Estimate strength of users' new password input with zxcvbn, and query haveibeenpwned for matches against known hacked accounts

recipe-exchange

#1

First things first - the goods: https://github.com/detroitenglish/pw-pwnage-cfworker

This worker handles your users’ password input directly, so please read the source before deploying! src/index.js is only 147 lines of very heavily commented code.

Simply change the env file, and deploy - nice and easy. Detailed instructions and some config options are documented in README.md.

Libs are bundled up with the sauce via webpack, so you will need NodeJS installed in order to deploy.

For context, here’s an example of how I use this client-side in my own application:

Many thank-you’s to Cloudflare and @troyhunt for freely providing the haveibeenpwned API The maintainers of zxcvbn at DropBox are also a strapping lot.

Enjoy!


Simple Cloudflare Worker with built-in Routing