This project is a simple web service that checks if a given password is compromised. The service is built using Python and http.server
and can be easily containerized using Docker.
In today's digital age, security is paramount. Users often choose weak or compromised passwords, which can lead to data breaches and unauthorized access. This project aims to provide a simple API service that businesses can integrate into their systems to check if a password is compromised. This service helps enhance security measures by preventing the use of known compromised passwords, thereby reducing the risk of data breaches and ensuring better protection of user accounts.
-
Password Checking Endpoint:
- The service should provide an endpoint to check if a password is compromised.
- The endpoint should accept a POST request with a JSON body containing the password.
-
Responses:
- 200 OK: If the password is compromised, return a message indicating so.
- 204 No Content: If the password is not compromised, return no content.
- 400 Bad Request: If the password is not provided or the request body is invalid, return an appropriate error message.
- 404 Not Found: If an invalid endpoint is accessed, return an error message.
- 405 Method Not Allowed: If a method other than POST is used, return an error message.
-
Error Handling:
- The service should handle invalid JSON in the request body and return a proper error message.
- The service should handle cases where no password is provided in the request body.
-
Security:
- The service should not log or store the passwords being checked.
- Ensure that the service is only accessible over secure channels (e.g., HTTPS in a production environment).
- Python 3.9+
- Docker (optional, for containerization)
-
Clone the repository:
git clone https://github.com/yourusername/compromised-password-checker.git cd compromised-password-checker
-
Create and activate a virtual environment (optional but recommended):
python3 -m venv venv source venv/bin/activate # On Windows use `venv\Scripts\activate`
-
Install the dependencies:
pip install -r requirements.txt
-
Run the application:
python app.py
The server will start on port 8080 by default.
-
Clone the repository:
git clone https://github.com/yourusername/compromised-password-checker.git cd compromised-password-checker
-
Build the Docker image:
docker build -t compromised-password-checker .
-
Run the Docker container:
docker run -p 8080:8080 compromised-password-checker
The server will be available on port 8080.
Docker image: https://hub.docker.com/repository/docker/amburi/compromised-passwords
- POST
/compromised
password
(string): The password to check.
curl -X POST http://localhost:8080/compromised -H "Content-Type: application/json" -d '{"password": "password123"}'
-
200 OK: Password is compromised.
{ "message": "Password is compromised!" }
-
204 No Content: Password is not compromised.
-
400 Bad Request: Password not provided or invalid JSON.
{ "message": "Password not provided!" }
-
404 Not Found: Invalid endpoint.
{ "message": "Not found!" }
-
405 Method Not Allowed: Method other than POST used.
{ "message": "Method Not Allowed" }
To add more compromised passwords, update the COMPROMISED_PASSWORDS
set in app.py
.
COMPROMISED_PASSWORDS = {'password123', '123456', 'qwerty', 'letmein'}
This project is licensed under the MIT License. See the LICENSE file for details.
For any questions or feedback, please contact Amburi Roy.