register form fields

src/controllers/auth_pages.rs

@@ -106,13 +106,50 @@ async fn register_page(
     register_view(&v, &jar, None)
 }
 
+/// Registration form. The name is no longer collected from the user — it is
+/// derived from the email — and the password is entered twice to guard against
+/// typos.
+#[derive(Debug, serde::Deserialize)]
+struct RegisterForm {
+    email: String,
+    password: String,
+    password_confirm: String,
+    #[serde(default)]
+    account_type: Option<String>,
+}
+
+/// Derive a display name from an email address (its local part), falling back to
+/// the full address when the local part is too short for the name validator.
+fn name_from_email(email: &str) -> String {
+    let local = email.split('@').next().unwrap_or("").trim();
+    if local.chars().count() >= 2 {
+        local.to_string()
+    } else {
+        email.trim().to_string()
+    }
+}
+
 #[debug_handler]
 async fn register(
     jar: CookieJar,
     ViewEngine(v): ViewEngine<TeraView>,
     State(ctx): State<AppContext>,
-    Form(params): Form<RegisterParams>,
+    Form(form): Form<RegisterForm>,
 ) -> Result<Response> {
+    if form.password != form.password_confirm {
+        return register_view(&v, &jar, Some("mismatch"));
+    }
+    if form.password.len() < 8 {
+        return register_view(&v, &jar, Some("weak"));
+    }
+
+    let params = RegisterParams {
+        name: name_from_email(&form.email),
+        email: form.email,
+        password: form.password,
+        account_type: form.account_type,
+    };
+
     let user = match users::Model::create_with_password(&ctx.db, &params).await {
         Ok(user) => user,
         Err(ModelError::EntityAlreadyExists {}) => {