From 839f86ec8446778d14ff869489180fb38281cc6d Mon Sep 17 00:00:00 2001
From: Miyamizu-MitsuhaSang <2510681107@qq.com>
Date: Sat, 16 Aug 2025 22:31:28 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=AF=86=E7=A0=81=E8=A6=81?=
 =?UTF-8?q?=E6=B1=82=E5=85=81=E8=AE=B8=E5=B8=B8=E8=A7=81=E7=9A=84=E7=89=B9?=
 =?UTF-8?q?=E6=AE=8A=E5=AD=97=E7=AC=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/utils/security.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/utils/security.py b/app/utils/security.py
index 0661b42..70495bd 100644
--- a/app/utils/security.py
+++ b/app/utils/security.py
@@ -34,8 +34,13 @@ async def validate_password(password: str):
         raise HTTPException(status_code=400, detail="密码长度必须在6到20之间")
     if not re.search(r'\d', password):
         raise HTTPException(status_code=400, detail="密码必须包含至少一个数字")
-    if re.search(r'[^a-zA-Z0-9]', password):
-        raise HTTPException(status_code=400, detail="密码不能包含特殊字符，只能包含字母和数字")
+    # 检查是否包含允许的特殊字符（白名单方式）
+    allowed_specials = r"!@#$%^&*()_\-+=\[\]{};:'\",.<>?/\\|`~"
+    if re.search(fr"[^\da-zA-Z{re.escape(allowed_specials)}]", password):
+        raise HTTPException(
+            status_code=400,
+            detail=f"密码只能包含字母、数字和常见特殊字符 {allowed_specials}"
+        )
 
 
 # 登陆校验