From da261fcf9f5a6056b27eb24c858350afb1d10c3b Mon Sep 17 00:00:00 2001
From: Web-serfer <user@example.com>
Date: Tue, 5 May 2026 21:03:24 +0500
Subject: [PATCH] =?UTF-8?q?=D0=9D=D0=BE=D0=B2=D1=8B=D0=B9=20=D0=BF=D1=80?=
 =?UTF-8?q?=D0=B0=D0=B2=D0=B8=D0=BB=D0=B0=20=D0=B2=D0=B0=D0=BB=D0=B8=D0=B4?=
 =?UTF-8?q?=D0=B0=D1=86=D0=B8=D0=B8=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 frontend/src/pages/api/auth/sign-up.ts | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/frontend/src/pages/api/auth/sign-up.ts b/frontend/src/pages/api/auth/sign-up.ts
index 988df60..737a991 100644
--- a/frontend/src/pages/api/auth/sign-up.ts
+++ b/frontend/src/pages/api/auth/sign-up.ts
@@ -2,6 +2,23 @@ import type { APIRoute } from 'astro';
 import { pb } from '../../../lib/pb';
 import { sendEmail, generateVerifyEmailHtml, getSiteUrl } from '../../../lib/email';
 
+const PASSWORD_MIN_LENGTH = 8;
+const PASSWORD_MAX_LENGTH = 12;
+const PASSWORD_REGEX = /^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d_!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?]+$/;
+
+function validatePassword(password: string): { valid: boolean; error?: string } {
+  if (!password || password.length < PASSWORD_MIN_LENGTH) {
+    return { valid: false, error: 'Пароль должен быть не менее 8 символов' };
+  }
+  if (password.length > PASSWORD_MAX_LENGTH) {
+    return { valid: false, error: 'Пароль не должен превышать 12 символов' };
+  }
+  if (!PASSWORD_REGEX.test(password)) {
+    return { valid: false, error: 'Пароль должен содержать хотя бы одну букву и одну цифру' };
+  }
+  return { valid: true };
+}
+
 export const POST: APIRoute = async ({ request, redirect }) => {
   try {
     const data = await request.json();
@@ -17,6 +34,14 @@ export const POST: APIRoute = async ({ request, redirect }) => {
       }), { status: 400 });
     }
 
+    const passwordValidation = validatePassword(password);
+    if (!passwordValidation.valid) {
+      return new Response(JSON.stringify({
+        success: false,
+        error: passwordValidation.error
+      }), { status: 400 });
+    }
+
     // Создаём пользователя
     const record = await pb.collection('users').create({
       firstName,