-
Notifications
You must be signed in to change notification settings - Fork 2
/
index.ts
50 lines (45 loc) · 1.83 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { createHash } from 'crypto';
import { get } from 'https';
/**
* Hashes a password using SHA-1 then send the first 5 characters of that hash to the haveibeenpwned.com API
* The API returns a range of hash suffixes with corresponding breach counts. By reconstructing the hashes
* we can check how many breach occurences a password has been in anonymously
*
* More information can be found at these links
* https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
* https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
* @param {string} password
* @returns {Promise<number>}
*/
function checkPassword(password: string) : Promise<number> {
const hashedPassword = createHash('sha1')
.update(password)
.digest('hex')
.toUpperCase();
const hashPrefix = hashedPassword.substr(0, 5);
const hashSuffix = hashedPassword.substr(5, hashedPassword.length - 1);
return new Promise((resolve, reject) => {
get(`https://api.pwnedpasswords.com/range/${hashPrefix}`, (res) => {
let response = '';
res.on('data', (d) => {
response += d;
});
res.on('end', () => {
const hashes = response.split('\n')
.reduce((acc: {[hash: string]: number}, hashCountPair: string) => {
const [hashSuffix, count] = hashCountPair.split(':');
acc[hashPrefix + hashSuffix] = parseInt(count);
return acc;
}, {});
const count = hashes[hashPrefix + hashSuffix];
if(count){
resolve(count);
} else {
resolve(0);
}
});
}).on('error', reject)
});
}
export default checkPassword;
module.exports = checkPassword;