🔐Go client library for checking values against compromised HIBP Pwned Passwords
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
.travis.yml
LICENSE
README.md
cache.go
hibp.go
pwned.go
pwned_test.go

README.md

pwned-passwords

GoDoc Build Status Go Report Card license

A simple Go client library for checking compromised passwords against HIBP Pwned Passwords.

Upon request, results will be cached (in-memory), keyed by hash. With a two hour expiry window, subsequent requests will use cached data or fetch fresh data accordingly.

Installation

go get -u github.com/mattevans/pwned-passwords

Usage

package main

import (
        "fmt"
	hibp "github.com/mattevans/pwned-passwords"
	"os"
)

func main() {
  // Init a client.
  client := hibp.NewClient()

  // Check to see if your given string is compromised.
  pwned, err := client.Pwned.Compromised("string to check")
  if err != nil {
      fmt.Println("Pwned failed")
      os.Exit(1)
  }

  if pwned {
      // Oh dear!
      // You should avoid using that password
  } else {
     // Woo!
     // All clear!
  }
}

Expire in-memory cache

client.Cache.Expire(HASHED_VALUE)
client.Cache.ExpireAll()

Contributing

If you've found a bug or would like to contribute, please create an issue here on GitHub, or better yet fork the project and submit a pull request!