geturbackend · NAYAMATVISION · May 25, 2026 · May 25, 2026 · May 26, 2026 · May 26, 2026
diff --git a/apps/dashboard-api/src/__tests__/auth.controller.test.js b/apps/dashboard-api/src/__tests__/auth.controller.test.js
@@ -70,6 +70,10 @@ jest.mock('@urbackend/common', () => {
             email: z.string().email(),
             password: z.string().min(1),
         }),
+        registerSchema: z.object({
+            email: z.string().email(),
+            password: z.string().min(1),
+        }),
         changePasswordSchema: z.object({
             currentPassword: z.string().min(1),
             newPassword: z.string().min(6),

diff --git a/apps/dashboard-api/src/controllers/auth.controller.js b/apps/dashboard-api/src/controllers/auth.controller.js
@@ -8,6 +8,7 @@ const { sendOtp } = require("@urbackend/common");
 const crypto = require("crypto");
 const {
     loginSchema,
+    registerSchema,
     changePasswordSchema,
     deleteAccountSchema,
     onlyEmailSchema,
@@ -274,7 +275,7 @@ async function checkOtpCooldown(userId) {
 
 module.exports.register = async (req, res) => {
     try {
-        const { email, password } = loginSchema.parse(req.body);
+        const { email, password } = registerSchema.parse(req.body);
 
         const existingUser = await Developer.findOne({ email });
         if (existingUser) return res.status(400).json({ error: "Email already exists" });

diff --git a/apps/web-dashboard/package.json b/apps/web-dashboard/package.json
@@ -27,7 +27,8 @@
     "react-router-dom": "^7.9.6",
     "recharts": "^3.5.1",
     "remark-gfm": "^4.0.1",
-    "tailwindcss": "^4.1.18"
+    "tailwindcss": "^4.1.18",
+    "zxcvbn": "^4.4.2"
   },
   "devDependencies": {
     "@eslint/js": "^9.39.1",

diff --git a/apps/web-dashboard/src/components/PasswordStrengthMeter.jsx b/apps/web-dashboard/src/components/PasswordStrengthMeter.jsx
@@ -0,0 +1,101 @@
+import { useEffect, useMemo } from 'react';
+import zxcvbn from 'zxcvbn';
+
+const MIN_SCORE = 2;
+
+const SCORE_CONFIG = [
+  { label: 'Very weak', color: 'var(--color-danger)' },
+  { label: 'Weak',      color: '#f97316' },
+  { label: 'Fair',      color: '#facc15' },
+  { label: 'Strong',    color: 'var(--color-primary)' },
+  { label: 'Very strong', color: 'var(--color-primary)' },
+];
+
+function buildUserInputs(userInputs) {
+  const values = (userInputs || []).filter(Boolean).map((v) => String(v));
+  const tokens = values.flatMap((v) => v.split(/[\s@.+_-]+/));
+  return [...new Set([...values, ...tokens])].filter((v) => v.length > 2);
+}
+
+function PasswordStrengthMeter({ password, userInputs, onStrengthChange }) {
+  const result = useMemo(() => {
+    if (!password) return null;
+    return zxcvbn(password, buildUserInputs(userInputs));
+  }, [password, userInputs]);
+
+  useEffect(() => {
+    if (!onStrengthChange) return;
+    if (!result) {
+      onStrengthChange({ score: 0, isStrongEnough: false });
+      return;
+    }
+    onStrengthChange({
+      score: result.score,
+      isStrongEnough: result.score >= MIN_SCORE,
+    });
+  }, [result, onStrengthChange]);
+
+  if (!password) return null;
+
+  const { score, feedback } = result;
+  const config = SCORE_CONFIG[score];
+  const barWidth = ((score + 1) / 5) * 100;
+
+  return (
+    <div style={{ marginTop: '0.5rem' }}>
+      {/* Strength bar */}
+      <div style={{
+        height: '4px',
+        borderRadius: '2px',
+        background: 'var(--color-border)',
+        overflow: 'hidden',
+        marginBottom: '0.4rem',
+      }}>
+        <div style={{
+          height: '100%',
+          width: `${barWidth}%`,
+          background: config.color,
+          borderRadius: '2px',
+          transition: 'width 0.3s ease, background 0.3s ease',
+        }} />
+      </div>
+
+      {/* Score label */}
+      <div style={{
+        display: 'flex',
+        justifyContent: 'space-between',
+        alignItems: 'center',
+        marginBottom: feedback.warning || feedback.suggestions?.length ? '0.4rem' : 0,
+      }}>
+        <span style={{ fontSize: '0.78rem', color: config.color, fontWeight: 600 }}>
+          {config.label}
+        </span>
+        {score < MIN_SCORE && (
+          <span style={{ fontSize: '0.75rem', color: 'var(--color-text-muted)' }}>
+            Too weak to submit
+          </span>
+        )}
+      </div>
+
+      {/* Warning */}
+      {feedback.warning && (
+        <p style={{ fontSize: '0.78rem', color: 'var(--color-text-muted)', margin: '0 0 0.25rem' }}>
+          {feedback.warning}
+        </p>
+      )}
+
+      {/* Suggestions */}
+      {feedback.suggestions?.length > 0 && (
+        <ul style={{ margin: 0, padding: '0 0 0 1rem' }}>
+          {feedback.suggestions.map((s) => (
+            <li key={s} style={{ fontSize: '0.78rem', color: 'var(--color-text-muted)', marginBottom: '0.15rem' }}>
+              {s}
+            </li>
+          ))}
+        </ul>
+      )}
+    </div>
+  );
+}
+
+export default PasswordStrengthMeter;
diff --git a/apps/web-dashboard/src/pages/ForgotPassword.jsx b/apps/web-dashboard/src/pages/ForgotPassword.jsx
@@ -1,9 +1,10 @@
-import { useEffect, useState } from 'react';
+import { useEffect, useMemo, useState } from 'react';
 import toast from 'react-hot-toast';
 import { Eye, EyeOff, KeyRound, Lock, Mail } from 'lucide-react';
 import { Link, useLocation, useNavigate } from 'react-router-dom';
 
