Improve registration flow for parental controls and fix min age on setitngs update.

Author: thenoname-gurl

backend/src/handlers/userHandler.ts

@@ -6,7 +6,7 @@ import { OutboundEmail } from '../models/outboundEmail.entity';
 import { User } from '../models/user.entity';
 import { validateUserRegistration } from '../middleware/validation';
 import { hashPassword, comparePassword } from '../utils/password';
-import { canRegister, getGeoBlockLevel } from '../utils/eu';
+import { canRegister, getGeoBlockLevel, getMinimumAgeForCountry } from '../utils/eu';
 import { authenticate } from '../middleware/auth';
 import { UserLog } from '../models/userLog.entity';
 import { ParentLinkRequest } from '../models/parentLinkRequest.entity';
@@ -208,6 +208,7 @@ export async function userRoutes(app: any, prefix = '') {
       : undefined;
 
     const inviteRepo = AppDataSource.getRepository(ParentRegistrationInvite);
+    const userRepo = AppDataSource.getRepository(User);
     let parentRegistrationInvite: ParentRegistrationInvite | null = null;
     if (parentRegistrationToken) {
       parentRegistrationInvite = await inviteRepo.findOneBy({ token: parentRegistrationToken, used: false });
@@ -221,6 +222,18 @@ export async function userRoutes(app: any, prefix = '') {
         return { error: 'email_mismatch', message: 'The child email does not match the parent registration invite.' };
       }
       body.parentId = parentRegistrationInvite.parentId;
+
+      const parentUser = await userRepo.findOneBy({ id: parentRegistrationInvite.parentId });
+      if (parentUser) {
+        if (!body.phone && parentUser.phone) body.phone = parentUser.phone;
+        if (!body.address && parentUser.address) body.address = parentUser.address;
+        if (!body.address2 && parentUser.address2) body.address2 = parentUser.address2;
+        if (!body.billingCompany && parentUser.billingCompany) body.billingCompany = parentUser.billingCompany;
+        if (!body.billingCity && parentUser.billingCity) body.billingCity = parentUser.billingCity;
+        if (!body.billingState && parentUser.billingState) body.billingState = parentUser.billingState;
+        if (!body.billingZip && parentUser.billingZip) body.billingZip = parentUser.billingZip;
+        if (!body.billingCountry && parentUser.billingCountry) body.billingCountry = parentUser.billingCountry;
+      }
     }
 
     const valid = await validateUserRegistration(ctx, ctx, { skipMinimumAge: !!parentRegistrationInvite });
@@ -243,7 +256,6 @@ export async function userRoutes(app: any, prefix = '') {
       ctx.set.status = 400;
       return { error: 'registration_email_reserved', message: 'That email is reserved by the panel and cannot be used for registration.' };
     }
-    const userRepo = AppDataSource.getRepository(User);
 
     if (body.parentId != null) {
       const parentId = Number(body.parentId);
@@ -568,7 +580,7 @@ export async function userRoutes(app: any, prefix = '') {
   }, {
    beforeHandle: authenticate,
     body: t.Object({ childEmail: t.Optional(t.String()) }),
-    response: { 200: t.Object({ success: t.Boolean(), invite: t.Object({ id: t.Number(), token: t.String(), childEmail: t.Optional(t.String()), link: t.String(), createdAt: t.String(), used: t.Boolean() }) }), 400: t.Object({ error: t.String() }), 401: t.Object({ error: t.String() }), 403: t.Object({ error: t.String() }) },
+    response: { 200: t.Object({ success: t.Boolean(), invite: t.Object({ id: t.Number(), token: t.String(), childEmail: t.Union([t.String(), t.Null()]), link: t.String(), createdAt: t.String(), used: t.Boolean() }) }), 400: t.Object({ error: t.String() }), 401: t.Object({ error: t.String() }), 403: t.Object({ error: t.String() }) },
     detail: { summary: 'Create a parent registration invite for a child account', tags: ['Users'] }
   });
 
