summary refs log tree commit diff stats
path: root/hibp
diff options
context:
space:
mode:
Diffstat (limited to 'hibp')
-rw-r--r--hibp/hash.go15
-rw-r--r--hibp/pwned.go40
-rw-r--r--hibp/req.go35
3 files changed, 90 insertions, 0 deletions
diff --git a/hibp/hash.go b/hibp/hash.go
new file mode 100644
index 0000000..25249ed
--- /dev/null
+++ b/hibp/hash.go
@@ -0,0 +1,15 @@
+package hibp
+
+import (
+	"crypto/sha1"
+	"encoding/hex"
+	"strings"
+)
+
+// GetHsh takes a string as an input & returns SHA-1 Hash
+func GetHsh(pass string) string {
+	alg := sha1.New()
+	alg.Write([]byte(pass))
+
+	return strings.ToUpper(hex.EncodeToString(alg.Sum(nil)))
+}
diff --git a/hibp/pwned.go b/hibp/pwned.go
new file mode 100644
index 0000000..57a1727
--- /dev/null
+++ b/hibp/pwned.go
@@ -0,0 +1,40 @@
+package hibp
+
+import (
+	"fmt"
+	"strings"
+)
+
+// GetPwned takes SHA-1 Hash as input & returns Pwned Passwords list
+// returned by the Have I Been Pwned API
+func GetPwned(hsh string) (map[string]string, error) {
+	api := "https://api.pwnedpasswords.com/range"
+	list := make(map[string]string)
+
+	pfx := hsh[:5]
+
+	reqApi := fmt.Sprintf("%s/%s", api, pfx)
+	body, err := reqHIBP(reqApi)
+	if err != nil {
+		return list, fmt.Errorf("reqHIBP failed\n%s",
+			err.Error())
+	}
+
+	for _, v := range strings.Split(body, "\r\n") {
+		s := strings.Split(v, ":")
+		list[s[0]] = s[1]
+	}
+	return list, err
+}
+
+// ChkPwn takes list, hash as input & returns if the hash is in list,
+// the frequency
+func ChkPwn(list map[string]string, hsh string) (bool, string) {
+	sfx := hsh[5:]
+	for k, fq := range list {
+		if sfx == k {
+			return true, fq
+		}
+	}
+	return false, ""
+}
diff --git a/hibp/req.go b/hibp/req.go
new file mode 100644
index 0000000..a3085da
--- /dev/null
+++ b/hibp/req.go
@@ -0,0 +1,35 @@
+package hibp
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+)
+
+func reqHIBP(reqApi string) (string, error) {
+	req, err := http.NewRequest(http.MethodGet, reqApi, nil)
+	if err != nil {
+		return "", fmt.Errorf("request init failed\n%s",
+			err.Error())
+	}
+
+	c := http.Client{}
+	res, err := c.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("request failed\n%s",
+			err.Error())
+	}
+	defer res.Body.Close()
+
+	if res.StatusCode != 200 {
+		return "", fmt.Errorf("Unexpected response status code received: %d %s",
+			res.StatusCode, http.StatusText(res.StatusCode))
+	}
+
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", fmt.Errorf("reading res.Body failed\n%s",
+			err.Error())
+	}
+	return string(body), err
+}