 import AuthShell from '../components/AuthShell';
+import PasswordStrengthMeter from '../components/PasswordStrengthMeter';
 import { useAuth } from '../context/AuthContext';
 import api from '../utils/api';
 
@@ -16,13 +17,19 @@ function ForgotPassword() {
   const [isSubmitting, setIsSubmitting] = useState(false);
   const [showNewPassword, setShowNewPassword] = useState(false);
   const [showConfirmPassword, setShowConfirmPassword] = useState(false);
+  const [passwordStrength, setPasswordStrength] = useState({ score: 0, isStrongEnough: false });
   const [formData, setFormData] = useState({
     email: location.state?.email || '',
     otp: '',
     newPassword: '',
     confirmPassword: '',
   });
 
+  const userInputs = useMemo(
+    () => [formData.email],
+    [formData.email]
+  );
+
   useEffect(() => {
     if (!authLoading && isAuthenticated) {
       navigate('/dashboard', { replace: true });
@@ -92,6 +99,11 @@ function ForgotPassword() {
       return;
     }
 
+    if (!passwordStrength.isStrongEnough) {
+      toast.error('Please choose a stronger password.');
+      return;
+    }
+
     setIsSubmitting(true);
     const loadingToast = toast.loading('Resetting password...');
 
@@ -203,6 +215,11 @@ function ForgotPassword() {
                 {showNewPassword ? <EyeOff size={18} /> : <Eye size={18} />}
               </button>
             </div>
+            <PasswordStrengthMeter
+              password={formData.newPassword}
+              userInputs={userInputs}
+              onStrengthChange={setPasswordStrength}
+            />
           </div>
 
           <div className="auth-field">
@@ -232,7 +249,11 @@ function ForgotPassword() {
             </div>
           </div>
 
-          <button type="submit" className="btn btn-primary auth-submit" disabled={isSubmitting}>
+          <button
+            type="submit"
+            className="btn btn-primary auth-submit"
+            disabled={isSubmitting || (formData.newPassword.length > 0 && !passwordStrength.isStrongEnough)}
+          >
             {isSubmitting ? 'Resetting...' : 'Reset password'}
           </button>
 

diff --git a/apps/web-dashboard/src/pages/Settings.jsx b/apps/web-dashboard/src/pages/Settings.jsx
@@ -1,17 +1,21 @@
-import { useState } from 'react';
+import { useMemo, useState } from 'react';
 import api from '../utils/api';
 import { useAuth } from '../context/AuthContext';
 import toast from 'react-hot-toast';
 import { Lock, Trash2, AlertTriangle, Save, CheckCircle } from 'lucide-react';
 import { API_URL } from '../config';
 import ConfirmationModal from './ConfirmationModal';
+import PasswordStrengthMeter from '../components/PasswordStrengthMeter';
 
 export default function Settings() {
     const { logout, user, isLoading } = useAuth();
 
     // Password State
     const [passData, setPassData] = useState({ currentPassword: '', newPassword: '' });
     const [loadingPass, setLoadingPass] = useState(false);
+    const [passwordStrength, setPasswordStrength] = useState({ score: 0, isStrongEnough: false });
+
+    const userInputs = useMemo(() => [user?.email], [user?.email]);
 
