/pwned-passwords

🔐Go client library for checking values against compromised HIBP Pwned Passwords

Primary LanguageGoMIT LicenseMIT

pwned-passwords

GoDoc Build Status Go Report Card license

A simple Go client library for checking compromised passwords against HIBP Pwned Passwords.

Upon request, results will be cached (in-memory) for a configurable window, keyed by hash.

Installation

go get -u github.com/mattevans/pwned-passwords

Usage

package main

import (
    "fmt"
    "os"
    "time"

    hibp "github.com/mattevans/pwned-passwords"
)

const (
    storeExpiry = 1 * time.Hour
)

func main() {
    // Init a client.
    client := hibp.NewClient(storeExpiry)

    // Check to see if your given string is compromised.
    pwned, err := client.Pwned.Compromised("string to check")
    if err != nil {
        os.Exit(1)
    }

    if pwned {
        // Oh dear! 😱
        // You should avoid using that password
    }
}

Managing the inmemory store

// Delete will remove an item from the store by hash.
client.Store.Delete(HASHED_VALUE)
// DeleteExpired will remove all expired items from the store.
client.Store.DeleteExpired()
// PurgeAll will flush the store.
client.Store.PurgeAll()

Contributing

If you've found a bug or would like to contribute, please create an issue here on GitHub, or better yet fork the project and submit a pull request!