add minimum password length check

internal/config/auth.go

@@ -18,6 +18,9 @@ type Auth struct {
 	Ldap []LdapProvider `yaml:"ldap"`
 	// Webauthn contains the configuration for the WebAuthn authenticator.
 	WebAuthn WebauthnConfig `yaml:"webauthn"`
+	// MinPasswordLength is the minimum password length for user accounts. This also applies to the admin user.
+	// It is encouraged to set this value to at least 16 characters.
+	MinPasswordLength int `yaml:"min_password_length"`
 }
 
 // BaseFields contains the basic fields that are used to map user information from the authentication providers.

internal/config/config.go

@@ -101,7 +101,7 @@ func defaultConfig() *Config {
 	cfg := &Config{}
 
 	cfg.Core.AdminUser = "admin@wgportal.local"
-	cfg.Core.AdminPassword = "wgportal"
+	cfg.Core.AdminPassword = "wgportal-default"
 	cfg.Core.AdminApiToken = "" // by default, the API access is disabled
 	cfg.Core.ImportExisting = true
 	cfg.Core.RestoreState = true
@@ -165,6 +165,7 @@ func defaultConfig() *Config {
 	cfg.Webhook.Timeout = 10 * time.Second
 
 	cfg.Auth.WebAuthn.Enabled = true
+	cfg.Auth.MinPasswordLength = 16
 
 	return cfg
 }