     // Delete Account State
     const [deletePass, setDeletePass] = useState('');
@@ -22,13 +26,21 @@ export default function Settings() {
     // Handle Password Change
     const handlePasswordChange = async (e) => {
         e.preventDefault();
+        if (!passwordStrength.isStrongEnough) {
+            toast.error('Please choose a stronger password.');
+            return;
+        }
         setLoadingPass(true);
         try {
             await api.put(`/api/auth/change-password`, passData);
-            toast.success("Password updated!");
+            toast.success('Password updated!');
             setPassData({ currentPassword: '', newPassword: '' });
         } catch (err) {
-            toast.error(err.response?.data || "Failed to update password");
+            const data = err.response?.data;
+            let message = 'Failed to update password';
+            if (typeof data?.error === 'string') message = data.error;
+            else if (Array.isArray(data?.error)) message = data.error[0]?.message || message;
+            toast.error(message);
         } finally {
             setLoadingPass(false);
         }
@@ -146,10 +158,15 @@ if (pageLoading) return <SettingsSkeleton />;
                                 minLength={6}
                                 style={{ width: '100%', padding: '12px', background: 'var(--color-bg-input)', border: '1px solid var(--color-border)', borderRadius: '8px', color: '#fff' }}
                             />
+                            <PasswordStrengthMeter
+                                password={passData.newPassword}
+                                userInputs={userInputs}
+                                onStrengthChange={setPasswordStrength}
+                            />
                         </div>
                     </div>
                     <div style={{ display: 'flex', justifyContent: 'flex-end' }}>
-                        <button type="submit" className="btn btn-primary" disabled={loadingPass} style={{ padding: '10px 20px' }}>
+                        <button type="submit" className="btn btn-primary" disabled={loadingPass || (passData.newPassword.length > 0 && !passwordStrength.isStrongEnough)} style={{ padding: '10px 20px' }}>
                             {loadingPass ? 'Updating...' : <><Save size={18} /> Update Password</>}
                         </button>
                     </div>

diff --git a/apps/web-dashboard/src/pages/Signup.jsx b/apps/web-dashboard/src/pages/Signup.jsx
@@ -4,6 +4,7 @@ import { Eye, EyeOff, Github, Lock, Mail, UserRound } from 'lucide-react';
 import { useNavigate } from 'react-router-dom';
 
 import AuthShell from '../components/AuthShell';
+import PasswordStrengthMeter from '../components/PasswordStrengthMeter';
 import { useAuth } from '../context/AuthContext';
 import api from '../utils/api';
 import { API_URL } from '../config';
@@ -19,40 +20,26 @@ function Signup() {
   });
   const [showPassword, setShowPassword] = useState(false);
   const [isSubmitting, setIsSubmitting] = useState(false);
+  const [passwordStrength, setPasswordStrength] = useState({ score: 0, isStrongEnough: false });
 
   useEffect(() => {
     if (!authLoading && isAuthenticated) {
       navigate('/dashboard', { replace: true });
     }
   }, [authLoading, isAuthenticated, navigate]);
 
-  const passwordChecks = useMemo(
-    () => [
-      {
-        label: 'At least 6 characters',
-        passed: formData.password.length >= 6,
-      },
-      {
-        label: 'Contains a letter',
-        passed: /[A-Za-z]/.test(formData.password),
-      },
-      {
-        label: 'Contains a number',
-        passed: /\d/.test(formData.password),
-      },
-    ],
-    [formData.password]
+  const userInputs = useMemo(
+    () => [formData.name, formData.email],
+    [formData.name, formData.email]
   );
 
-  if (authLoading) {
-    return null;
-  }
-
   const handleChange = (event) => {
     const { name, value } = event.target;
     setFormData((current) => ({ ...current, [name]: value }));
   };
 
+  if (authLoading) return null;
+
   const handleSubmit = async (event) => {
     event.preventDefault();
 
@@ -61,6 +48,11 @@ function Signup() {
       return;
     }
 
+    if (!passwordStrength.isStrongEnough) {
+      toast.error('Please choose a stronger password.');
+      return;
+    }
+
     setIsSubmitting(true);
     const loadingToast = toast.loading('Creating your account...');
 
@@ -179,21 +171,18 @@ function Signup() {
               {showPassword ? <EyeOff size={18} /> : <Eye size={18} />}
             </button>
           </div>
+          <PasswordStrengthMeter
+            password={formData.password}
+            userInputs={userInputs}
+            onStrengthChange={setPasswordStrength}
+          />
         </div>
 
-        <div className="auth-password-checks">
-          {passwordChecks.map((check) => (
-            <div
-              key={check.label}
-              className={`auth-password-check ${check.passed ? 'is-passed' : ''}`}
-            >
-              <span className="auth-password-check__dot" />
-              <span>{check.label}</span>
-            </div>
-          ))}
-        </div>
-
-        <button type="submit" className="btn btn-secondary auth-submit" disabled={isSubmitting}>
+        <button
+          type="submit"
+          className="btn btn-secondary auth-submit"
+          disabled={isSubmitting || (formData.password.length > 0 && !passwordStrength.isStrongEnough)}
+        >
           {isSubmitting ? 'Creating account...' : 'Create account'}
         </button>
       </form>