A modern, intelligent password generator and manager with user authentication, proactive breach detection, password expiration tracking, and email notifications.
- User Authentication: Secure login/signup system with session-based authentication
- Password Security: Bcrypt password hashing with HTTP-only cookies
- Password Expiration: Automatic password expiration tracking (90-day industry standard)
- Password Change: User-friendly password change functionality in settings
- Secure Password Generation: Generate complex, customizable passwords with options for length, character types, and exclusions
- Password Storage: Store and organize passwords with service names, usernames, URLs, and notes
- Password Age Tracking: Automatic tracking of how long each password has been in use
- Expiration Warnings: Visual indicators for passwords expiring soon or expired
- Automatic Breach Detection: Integration with Have I Been Pwned API to check passwords against known data breaches
- Real-time Monitoring: Background service to periodically check all stored passwords for breaches
- Email Notifications: Receive email alerts when passwords are found in breaches
- Breach Dashboard: Comprehensive breach tracking with HIBP-style table and statistics
- Resolution Tracking: Mark breaches as resolved after changing passwords
- Modern UI: Beautiful, responsive interface with dark mode support
- Navigation: Easy navigation between Dashboard, Breach Monitor, and Settings
- Status Indicators: Visual indicators for password health (Safe, Expiring, Expired, Breached)
- Next.js 16 - React framework with App Router and Turbopack
- TypeScript - Type-safe development
- Prisma - Database ORM with PostgreSQL
- PostgreSQL - Robust relational database
- Docker - Containerized deployment
- Tailwind CSS - Modern styling
- bcryptjs - Password hashing
- Have I Been Pwned API - Breach detection
- Nodemailer - Email notifications
Prerequisites:
- Docker Desktop installed
Steps:
-
Clone the repository:
git clone https://github.com/SyllabusRomeo/passgen.git cd passgen -
Set up environment variables (optional):
Create a
.envfile in the root directory:# Database (PostgreSQL - defaults provided in docker-compose.yml) POSTGRES_USER=passwordmanager POSTGRES_PASSWORD=passwordmanager POSTGRES_DB=passwordmanager POSTGRES_PORT=5433 # Email notifications (optional) SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASS=your-app-password SMTP_FROM=your-email@gmail.com NOTIFICATION_EMAIL=your-email@gmail.com # Have I Been Pwned API (optional, but recommended) HIBP_API_KEY=your-api-key
-
Build and start:
docker compose up -d --build
-
Access the application:
- Open http://localhost:3000 in your browser
- Create a new account using the signup form
Docker Commands:
# View logs
docker compose logs -f passwordgenerator
# Stop containers
docker compose down
# Rebuild after changes
docker compose up -d --build
# Access container shell
docker compose exec passwordgenerator shPrerequisites:
- Node.js 20+ installed
- PostgreSQL installed and running
- npm or yarn
Steps:
-
Install dependencies:
npm install
-
Set up environment variables:
Create a
.env.localfile:DATABASE_URL="postgresql://user:password@localhost:5432/passwordmanager?schema=public" SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASS=your-app-password SMTP_FROM=your-email@gmail.com NOTIFICATION_EMAIL=your-email@gmail.com HIBP_API_KEY=your-api-key
-
Set up database:
# Generate Prisma Client npm run db:generate # Run database migrations npm run db:migrate # (Optional) Seed database npm run db:seed
-
Start development server:
npm run dev
-
Access the application:
- Open http://localhost:3000 in your browser
- Create a new account using the signup form
- Navigate to http://localhost:3000
- Click on the "Sign Up" tab
- Enter your email address
- Enter a strong password (minimum 8 characters)
- Optionally add your name
- Click "Sign Up"
-
Generate a Password:
- Use the password generator on the dashboard
- Customize options (length, character types, exclusions)
- Click "Generate Password" and copy the result
-
Save a Password:
- Click "Add Password" in the password list
- Fill in service name, username, password, URL, and notes
- The system automatically checks for breaches when saving
-
View Passwords:
- All your passwords are listed on the dashboard
- Status indicators show password health:
- π’ Safe: Password is secure and not expired
- π‘ Expiring Soon: Password expires within 7 days
- π Expiring: Password expires within 30 days
- π΄ Expired: Password is over 90 days old
- π΄ Breached: Password found in data breaches
-
Breach Dashboard:
- Navigate to the "Breach Monitor" tab
- View comprehensive statistics and breach details
- See all passwords with their breach status
-
Manual Breach Check:
- Click "Check Breach" on any password entry
- Or click "Run Check Now" to check all passwords
-
Resolve Breaches:
- After changing a breached password, click "Mark Resolved"
- The breach status will be updated
-
Change Password:
- Navigate to the "Settings" tab
- Enter your current password and new password
- Click "Change Password"
-
View Account Info:
- See your email and account details in Settings
POST /api/auth/signup- Create new user accountPOST /api/auth/login- Log in userPOST /api/auth/logout- Log out userGET /api/auth/session- Get current session/user infoPOST /api/auth/change-password- Change user password (requires authentication)
GET /api/passwords- Get all user's password entriesPOST /api/passwords- Create a new password entryGET /api/passwords/[id]- Get a specific password entryPUT /api/passwords/[id]- Update a password entryDELETE /api/passwords/[id]- Delete a password entryPOST /api/passwords/[id]/check- Manually check a password for breaches
GET /api/monitor- Get breach monitoring statisticsPOST /api/monitor- Run breach check on all passwordsPOST /api/generate- Generate a new password
All password endpoints require authentication (except signup/login).
