fix(auth): серверная проверка длины пароля, loading-guard и различение ошибок на auth-страницах

This commit is contained in:
2026-07-03 21:33:03 +07:00
parent 5a4d560e70
commit 901eb51e2a
5 changed files with 126 additions and 8 deletions
+6
View File
@@ -60,6 +60,12 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
writeErr(w, http.StatusBadRequest, "email and password are required")
return
}
// Server-side minimum length is the source of truth: the client-side
// zod min(8) check is UX only and can be bypassed with a direct POST.
if len(req.Password) < 8 {
writeErr(w, http.StatusBadRequest, "password must be at least 8 characters")
return
}
hash, err := auth.HashPassword(req.Password)
if err != nil {