@@ -599,7 +611,7 @@ export async function userRoutes(app: any, prefix = '') {
     };
   }, {
    beforeHandle: authenticate,
-    response: { 200: t.Object({ success: t.Boolean(), invites: t.Array(t.Object({ id: t.Number(), token: t.String(), childEmail: t.Optional(t.String()), link: t.String(), createdAt: t.String(), used: t.Boolean(), usedAt: t.Optional(t.Union([t.String(), t.Null()])), expiresAt: t.Optional(t.Union([t.String(), t.Null()])) })) }), 401: t.Object({ error: t.String() }) },
+    response: { 200: t.Object({ success: t.Boolean(), invites: t.Array(t.Object({ id: t.Number(), token: t.String(), childEmail: t.Union([t.String(), t.Null()]), link: t.String(), createdAt: t.String(), used: t.Boolean(), usedAt: t.Optional(t.Union([t.String(), t.Null()])), expiresAt: t.Optional(t.Union([t.String(), t.Null()])) })) }), 401: t.Object({ error: t.String() }) },
     detail: { summary: 'List parent registration invites for the current parent', tags: ['Users'] }
   });
 
@@ -1991,14 +2003,16 @@ export async function userRoutes(app: any, prefix = '') {
         return { error: 'invalid_date_of_birth', message: 'dateOfBirth must be a valid date string in YYYY-MM-DD format.' };
       }
       const updatedAge = getAgeFromDate(dateOfBirth);
-      if (updatedAge !== null && updatedAge < 14) {
+      const effectiveCountry = typeof payload.billingCountry === 'string' ? payload.billingCountry : user.billingCountry;
+      const minimumAge = await getMinimumAgeForCountry(effectiveCountry);
+      if (updatedAge !== null && updatedAge < minimumAge) {
         if (!isAdmin) {
           ctx.set.status = 400;
-          return { error: 'minimum_age', message: 'Users must be at least 14 years old.' };
+          return { error: 'minimum_age', message: `Users must be at least ${minimumAge} years old.` };
         }
         user.suspended = true;
         user.fraudFlag = true;
-        user.fraudReason = 'Underage account (<14 years)';
+        user.fraudReason = `Underage account (<${minimumAge} years)`;
       }
       user.dateOfBirth = dateOfBirth;
       delete payload.dateOfBirth;

frontend/app/register/page.tsx

@@ -606,9 +606,11 @@ export default function RegisterPage() {
     if (name === "password") setPasswordStrength(getPasswordStrength(value))
   }
 
+  const isParentInvite = Boolean(form.parentRegistrationToken)
+
   /* ─── Step validation ─── */
-  const canProceedStep0 = form.firstName && form.lastName && form.email && form.password && form.phone && form.dateOfBirth && passwordStrength >= 0.55
-  const canProceedStep1 = form.address && form.billingCity && form.billingState && form.billingZip && form.billingCountry
+  const canProceedStep0 = Boolean(form.firstName && form.lastName && form.email && form.password && form.dateOfBirth && passwordStrength >= 0.55 && (isParentInvite || form.phone))
+  const canProceedStep1 = Boolean(isParentInvite || (form.address && form.billingCity && form.billingState && form.billingZip && form.billingCountry))
 
   const nextStep = () => {
     if (step === 0 && !canProceedStep0) {
@@ -897,7 +899,7 @@ export default function RegisterPage() {
                       label={t("phoneNumber")}
                       value={form.phone}
                       onChange={handleChange}
-                      required
+                      required={!isParentInvite}
                       autoComplete="tel"
                     />
 
@@ -934,7 +936,7 @@ export default function RegisterPage() {
                       label={t("streetAddress")}
                       value={form.address}
                       onChange={handleChange}
-                      required
+                      required={!isParentInvite}
                       autoComplete="address-line1"
                     />
 
@@ -947,14 +949,20 @@ export default function RegisterPage() {
                       autoComplete="address-line2"
                     />
 
