Merge remote-tracking branch 'origin/main'

backend/src/auth/auth.service.spec.ts

@@ -148,7 +148,7 @@ describe("AuthService", () => {
 			const dto = {
 				username: "test",
 				email: "test@example.com",
-				password: "password",
+				password: "Password1!",
 			};
 			mockHashingService.hashPassword.mockResolvedValue("hashed-password");
 			mockHashingService.hashEmail.mockResolvedValue("hashed-email");
@@ -165,7 +165,7 @@ describe("AuthService", () => {
 
 	describe("login", () => {
 		it("should login a user", async () => {
-			const dto = { email: "test@example.com", password: "password" };
+			const dto = { email: "test@example.com", password: "Password1!" };
 			const user = {
 				uuid: "user-id",
 				username: "test",

backend/src/auth/dto/register.dto.ts

@@ -2,6 +2,7 @@ import {
 	IsEmail,
 	IsNotEmpty,
 	IsString,
+	Matches,
 	MaxLength,
 	MinLength,
 } from "class-validator";
@@ -10,6 +11,9 @@ export class RegisterDto {
 	@IsString()
 	@IsNotEmpty()
 	@MaxLength(32)
+	@Matches(/^[a-z0-9_]+$/, {
+		message: "username must contain only lowercase letters, numbers, and underscores",
+	})
 	username!: string;
 
 	@IsString()
@@ -21,5 +25,15 @@ export class RegisterDto {
 
 	@IsString()
 	@MinLength(8)
+	@Matches(/[A-Z]/, {
+		message: "password must contain at least one uppercase letter",
+	})
+	@Matches(/[a-z]/, {
+		message: "password must contain at least one lowercase letter",
+	})
+	@Matches(/[0-9]/, { message: "password must contain at least one number" })
+	@Matches(/[^A-Za-z0-9]/, {
+		message: "password must contain at least one special character",
+	})
 	password!: string;
 }