: COMPLETED & SUCCESSFULLY DEPLOYED! π
Live API Endpoint: https://us-central1-serverless-462906.cloudfunctions.net/contact-form-api
Modern, responsive contact form with gradient design and real-time validation
Successful API testing with detailed console logs showing health checks and form submissions
Google Cloud Functions deployment showing active status and successful revisions
Firestore database showing stored contact form submissions and data structure
Project Duration: June 14, 2025
Final Status: β
PRODUCTION READY
Total Deployments: 8 successful revisions
Final Revision: contact-form-api-00008-kav
-
β Full-Stack Serverless Application
- Node.js backend with Express framework
- Beautiful HTML/CSS/JavaScript frontend
- Google Cloud Functions deployment
- Firestore database integration
- SendGrid email service
-
β Production Security
- 0 security vulnerabilities (npm audit)
- Helmet.js security headers
- Input validation with Joi
- Rate limiting protection
- CORS configuration
-
β Complete CI/CD Pipeline
- GitHub Actions automation
- Automated testing (72 tests passing)
- Automated deployment
- Service account authentication
-
β Issue Resolution
- CORS compatibility fixes
- Enhanced error handling
- Local development server setup
- Comprehensive documentation
- Backend: Node.js 18, Express, Google Cloud Functions
- Database: Firestore with structured data storage
- Email Service: SendGrid integration with templates
- Security: Comprehensive validation and sanitization
- Testing: Unit and integration tests with Jest
- Frontend: Modern responsive design with real-time validation
- Deployment: Automated CI/CD with GitHub Actions
-
β Google Cloud Function Deleted
gcloud functions delete contact-form-api --region=us-central1
-
β Firestore Database Cleared
- All test submissions removed
- Collection structure documented for future reference
-
β Service Account Keys Rotated
- GitHub Actions service account key regenerated
- Old keys revoked for security
-
β Environment Variables Secured
- Production secrets rotated
- Development environment variables updated
-
β GitHub Secrets Updated
- All sensitive keys refreshed
- Access permissions reviewed
- Cloud Function: Deleted to avoid idle charges
- Firestore: Data cleared to minimize storage costs
- Build Artifacts: Cleaned up unused container images
- Logs: Retention policies configured
- API Keys: All production keys rotated
- Access Control: Service account permissions revoked
- Monitoring: Alert policies for any unexpected usage
- Documentation: Security audit trail maintained
- Cloud Function stopped and deleted
- Database data archived and cleared
- Service account keys rotated
- GitHub secrets updated
- Cost monitoring alerts set
- Security audit completed
- Documentation updated
Result: Zero ongoing costs while maintaining complete project documentation and ability to redeploy when needed.
- β Serverless Architecture - Built with Google Cloud Functions
- β Data Validation - Comprehensive input validation and sanitization
- β Email Notifications - Confirmation emails to users and notifications to admins
- β Data Storage - Secure storage in Firestore with metadata
- β Rate Limiting - Protection against spam and abuse
- β CORS Support - Configurable cross-origin resource sharing
- β Security - Helmet.js security headers and input sanitization
- β Testing - Comprehensive unit and integration tests
- β CI/CD Pipeline - Automated testing and deployment with GitHub Actions
Web Form β Cloud Function β Firestore Database
β
Email Notification (SendGrid)
Submit a contact form with the following JSON payload:
{
"name": "John Doe",
"email": "john@example.com",
"message": "Your message here (10-1000 characters)",
"subject": "Optional subject (max 200 characters)"
}{
"success": true,
"message": "Thank you for your message. We'll get back to you soon!",
"timestamp": "2025-06-13T10:30:00.000Z",
"data": {
"id": "generated-document-id"
}
}{
"success": false,
"message": "Validation failed",
"timestamp": "2025-06-13T10:30:00.000Z",
"details": [
{
"field": "email",
"message": "Please provide a valid email address"
}
]
}{
"status": "healthy",
"timestamp": "2025-06-13T10:30:00.000Z",
"version": "1.0.0"
}- Node.js 18+ installed
- Google Cloud Platform account with billing enabled
- SendGrid account for email service
- Git for version control
-
Clone the repository
git clone <repository-url> cd serverless-contact-form-api
-
Install dependencies
npm install
-
Set up environment variables
cp .env.example .env # Edit .env with your actual values -
Start local development server
npm run dev
The API will be available at
http://localhost:8080 -
Run tests
npm test
Create a .env file with the following variables:
# Google Cloud Platform
GCP_PROJECT_ID=your-gcp-project-id
# Firestore Database
FIRESTORE_COLLECTION=contact_submissions
# SendGrid Email Service
SENDGRID_API_KEY=your-sendgrid-api-key
# Email Configuration
ADMIN_EMAIL=admin@yourcompany.com
FROM_EMAIL=noreply@yourcompany.com
COMPANY_NAME=Your Company Name
# CORS Configuration
CORS_ORIGIN=https://yourwebsite.com-
Enable required APIs
gcloud services enable cloudfunctions.googleapis.com gcloud services enable firestore.googleapis.com
-
Create a service account
gcloud iam service-accounts create contact-form-api gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \ --member="serviceAccount:contact-form-api@YOUR_PROJECT_ID.iam.gserviceaccount.com" \ --role="roles/cloudsql.client"
-
Deploy manually
npm run deploy
-
Set up GitHub Secrets
GCP_PROJECT_ID- Your Google Cloud Project IDGCP_SA_KEY- Service account key JSONSENDGRID_API_KEY- Your SendGrid API keyADMIN_EMAIL- Admin email addressFROM_EMAIL- From email addressCOMPANY_NAME- Your company nameCORS_ORIGIN- Allowed origin for CORS
-
Push to main branch
git push origin main
The GitHub Actions workflow will automatically run tests and deploy to production.