+                    {isParentInvite && (
+                      <p className="text-sm text-muted-foreground">
+                        {t("parentInviteHint")}
+                      </p>
+                    )}
+
                     <div className="grid grid-cols-1 sm:grid-cols-2 gap-3 sm:gap-4">
                       <InputField
                         name="billingCity"
                         placeholder={t("cityPlaceholder")}
                         label={t("city")}
                         value={form.billingCity}
                         onChange={handleChange}
-                        required
+                        required={!isParentInvite}
                         autoComplete="address-level2"
                       />
                       <InputField
@@ -963,7 +971,7 @@ export default function RegisterPage() {
                         label={t("stateProvince")}
                         value={form.billingState}
                         onChange={handleChange}
-                        required
+                        required={!isParentInvite}
                         autoComplete="address-level1"
                       />
                     </div>
@@ -975,7 +983,7 @@ export default function RegisterPage() {
                         label={t("zipPostal")}
                         value={form.billingZip}
                         onChange={handleChange}
-                        required
+                        required={!isParentInvite}
                         autoComplete="postal-code"
                       />
                       <SelectField
@@ -984,7 +992,7 @@ export default function RegisterPage() {
                         label={t("country")}
                         value={form.billingCountry}
                         onChange={handleChange}
-                        required
+                        required={!isParentInvite}
                       >
                         <option value="" className="bg-background text-muted-foreground">
                           {t("selectCountry")}

frontend/lib/api-client.ts

@@ -98,7 +98,17 @@ export async function apiFetch(
         let msg = text;
         try {
           const json = JSON.parse(text);
-          msg = json.error || JSON.stringify(json);
+          if (json?.error) {
+            msg = json.error;
+          } else if (json?.message) {
+            msg = json.message;
+          } else if (json?.type === 'validation' && json?.found) {
+            msg = Object.entries(json.found)
+              .map(([field, value]) => `${field}: ${value}`)
+              .join('; ');
+          } else {
+            msg = JSON.stringify(json);
+          }
         } catch {}
         throw new Error(msg || `HTTP error ${res.status}`);
       }

frontend/messages/en.json

@@ -269,7 +269,8 @@
       "title": "LANGUAGE",
       "current": "current",
       "footer": "Use arrow keys to navigate, ENTER to confirm.",
-      "mobileHint": "Tap to select on mobile."
+      "mobileHint": "Tap to select on mobile.",
+      "skipHint": "Press any key or click/tap to skip the typing animation."
     },
     "legal": {
       "line1": "Choose a document to review.",

frontend/messages/ru.json

@@ -260,7 +260,8 @@
       "title": "ЯЗЫК",
       "current": "текущий",
       "footer": "Используйте стрелки для навигации, ENTER для подтверждения.",
-      "mobileHint": "Нажмите, чтобы выбрать на мобильном."
+      "mobileHint": "Нажмите, чтобы выбрать на мобильном.",
+      "skipHint": "Нажмите любую кнопку или коснитесь экрана, чтобы пропустить анимацию набора."
     },
     "legal": {
       "line1": "Выберите документ для просмотра.",
@@ -774,6 +775,7 @@
     "securityNote": "Защищено шифрованием промышленного стандарта",
     "requiredFieldsStep0": "Пожалуйста, заполните все обязательные поля и убедитесь, что пароль имеет хотя бы среднюю надёжность.",
     "requiredFieldsStep1": "Пожалуйста, заполните все обязательные поля адреса.",
+    "parentInviteHint": "Если вы регистрируетесь по приглашению родителя, данные телефонов и плательщика могут быть унаследованы от родительского аккаунта, если оставить их пустыми.",
     "captchaChallengeOrWait": "Пожалуйста, решите капчу или подождите, пока невидимая капча станет активной.",
     "captchaExpired": "Капча не загружена или истекла. Пожалуйста, обновите капчу и попробуйте снова.",
     "invisibleCaptchaMissing": "Отсутствует токен невидимой капчи. Попробуйте обновить страницу.",