Following industry best practices:
- Minimum Length: 8 characters
- Complexity: Mix of uppercase, lowercase, numbers, and special characters recommended
- Rotation: Automatic expiration after 90 days
- Breach Detection: Continuous monitoring against known breaches
- Uniqueness: Track where passwords are used to prevent reuse
- β Bcrypt password hashing (10 rounds)
- β HTTP-only session cookies
- β User data isolation (each user only sees their own passwords)
- β SQL injection protection (Prisma ORM)
- β XSS protection (Next.js built-in)
- β CSRF protection (Next.js built-in)
-
Password Storage: This application uses base64 encoding for demonstration. In production, use proper encryption (AES-256) with a secure key management system.
-
Database: PostgreSQL is used with proper connection security. Ensure your database is properly secured in production.
-
Environment Variables: Never commit
.envor.env.localto version control. Keep all secrets secure. -
HTTPS: Always use HTTPS in production to protect data in transit.
-
Session Management: Sessions expire after 7 days of inactivity. Implement proper session management for production.
The application uses PostgreSQL with the following main models:
- User: User accounts with authentication info
- Session: Active user sessions
- PasswordEntry: Stored passwords with metadata
- BreachAlert: Breach detection records
See prisma/schema.prisma for the complete schema.
npm run dev # Start development server
npm run build # Build for production
npm start # Start production server
npm run lint # Run ESLint
npm run db:generate # Generate Prisma Client
npm run db:migrate # Run database migrations
npm run db:studio # Open Prisma Studio (database GUI)
npm run db:seed # Seed database with sample data
npm run monitor # Run breach monitoring scriptpassgen/
βββ app/ # Next.js App Router
β βββ api/ # API routes
β β βββ auth/ # Authentication endpoints
β β βββ passwords/ # Password management endpoints
β β βββ monitor/ # Monitoring endpoints
β βββ components/ # React components
β βββ page.tsx # Main page
βββ lib/ # Utility libraries
β βββ auth.ts # Authentication utilities
β βββ prisma.ts # Prisma client
β βββ ... # Other utilities
βββ prisma/ # Prisma schema and migrations
β βββ schema.prisma # Database schema
β βββ migrations/ # Database migrations
βββ docker-compose.yml # Docker Compose configuration
βββ Dockerfile.dev # Development Dockerfile
βββ package.json # Dependencies and scripts
To set up automated breach monitoring:
-
Use a cron job (Linux/Mac):
# Run every day at 2 AM 0 2 * * * curl -X POST http://localhost:3000/api/monitor
-
Use a scheduled task (Windows):
- Create a scheduled task that runs a script calling the API
-
Use a cloud service:
- Services like Vercel Cron, GitHub Actions, or AWS Lambda can call the endpoint periodically
All documentation is available in the docs folder and can also be accessed from within the application via the "π Docs" navigation link.
- Quick Start Guide - Get up and running in minutes
- Docker Setup Guide - Complete Docker setup and deployment
- Login Instructions - Login and authentication guide
- Default Credentials & Features - Features overview and API endpoints
- Prisma Client Setup - Prisma configuration and troubleshooting
Prisma Client errors:
npm run db:generate
rm -rf .next
npm run devDatabase connection errors:
- Check PostgreSQL is running
- Verify DATABASE_URL in environment variables
- Check database credentials
Docker issues:
docker compose down -v
docker compose up -d --buildSee DOCKER.md for more Docker troubleshooting.
MIT
Contributions are welcome! Please feel free to submit a Pull Request.
For issues or questions:
- Check the documentation files
- Review error logs in the terminal/console
- Open an issue on GitHub