Add username validation and password breach check to signup

- Enforced alphanumeric-only usernames using regex validation. - Passwords must be >= 8 chars and checked against haveibeenpwned.com. - Improved SignupRequest DTO with validation annotations. - Implemented UserService to handle password validation and encoding.
2025-07-03 02:26:30 +05:30
parent 8ae2ced645
commit 39aa31625d
3 changed files with 99 additions and 0 deletions
@@ -0,0 +1,23 @@
+package com.skycrate.backend.skycrateBackend.dto;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+
+public class SignupRequest {
+
+    @NotBlank
+    @Pattern(regexp = "^[a-zA-Z0-9]+$", message = "Username must be alphanumeric only")
+    private String username;
+
+    @NotBlank
+    @Email
+    private String email;
+
+    @NotBlank
+    @Size(min = 8, message = "Password must be at least 8 characters long")
+    private String password;
+
+    // Getters and Setters
+}