diff --git a/controller/setup.go b/controller/setup.go
index 0a13bcf9..8943a1a0 100644
--- a/controller/setup.go
+++ b/controller/setup.go
@@ -75,6 +75,14 @@ func PostSetup(c *gin.Context) {
 
 	// If root doesn't exist, validate and create admin account
 	if !rootExists {
+		// Validate username length: max 12 characters to align with model.User validation
+		if len(req.Username) > 12 {
+			c.JSON(400, gin.H{
+				"success": false,
+				"message": "用户名长度不能超过12个字符",
+			})
+			return
+		}
 		// Validate password
 		if req.Password != req.ConfirmPassword {
 			c.JSON(400, gin.H{