[UXIT-3791][filecoin.io V3] Hook up NewsletterForm [skip percy]

[barbaraperic]

📝 Description

This PR adds a functional newsletter subscription form that integrates with Mailchimp for the Filecoin site.

• Type: New feature

🛠️ Key Changes

• NewsletterForm.tsx - Refactored to use ControlledForm and ControlledFormInput for form handling
• useNewsletterForm.ts - New custom hook that manages form state, validation, and submission logic with notification dialogs for success/error feedback
• api/subscribe/route.ts - New API route that handles Mailchimp subscription requests with robust error handling for inconsistent API responses

Notes

• The Mailchimp embedded form endpoint (post-json) can return HTML instead of JSON in certain cases (e.g., already subscribed emails). The API route includes error handling to gracefully handle these responses.
• Requires MAILCHIMP_U and MAILCHIMP_LIST_ID environment variables to be set.

🧪 How to Test

1. Enter a valid email in the newsletter form
2. Verify success notification appears
3. Check if you get an email confirmation
4. Test with an already-subscribed email to verify error handling
5. Test if ZH-CN translation works for the dialog messages

📸 Screenshots

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
filecoin-site	Ready	Preview, Comment	Feb 20, 2026 4:25pm

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
ffdweb-site	Skipped		Feb 20, 2026 4:25pm
filecoin-foundation-site	Skipped		Feb 20, 2026 4:25pm
filecoin-foundation-uxit	Skipped		Feb 20, 2026 4:25pm

[notion-workspace]

[filecoin.io V3] Hook up NewsletterForm

[Copilot]

Pull request overview

Adds a functional newsletter subscription flow to the Filecoin site by wiring the footer newsletter form to a new /api/subscribe endpoint that proxies Mailchimp’s embedded JSONP subscription endpoint, and centralizing client-side form handling in a custom hook.

Changes:

• Added a Next.js route handler to submit newsletter signups to Mailchimp and normalize responses to JSON.
• Introduced useNewsletterForm to own form validation + submission + notification dialog behavior.
• Refactored NewsletterForm to use shared controlled form components and the new hook.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
apps/filecoin-site/src/app/api/subscribe/route.ts	New API route that calls Mailchimp subscribe endpoint and returns normalized JSON responses.
apps/filecoin-site/src/app/_hooks/useNewsletterForm.ts	New hook for form schema, submission, and notification dialog interactions.
apps/filecoin-site/src/app/_components/Footer/NewsletterForm.tsx	Refactor footer newsletter UI to use ControlledForm + useNewsletterForm + NotificationDialog.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The JSONP stripping logic only removes the final ) and will fail to parse common JSONP formats that end with ); or have trailing whitespace/newlines. Make the extraction more robust (e.g., strip an optional trailing semicolon/whitespace and/or match the expected callback wrapper) so successful Mailchimp responses don't get treated as parse failures.

Suggested change

	const json = text.replace(/^[^(]+\(/, '').replace(/\)$/, '')
	const callbackRegex = new RegExp(
	`^\\s*${MAILCHIMP_JSONP_CALLBACK}\\s*\\(([\\s\\S]*?)\\)\\s*;?\\s*$`,
	)
	const match = text.match(callbackRegex)
	if (!match) {
	throw new Error('Invalid Mailchimp JSONP format')
	}
	const json = match[1]

[CharlyMartin]

I'm not sure what this is doing

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The "already subscribed" check occurs after the error check, but "already subscribed" responses from Mailchimp likely have result='error'. This means already-subscribed emails will be returned as errors (status 400) instead of successes with isAlreadySubscribed=true. The logic should check for "already subscribed" within the error handling block, treating it as a special case that returns ok=true.

[barbaraperic]

It actually has result="success"

Mailchimp response: {
  result: 'success',
  msg: "You're already subscribed, your profile has been updated. Thank you!",
  type: 'custom',
  webEngagementCookieValue: null
}

[Copilot]

The API route lacks rate limiting, which could allow abuse of the newsletter subscription endpoint. Consider implementing rate limiting middleware or using a service like Vercel's edge config to prevent spam submissions and protect the Mailchimp API quota.

