From 9c8f77665248086005d7c1926b1ada3844ca763f Mon Sep 17 00:00:00 2001 From: nsfisis Date: Tue, 30 Dec 2025 22:14:29 +0900 Subject: fix(auth): unify password length requirement to 15 characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The add-user.ts script required only 8 characters while createUserSchema required 15. Now both enforce the same minimum of 15 characters for stronger password security. 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-Authored-By: Claude Opus 4.5 --- docs/dev/roadmap.md | 2 +- src/server/scripts/add-user.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md index ed45ea6..498ef11 100644 --- a/docs/dev/roadmap.md +++ b/docs/dev/roadmap.md @@ -198,7 +198,7 @@ Smaller features first to enable early MVP validation. ### Medium Priority - [x] Fix card update authorization in sync push (verify existing card ownership) -- [ ] Unify password length requirement (add-user.ts: 8 chars → 15 chars) +- [x] Unify password length requirement (add-user.ts: 8 chars → 15 chars) ### Low Priority - [ ] Consider httpOnly cookie for token storage (XSS mitigation) diff --git a/src/server/scripts/add-user.ts b/src/server/scripts/add-user.ts index 5fcccac..bad34fd 100644 --- a/src/server/scripts/add-user.ts +++ b/src/server/scripts/add-user.ts @@ -17,8 +17,8 @@ async function main() { process.exit(1); } - if (password.length < 8) { - console.error("Error: Password must be at least 8 characters"); + if (password.length < 15) { + console.error("Error: Password must be at least 15 characters"); process.exit(1); } -- cgit v1.2.3-70-g09d2