我是否被泄露过
Have I Been Pwned 插件通过防止使用已在已知数据泄露中曝光的密码来保护用户账户。它使用 Have I Been Pwned API 来检查密码是否已被泄露。
【The Have I Been Pwned plugin helps protect user accounts by preventing the use of passwords that have been exposed in known data breaches. It uses the Have I Been Pwned API to check if a password has been compromised.】
安装
【Installation】
将插件添加到你的 auth 配置中
【Add the plugin to your auth config】
import { betterAuth } from "better-auth"
import { haveIBeenPwned } from "better-auth/plugins"
export const auth = betterAuth({
plugins: [
haveIBeenPwned()
]
})用法
【Usage】
当用户尝试使用被泄露的密码创建账户或更新密码时,他们将收到以下默认错误提示:
【When a user attempts to create an account or update their password with a compromised password, they'll receive the following default error:】
{
"code": "PASSWORD_COMPROMISED",
"message": "Password is compromised"
}配置
【Config】
你可以自定义错误消息:
【You can customize the error message:】
haveIBeenPwned({
customPasswordCompromisedMessage: "Please choose a more secure password."
})安全注意事项
【Security Notes】
- 密码哈希的前五个字符才会被发送到 API
- 完整密码从不被传输
- 提供额外的账户安全层