Add rules language support and improve password validation across the app

users.go

@@ -52,11 +52,14 @@ func handleCreateUser(w http.ResponseWriter, r *http.Request) {
 		writeError(w, http.StatusBadRequest, "missing_fields")
 		return
 	}
-	if len(req.Username) > maxUsernameLen || len(req.Password) > maxPasswordLen ||
-		len(req.DisplayName) > maxDisplayNameLen {
+	if len(req.Username) > maxUsernameLen || len(req.DisplayName) > maxDisplayNameLen {
 		writeError(w, http.StatusBadRequest, "too_long")
 		return
 	}
+	if msg := validatePassword(req.Password); msg != "" {
+		writeError(w, http.StatusBadRequest, msg)
+		return
+	}
 	if req.IsSystemAdmin && !actor.IsSystemAdmin {
 		writeError(w, http.StatusForbidden, "forbidden")
 		return
@@ -148,8 +151,8 @@ func handleAdminUpdateUser(w http.ResponseWriter, r *http.Request) {
 		db.Exec("UPDATE users SET display_name=? WHERE id=?", *req.DisplayName, id)
 	}
 	if req.Password != nil && *req.Password != "" {
-		if len(*req.Password) > maxPasswordLen {
-			writeError(w, http.StatusBadRequest, "too_long")
+		if msg := validatePassword(*req.Password); msg != "" {
+			writeError(w, http.StatusBadRequest, msg)
 			return
 		}
 		hash, _ := bcrypt.GenerateFromPassword([]byte(*req.Password), bcrypt.DefaultCost)