fix: password minlength mismatch and add email validation

[ankushchk]

Summary

• Fix password minlength="6" to minlength="8" and placeholder to match backend's 8-char requirement
• Add email format validation on both backend (regex in api_register) and frontend (client-side check before fetch)
• Validate in form order: email first, then password

What was exactly wrong

• Frontend said "min 6 characters" but backend rejected anything under 8, users got a confusing server error
• No email validation existed anywhere, any string was accepted as an email

Test plan

• Bad email shows "Please provide a valid email address" (both client-side and server-side)
• Short password shows "Password must be at least 8 characters"
• Valid input registers successfully
• Existing login flow unaffected

Summary

This PR fixes a password minimum length mismatch and introduces email format validation to improve user experience and data consistency.

Changes

Frontend (public/login.html)

• Updated password input minlength and placeholder from "6" to "8" to align with backend requirements
• Added client-side validation that checks email format (via regex) and password length (≥8 characters) before submitting the registration request
• Validation now checks email first, then password, providing immediate feedback for invalid input

Backend (src/worker.py)

• Added email format validation in api_register using regex pattern matching
• Invalid emails are rejected with a clear error message before processing password or creating the user

Impact

These changes resolve the confusing user experience where the frontend suggested a 6-character password minimum while the backend enforced 8 characters, resulting in server errors. Users now receive consistent, upfront validation feedback on both the client and server side. Email validation prevents invalid email submissions, improving data quality and reducing unnecessary server requests.

[coderabbitai]

Walkthrough

The changes implement email format validation alongside enhanced password constraints at both client and server layers. Client-side validation includes email regex checking and password length verification (8+ chars) with early error handling. Server-side validation adds email format validation before user registration processing.

Changes

Cohort / File(s)	Summary
Client-side registration validation public/login.html	Updated registration password minlength constraint from 6 to 8 characters. Added client-side email regex validation and password length checks with early error handling and form submission prevention on validation failure.
Server-side email validation src/worker.py	Added email format validation using regex in the registration endpoint to reject invalid email addresses before proceeding with password checks and user insertion.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: aligning password minlength constraints between frontend and backend (6→8), and adding email validation on both layers.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@public/login.html`:
- Around line 76-77: The label for the password input is not programmatically
associated with the input; update the corresponding <label> element to include
for="r-password" so it links to the input with id="r-password" (this improves
screen reader/focus behavior), and apply the same for other form fields where
labels are missing a matching for attribute to their inputs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: alphaonelabs/coderabbit/.coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f36cb254-09ba-458b-b5a7-010b04731264

📥 Commits

Reviewing files that changed from the base of the PR and between a08bafc and 796194b.

📒 Files selected for processing (2)

• public/login.html
• src/worker.py