oldas/pwned-passwords
Composer 安装命令:
composer require oldas/pwned-passwords
包简介
A library to query Troy Hunt's Pwned Passwords service to see whether or not a password has been included in a public breach.
README 文档
README
PwnedPasswords is a library that allows you to query Troy Hunt's Pwned Passwords API to determine if a password has been compromised in a public data breach.
Requirements
- PHP >= 8.2
Installation
Install PwnedPasswords easily with Composer by running the following command in your project directory:
composer require oldas/pwned-passwords
Usage
First, include the Composer autoload.php to load the library:
require_once('vendor/autoload.php');
Then, use the core service class HaveIBeenPwnedService to interact with the Pwned Passwords API:
use Oldas\PwnedPasswords\HaveIBeenPwnedService; // Create a service instance $haveIBeenPwnedService = new HaveIBeenPwnedService(); $plainTextPassword = 'password'; // leaked password // Check if the password has been compromised $result = $haveIBeenPwnedService->isPwned($plainTextPassword); // Returns: true (if compromised), false (if safe), or null (in case of API timeout) // Validate the password (throws exceptions for invalid input) $haveIBeenPwnedService->validatePassword($plainTextPassword); // Throws InvalidPasswordInputException, otherwise returns void
Methods Explained
isPwned(string $plainTextPassword): ?bool
This method checks whether the given password has been exposed in a public data breach by querying the Pwned Passwords API.
- Returns:
true: The password was found in a breach.false: The password was not found in a breach.null: The API call timed out or failed.
validatePassword(string $plainTextPassword): void
This method ensures the password meets the library's input criteria. If the password is invalid, it throws an exception before performing any further operations.
- Throws:
InvalidPasswordInputException
Notes
- The library uses the k-anonymity technique to query the API securely without revealing the full password to external services.
- Ensure proper validation and exception handling in your implementation to cover cases such as API timeout or invalid input.
License
This project is released under the MIT License.
Resources
oldas/pwned-passwords 适用场景与选型建议
oldas/pwned-passwords 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 1 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 01 月 09 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 oldas/pwned-passwords 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 oldas/pwned-passwords 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 1
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 36
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2025-01-09