Password Gate is a simple FastAPI-based API for checking whether a given password has appeared in known public data breaches using the Have I Been Pwned (HIBP) Pwned Passwords API.
- The core logic is in
main.py. - When a password is submitted, the app:
- Computes the SHA-1 hash of the password and converts it to uppercase.
- Splits the hash into a 5-character prefix and the remaining suffix.
- Calls the HIBP Pwned Passwords
rangeAPI with the prefix. - Compares the returned suffixes to the local suffix.
- If a match is found, the password is considered breached; otherwise, it is treated as safe.
-
GET /- Returns a welcome message and a brief usage hint.
-
POST /check-password- Accepts a
passwordstring parameter. - If the password is found in the HIBP dataset, responds with HTTP 400 and a message indicating the password has appeared in a breach.
- If not found, returns a JSON response indicating the password is safe to use.
- Accepts a
Install dependencies:
pip install -r requirements.txtRun the application with Uvicorn (installed via fastapi[standard]):
uvicorn main:app --reloadThen open http://127.0.0.1:8000/docs in your browser to interact with the API via the automatically generated Swagger UI.