fix(security): unify password minimum length to 8 characters

Unify password complexity requirements across all endpoints: - RegisterRequest: min=6 -> min=8 - ResetPasswordRequest: min=6 -> min=8 - ChangePasswordRequest: min=6 -> min=8 - CreateUserRequest: min=6 -> min=8 - UpdateUserRequest: min=6 -> min=8 This aligns with setup/handler.go validatePassword() which already requires 8 characters minimum.
2026-04-16 21:42:41 +08:00
parent ebe2d250f3
commit c0ed3b5544
3 changed files with 5 additions and 5 deletions
--- a/backend/internal/handler/admin/user_handler.go
+++ b/backend/internal/handler/admin/user_handler.go
@@ -35,7 +35,7 @@ func NewUserHandler(adminService service.AdminService, concurrencyService *servi
 // CreateUserRequest represents admin create user request
 type CreateUserRequest struct {
 	Email         string  `json:"email" binding:"required,email"`
-	Password      string  `json:"password" binding:"required,min=6"`
+	Password      string  `json:"password" binding:"required,min=8"`
 	Username      string  `json:"username"`
 	Notes         string  `json:"notes"`
 	Balance       float64 `json:"balance"`
@@ -47,7 +47,7 @@ type CreateUserRequest struct {
 // 使用指针类型来区分"未提供"和"设置为0"
 type UpdateUserRequest struct {
 	Email         string   `json:"email" binding:"omitempty,email"`
-	Password      string   `json:"password" binding:"omitempty,min=6"`
+	Password      string   `json:"password" binding:"omitempty,min=8"`
 	Username      *string  `json:"username"`
 	Notes         *string  `json:"notes"`
 	Balance       *float64 `json:"balance"`
--- a/backend/internal/handler/auth_handler.go
+++ b/backend/internal/handler/auth_handler.go
@@ -41,7 +41,7 @@ func NewAuthHandler(cfg *config.Config, authService *service.AuthService, userSe
 // RegisterRequest represents the registration request payload
 type RegisterRequest struct {
 	Email          string `json:"email" binding:"required,email"`
-	Password       string `json:"password" binding:"required,min=6"`
+	Password       string `json:"password" binding:"required,min=8"`
 	VerifyCode     string `json:"verify_code"`
 	TurnstileToken string `json:"turnstile_token"`
 	PromoCode      string `json:"promo_code"`      // 注册优惠码
@@ -482,7 +482,7 @@ func (h *AuthHandler) ForgotPassword(c *gin.Context) {
 type ResetPasswordRequest struct {
 	Email       string `json:"email" binding:"required,email"`
 	Token       string `json:"token" binding:"required"`
-	NewPassword string `json:"new_password" binding:"required,min=6"`
+	NewPassword string `json:"new_password" binding:"required,min=8"`
 }

 // ResetPasswordResponse 重置密码响应
--- a/backend/internal/handler/user_handler.go
+++ b/backend/internal/handler/user_handler.go
@@ -24,7 +24,7 @@ func NewUserHandler(userService *service.UserService) *UserHandler {
 // ChangePasswordRequest represents the change password request payload
 type ChangePasswordRequest struct {
 	OldPassword string `json:"old_password" binding:"required"`
-	NewPassword string `json:"new_password" binding:"required,min=6"`
+	NewPassword string `json:"new_password" binding:"required,min=8"`
 }

 // UpdateProfileRequest represents the update profile request payload