Added validation for seed password

cmd/hatchet-admin/cli/seed/seed.go

@@ -10,13 +10,19 @@ import (
 
 	"github.com/hatchet-dev/hatchet/pkg/config/database"
 	v1 "github.com/hatchet-dev/hatchet/pkg/repository"
+	"github.com/hatchet-dev/hatchet/pkg/validator"
 )
 
 func SeedDatabase(dc *database.Layer) error {
 	shouldSeedUser := dc.Seed.AdminEmail != "" && dc.Seed.AdminPassword != ""
 	var userID uuid.UUID
 
 	if shouldSeedUser {
+		// validate the password meets complexity requirements before hashing
+		if !validator.ValidatePassword(dc.Seed.AdminPassword) {
+			return fmt.Errorf("ADMIN_PASSWORD does not meet requirements: must be between 8 and 64 characters and contain at least one uppercase letter, one lowercase letter, and one number")
+		}
+
 		// seed an example user
 		hashedPw, err := v1.HashPassword(dc.Seed.AdminPassword)
 

pkg/validator/validator.go

@@ -28,7 +28,7 @@ func newValidator() *validator.Validate {
 	})
 
 	_ = validate.RegisterValidation("password", func(fl validator.FieldLevel) bool {
-		return passwordValidation(fl.Field().String())
+		return ValidatePassword(fl.Field().String())
 	})
 
 	_ = validate.RegisterValidation("uuid", func(fl validator.FieldLevel) bool {
@@ -89,7 +89,10 @@ func newValidator() *validator.Validate {
 	return validate
 }
 
-func passwordValidation(pw string) bool {
+// ValidatePassword returns true if the password meets complexity requirements:
+// between 8 and 64 characters, with at least one uppercase letter, one lowercase
+// letter, and one number.
+func ValidatePassword(pw string) bool {
 	pwLen := len(pw)
 	var hasNumber, hasUpper, hasLower bool