First things first - the goods: https://github.com/detroitenglish/pw-pwnage-cfworker
This worker handles your users’ password input directly, so please read the source before deploying!
src/index.js is only 147 lines of very heavily commented code.
Simply change the env file, and deploy - nice and easy. Detailed instructions and some config options are documented in
Libs are bundled up with the sauce via webpack, so you will need NodeJS installed in order to deploy.
For context, here’s an example of how I use this client-side in my own application:
Many thank-you’s to Cloudflare and @troyhunt for freely providing the
haveibeenpwned API The maintainers of
zxcvbn at DropBox are also a strapping lot.