🐛 fix(setup): enforce username length ≤ 12 during initial system setup
The User model applies `validate:"max=12"` to the `Username` field, but the initial setup flow did not validate this constraint. This allowed creation of a root user with an overly long username (e.g. "Uselessly1344"), which later caused every update request to fail with: Field validation for 'Username' failed on the 'max' tag This patch adds an explicit length check in `controller/setup.go` to reject usernames longer than 12 characters during setup, keeping validation rules consistent across the entire application. Refs: #1214
This commit is contained in:
Apple\Apple
@@ -75,6 +75,14 @@ func PostSetup(c *gin.Context) {
|
|||||||
|
|
||||||
// If root doesn't exist, validate and create admin account
|
// If root doesn't exist, validate and create admin account
|
||||||
if !rootExists {
|
if !rootExists {
|
||||||
|
// Validate username length: max 12 characters to align with model.User validation
|
||||||
|
if len(req.Username) > 12 {
|
||||||
|
c.JSON(400, gin.H{
|
||||||
|
"success": false,
|
||||||
|
"message": "用户名长度不能超过12个字符",
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
// Validate password
|
// Validate password
|
||||||
if req.Password != req.ConfirmPassword {
|
if req.Password != req.ConfirmPassword {
|
||||||
c.JSON(400, gin.H{
|
c.JSON(400, gin.H{
|
||||||
|
|||||||
Reference in New Issue
Block a user