add registration security: bcrypt secret key, length validation, duplicate check, rate limiting

2026-06-25 11:55:55 +03:00
parent efe68ef9a2
commit 6797f3d3c8
6 changed files with 172 additions and 19 deletions
@@ -241,16 +241,21 @@ components:
      required:
        - login
        - password
+        - secret_key
      properties:
        login:
          type: string
-          description: Desired login / username
+          description: Desired login / username (minimum 5 characters)
          example: "john_doe"
        password:
          type: string
          format: password
-          description: Desired password (will be hashed with bcrypt)
-          example: "secret123"
+          description: Desired password (minimum 9 characters, will be hashed with bcrypt)
+          example: "securePass123"
+        secret_key:
+          type: string
+          description: Plaintext registration secret key (REGISTRATION_SECRET_KEY from server .env)
+          example: "FtracKer*1405."

    LoginResponse:
      type: object