From c0ed3b5544e0e51ab2d8b8112863e281abe58635 Mon Sep 17 00:00:00 2001 From: User Date: Thu, 16 Apr 2026 21:42:41 +0800 Subject: [PATCH] fix(security): unify password minimum length to 8 characters Unify password complexity requirements across all endpoints: - RegisterRequest: min=6 -> min=8 - ResetPasswordRequest: min=6 -> min=8 - ChangePasswordRequest: min=6 -> min=8 - CreateUserRequest: min=6 -> min=8 - UpdateUserRequest: min=6 -> min=8 This aligns with setup/handler.go validatePassword() which already requires 8 characters minimum. --- backend/internal/handler/admin/user_handler.go | 4 ++-- backend/internal/handler/auth_handler.go | 4 ++-- backend/internal/handler/user_handler.go | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/internal/handler/admin/user_handler.go b/backend/internal/handler/admin/user_handler.go index 9a60aa9d..ae93575a 100644 --- a/backend/internal/handler/admin/user_handler.go +++ b/backend/internal/handler/admin/user_handler.go @@ -35,7 +35,7 @@ func NewUserHandler(adminService service.AdminService, concurrencyService *servi // CreateUserRequest represents admin create user request type CreateUserRequest struct { Email string `json:"email" binding:"required,email"` - Password string `json:"password" binding:"required,min=6"` + Password string `json:"password" binding:"required,min=8"` Username string `json:"username"` Notes string `json:"notes"` Balance float64 `json:"balance"` @@ -47,7 +47,7 @@ type CreateUserRequest struct { // 使用指针类型来区分"未提供"和"设置为0" type UpdateUserRequest struct { Email string `json:"email" binding:"omitempty,email"` - Password string `json:"password" binding:"omitempty,min=6"` + Password string `json:"password" binding:"omitempty,min=8"` Username *string `json:"username"` Notes *string `json:"notes"` Balance *float64 `json:"balance"` diff --git a/backend/internal/handler/auth_handler.go b/backend/internal/handler/auth_handler.go index f4ddf890..beac0008 100644 --- a/backend/internal/handler/auth_handler.go +++ b/backend/internal/handler/auth_handler.go @@ -41,7 +41,7 @@ func NewAuthHandler(cfg *config.Config, authService *service.AuthService, userSe // RegisterRequest represents the registration request payload type RegisterRequest struct { Email string `json:"email" binding:"required,email"` - Password string `json:"password" binding:"required,min=6"` + Password string `json:"password" binding:"required,min=8"` VerifyCode string `json:"verify_code"` TurnstileToken string `json:"turnstile_token"` PromoCode string `json:"promo_code"` // 注册优惠码 @@ -482,7 +482,7 @@ func (h *AuthHandler) ForgotPassword(c *gin.Context) { type ResetPasswordRequest struct { Email string `json:"email" binding:"required,email"` Token string `json:"token" binding:"required"` - NewPassword string `json:"new_password" binding:"required,min=6"` + NewPassword string `json:"new_password" binding:"required,min=8"` } // ResetPasswordResponse 重置密码响应 diff --git a/backend/internal/handler/user_handler.go b/backend/internal/handler/user_handler.go index 35862f1c..134a1d6d 100644 --- a/backend/internal/handler/user_handler.go +++ b/backend/internal/handler/user_handler.go @@ -24,7 +24,7 @@ func NewUserHandler(userService *service.UserService) *UserHandler { // ChangePasswordRequest represents the change password request payload type ChangePasswordRequest struct { OldPassword string `json:"old_password" binding:"required"` - NewPassword string `json:"new_password" binding:"required,min=6"` + NewPassword string `json:"new_password" binding:"required,min=8"` } // UpdateProfileRequest represents the update profile request payload