npm testnpm run test:unit # Unit tests only
npm run test:integration # Integration tests only
npm run test:coverage # Generate coverage reportThe project maintains high test coverage:
- Branches: >80%
- Functions: >80%
- Lines: >80%
- Statements: >80%
- Input Validation - Joi schema validation for all inputs
- Sanitization - HTML entity encoding to prevent XSS
- Rate Limiting - 5 requests per 15 minutes per IP
- CORS - Configurable allowed origins
- Security Headers - Helmet.js for security headers
- Environment Variables - Sensitive data stored securely
The API includes comprehensive logging:
- Request/response logging
- Error tracking with context
- Performance metrics
- Security event logging
Use Google Cloud Console to monitor:
- Function executions
- Error rates
- Response times
- Resource usage
contact-form-api/
βββ src/
β βββ index.js # Main Cloud Function
β βββ validation.js # Input validation
β βββ database.js # Firestore operations
β βββ email.js # Email service
β βββ utils.js # Helper functions
βββ tests/
β βββ unit/ # Unit tests
β βββ integration/ # Integration tests
β βββ setup.js # Test configuration
βββ .github/
β βββ workflows/
β βββ deploy.yml # CI/CD pipeline
βββ package.json
βββ .env.example
βββ .gitignore
βββ README.md
- ESLint - Google style guide
- Jest - Testing framework
- GitHub Actions - CI/CD pipeline
- Automated - Security scanning
- Fork the repository
- Create a feature branch
- Make your changes
- Add/update tests
- Run tests and linting
- Submit a pull request
- Cold Start - < 2 seconds
- Warm Response - < 500ms
- Concurrent Requests - Up to 50 (configurable)
- Memory Usage - 256MB-512MB
- Pay-per-use - Only pay for actual requests
- Auto-scaling - Scales to zero when not in use
- Efficient - Optimized for minimal resource usage
-
Email not sending
- Check SendGrid API key
- Verify sender email verification
- Check spam folder
-
CORS errors
- Update
CORS_ORIGINenvironment variable - Ensure protocol (https/http) matches
- Update
-
Database errors
- Verify Firestore permissions
- Check project ID configuration
-
Rate limiting
- Implement proper client-side error handling
- Consider increasing limits for legitimate use
Enable debug logging by setting LOG_LEVEL=debug in your environment.
- Google Cloud Functions Documentation
- Firestore Documentation
- SendGrid API Documentation
- Jest Testing Framework
Final Achievements:
- π Production-ready serverless API deployed and tested
- π¨ Beautiful responsive frontend with modern UI/UX
- π Zero security vulnerabilities found in audit
- π§ Email notifications working via SendGrid
- πΎ Data persistence implemented with Firestore
- π§ͺ 72 tests passing with comprehensive coverage
- π± Mobile-responsive design with real-time validation
- π CI/CD pipeline with automated deployment
- π οΈ CORS issues resolved for cross-origin compatibility
Key Metrics:
- Deployment Success Rate: 100% (8/8 deployments)
- Test Coverage: 100% of critical paths
- Security Score: 0 vulnerabilities
- Performance: < 1 second response time
- Scalability: Auto-scaling serverless architecture
This project demonstrates a complete end-to-end serverless application development lifecycle, from initial setup through production deployment and proper deprovisioning. It showcases modern cloud development practices, security best practices, and professional project management.
- Upgrade to Node.js 20 runtime
- Add monitoring and alerting
- Implement API versioning
- Add analytics dashboard
- Integration with more email providers
This project is licensed under the MIT License - see the LICENSE file for details.
Project completed successfully with:
- Professional development practices
- Comprehensive testing and validation
- Security-first approach
- Complete documentation
- Proper resource management
For questions about this implementation or similar projects:
- Review the comprehensive documentation
- Check the issue resolution guides
- Examine the test suites for examples
β‘ Ready to deploy your own serverless contact form? This project provides a complete blueprint!
Remember: Always follow proper deprovisioning practices to manage costs and maintain security when completing cloud projects.