fix(auth): серверная проверка длины пароля, loading-guard и различение ошибок на auth-страницах
This commit is contained in:
@@ -60,6 +60,12 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
writeErr(w, http.StatusBadRequest, "email and password are required")
|
||||
return
|
||||
}
|
||||
// Server-side minimum length is the source of truth: the client-side
|
||||
// zod min(8) check is UX only and can be bypassed with a direct POST.
|
||||
if len(req.Password) < 8 {
|
||||
writeErr(w, http.StatusBadRequest, "password must be at least 8 characters")
|
||||
return
|
||||
}
|
||||
|
||||
hash, err := auth.HashPassword(req.Password)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user