[barbaraperic]

Mailchimp already has a limit rate

Mailchimp raw response: handle_response({"result":"error","msg":"Too many subscribe attempts for this email address. Please try again in about 5 minutes. (#6592)"})handle_response({"result":"error","msg":"There are errors below","errors":"handleRecordAndEmailValidation","type":"validation_error"})

[Copilot]

The fetch call to Mailchimp lacks a timeout configuration, which could cause the API route to hang indefinitely if Mailchimp's servers are unresponsive. Consider adding an AbortSignal with a reasonable timeout (e.g., 10 seconds) to prevent long-running requests.

Suggested change

	const response = await fetch(
	`${baseUrl}&EMAIL=${encodeURIComponent(email)}&c=${MAILCHIMP_JSONP_CALLBACK}`,
	{ method: 'GET' },
	)
	const controller = new AbortController()
	const timeoutId = setTimeout(() => {
	controller.abort()
	}, 10_000)
	let response: Response
	try {
	response = await fetch(
	`${baseUrl}&EMAIL=${encodeURIComponent(email)}&c=${MAILCHIMP_JSONP_CALLBACK}`,
	{ method: 'GET', signal: controller.signal },
	)
	} catch (error) {
	if ((error as Error).name === 'AbortError') {
	return Response.json({ ok: false }, { status: 504 })
	}
	throw error
	} finally {
	clearTimeout(timeoutId)
	}

[Copilot]

The Mailchimp error message is passed directly to the client without sanitization. While Mailchimp is likely to return safe content, consider sanitizing or limiting the message content to prevent potential XSS if Mailchimp's response were to be compromised or contain unexpected HTML/script content.

[CharlyMartin]

I'm pasting here a suggestion for the API endpoint. Not sure if it works, let me know :)

import { type NextRequest } from 'next/server'

import { z } from 'zod'

const MAILCHIMP_JSONP_CALLBACK = 'handle_response'

const RequestSchema = z.object({
  email: z.email(),
})

export async function POST(request: NextRequest) {
  try {
    const body = await request.json()
    const { email } = RequestSchema.parse(body)

    const baseUrl = getMailchimpSubscribeUrl()
    // This might be encapsulated in getMailchimpSubscribeUrl too
    const url = new URL(baseUrl)
    url.searchParams.set('EMAIL', email)
    url.searchParams.set('c', MAILCHIMP_JSONP_CALLBACK)

    const response = await fetch(url, { method: 'GET' })
    if (!response.ok) {
      return Response.json({ ok: false }, { status: 502 })
    }

    const text = await response.text()
    // handle response here.
  } catch (error) {
    return Response.json(
      { ok: false },
      { status: 400, statusText: String(error) },
    )
  }
}

function getMailchimpSubscribeUrl() {
  const u = process.env.MAILCHIMP_U
  const id = process.env.MAILCHIMP_LIST_ID
  return `https://protocol.us16.list-manage.com/subscribe/post-json?u=${u}&id=${id}`
}

[CharlyMartin]

This catch clause is not doing anything, right?

Suggested change

	const body = await response.json().catch(() => ({}))
	const body = await response.json()

[CharlyMartin]

Why is this initialized here? What's the purpose of it?

[CharlyMartin]

Could we use Zod here?

[CharlyMartin]

Would something like this work? Just for readability.

const url = new URL(baseUrl)
url.searchParams.set('EMAIL', email)
url.searchParams.set('c', MAILCHIMP_JSONP_CALLBACK)

const response = await fetch(url, { method: 'GET' })

[CharlyMartin]

This should probably be wrapped in a try/catch as well.

[CharlyMartin]

I'm not sure what this is doing

[CharlyMartin]

This doesn't belong to this PR