apg-go/hibp.go

package main

import (
	"bufio"
	"crypto/sha1"
	"fmt"
	"log"
	"net/http"
	"strings"
	"time"
)

func checkHibp(p string) (bool, error) {
	shaSum := fmt.Sprintf("%x", sha1.Sum([]byte(p)))
	firstPart := shaSum[0:5]
	secondPart := shaSum[5:]
	isPwned := false

	httpClient := &http.Client{Timeout: time.Second * 2}
	httpRes, err := httpClient.Get("https://api.pwnedpasswords.com/range/" + firstPart)
	if err != nil {
		return false, err
	}
	defer func() {
		err := httpRes.Body.Close()
		if err != nil {
			log.Printf("error while closing HTTP response body: %v\n", err)
		}
	}()

	scanObj := bufio.NewScanner(httpRes.Body)
	for scanObj.Scan() {
		scanLine := strings.SplitN(scanObj.Text(), ":", 2)
		if strings.ToLower(scanLine[0]) == secondPart {
			isPwned = true
			break
		}
	}
	if err := scanObj.Err(); err != nil {
		return isPwned, err
	}

	return isPwned, nil
}
Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec. 2021-04-29 12:22:10 +02:00			`package main`

			`import (`
			`"bufio"`
			`"crypto/sha1"`
			`"fmt"`
			`"log"`
			`"net/http"`
			`"strings"`
			`"time"`
			`)`

			`func checkHibp(p string) (bool, error) {`
			`shaSum := fmt.Sprintf("%x", sha1.Sum([]byte(p)))`
			`firstPart := shaSum[0:5]`
			`secondPart := shaSum[5:]`
			`isPwned := false`

			`httpClient := &http.Client{Timeout: time.Second * 2}`
			`httpRes, err := httpClient.Get("https://api.pwnedpasswords.com/range/" + firstPart)`
			`if err != nil {`
			`return false, err`
			`}`
			`defer func() {`
			`err := httpRes.Body.Close()`
			`if err != nil {`
Missing new line 2021-04-29 12:22:31 +02:00			`log.Printf("error while closing HTTP response body: %v\n", err)`
Added optional HIBP database check Even though the generated passwords are generated in a secure way, there is a minimal chance, that the same password was used by someone before and this password was part of a leak. If you want to be on the safe side, you can now use the "-p" parameter, to have your newly generated password against the HIBP (https://haveibeenpwned.com) database. This feature is disabled by default, since it requires internet access and also the API call might take ~500ms to 1sec. 2021-04-29 12:22:10 +02:00			`}`
			`}()`

			`scanObj := bufio.NewScanner(httpRes.Body)`
			`for scanObj.Scan() {`
			`scanLine := strings.SplitN(scanObj.Text(), ":", 2)`
			`if strings.ToLower(scanLine[0]) == secondPart {`
			`isPwned = true`
			`break`
			`}`
			`}`
			`if err := scanObj.Err(); err != nil {`
			`return isPwned, err`
			`}`

			`return isPwned, nil`
			`}`