fix: password minlength mismatch and add email validation

public/login.html

@@ -73,8 +73,8 @@ <h2 class="text-xl font-bold text-slate-800 mb-6">Create your account</h2>
         </div>
         <div>
           <label class="block text-sm font-medium text-slate-700 mb-1">Password</label>
-          <input id="r-password" type="password" autocomplete="new-password" required minlength="6"
-            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="min 6 characters" />
+          <input id="r-password" type="password" autocomplete="new-password" required minlength="8"
+            class="w-full px-4 py-2.5 rounded-xl border border-slate-200 focus:outline-none focus:ring-2 focus:ring-brand/40 text-sm" placeholder="min 8 characters" />
         </div>
         <p id="register-err" class="text-red-500 text-sm hidden"></p>
         <button type="submit" class="w-full bg-brand text-white font-semibold py-2.5 rounded-xl hover:bg-brand-dark transition text-sm">Create Account</button>
@@ -125,14 +125,18 @@ <h2 class="text-xl font-bold text-slate-800 mb-6">Create your account</h2>
     e.preventDefault();
     document.getElementById('register-err').classList.add('hidden');
     const btn  = e.target.querySelector('button[type=submit]');
+    const email = document.getElementById('r-email').value.trim();
+    const pw    = document.getElementById('r-password').value;
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) { showErr('register-err', 'Please provide a valid email address'); return; }
+    if (pw.length < 8) { showErr('register-err', 'Password must be at least 8 characters'); return; }
     btn.textContent = 'Creating...'; btn.disabled = true;
     try {
       const res  = await fetch('/api/register', { method:'POST', headers:{'Content-Type':'application/json'},
         body: JSON.stringify({
           name:     document.getElementById('r-name').value.trim(),
           username: document.getElementById('r-username').value.trim(),
-          email:    document.getElementById('r-email').value.trim(),
-          password: document.getElementById('r-password').value,
+          email:    email,
+          password: pw,
         }) });
       const data = await res.json();
       if (!res.ok) throw new Error(data.error || 'Registration failed');

src/worker.py

@@ -563,6 +563,8 @@ async def api_register(req, env):
 
     if not username or not email or not password:
         return err("username, email, and password are required")
+    if not re.fullmatch(r"[^@\s]+@[^@\s]+\.[^@\s]+", email):
+        return err("Please provide a valid email address")
     if len(password) < 8:
         return err("Password must be at least 8 characters")