security: add password strength constraint

components/RegisterDialog.vue

@@ -1,14 +1,18 @@
 <script setup lang="ts">
 import { useForm } from 'vee-validate';
 import { Loader2 } from 'lucide-vue-next';
-import z from 'zod';
+import { z } from 'zod';
+import { passwordRegex } from '~/constants/index';
 
 const { $api, $toast } = useNuxtApp();
 
 const formSchema = toTypedSchema(z.object({
   username: z.string({ required_error: '用户名长度应至少为4' })
     .min(4, { message: '用户名长度应至少为4' }).max(24, { message: '用户名超出长度范围' }),
-  password: z.string({ required_error: '请输入密码' }).min(8, { message: '用户密码长度应至少为8' }),
+  password: z
+    .string({ required_error: '请输入密码' })
+    .min(8, { message: '用户密码长度应至少为8' })
+    .regex(passwordRegex, '密码必须包含大小写字母、数字与特殊符号'),
   confirm: z.string({ required_error: '请再次输入密码' }),
 }).refine(data => data.password === data.confirm, {
   message: '密码不匹配',

constants/index.ts

@@ -0,0 +1 @@
+export const passwordRegex = /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-_]).{8,}$/;

server/trpc/routers/user.ts

@@ -1,13 +1,14 @@
 import { TRPCError } from '@trpc/server';
 import { z } from 'zod';
 import { protectedProcedure, publicProcedure, router } from '../trpc';
+import { passwordRegex } from '~/constants/index';
 
 export const userRouter = router({
 
   register: protectedProcedure
     .input(z.object({
       id: z.string().min(4, { message: '用户ID长度应至少为4' }).max(24, { message: '用户ID超出长度范围' }),
-      password: z.string().min(8, { message: '用户密码长度应至少为8' }),
+      password: z.string().min(8, { message: '用户密码长度应至少为8' }).regex(passwordRegex, '密码必须包含大小写字母、数字与特殊符号'),
     }))
     .mutation(async ({ ctx, input }) => {
       const res = await ctx.userController.register({