我是否被泄露过
Have I Been Pwned 插件通过防止使用已在已知数据泄露中曝光的密码来保护用户账户。它使用 Have I Been Pwned API 来检查密码是否已被泄露。
🌐 The Have I Been Pwned plugin helps protect user accounts by preventing the use of passwords that have been exposed in known data breaches. It uses the Have I Been Pwned API to check if a password has been compromised.
安装
🌐 Installation
将插件添加到你的 auth 配置中
🌐 Add the plugin to your auth config
import { betterAuth } from "better-auth"
import { haveIBeenPwned } from "better-auth/plugins"
export const auth = betterAuth({
plugins: [
haveIBeenPwned()
]
})用法
🌐 Usage
当用户尝试使用被泄露的密码创建账户或更新密码时,他们将收到以下默认错误提示:
🌐 When a user attempts to create an account or update their password with a compromised password, they'll receive the following default error:
{
"code": "PASSWORD_COMPROMISED",
"message": "Password is compromised"
}配置
🌐 Config
你可以自定义错误消息:
🌐 You can customize the error message:
haveIBeenPwned({
customPasswordCompromisedMessage: "Please choose a more secure password."
})安全注意事项
🌐 Security Notes
- 密码哈希的前五个字符才会被发送到 API
- 完整密码从不被传输
- 提供额外的账户安全层