Add option to disable HIBP password check.

Usage of this option is discouraged for password security reason.

config.properties

@@ -20,6 +20,9 @@ API_URL: https://pipedapi.kavin.rocks
 # Public Frontend URL
 FRONTEND_URL: https://piped.kavin.rocks
 
+# Enable haveibeenpwned compromised password API
+COMPROMISED_PASSWORD_CHECK: true
+
 # Hibernate properties
 hibernate.connection.url: jdbc:postgresql://postgres:5432/piped
 hibernate.connection.driver_class: org.postgresql.Driver

src/main/java/me/kavin/piped/consts/Constants.java

@@ -41,6 +41,8 @@ public class Constants {
     public static final HttpClient h2client;
     public static final HttpClient h2_no_redir_client;
 
+    public static final boolean COMPROMISED_PASSWORD_CHECK;
+
     public static final ObjectMapper mapper = new ObjectMapper().addMixIn(Page.class, PageMixin.class);
 
     public static final Object2ObjectOpenHashMap<String, String> hibernateProperties = new Object2ObjectOpenHashMap<>();
@@ -59,6 +61,7 @@ public class Constants {
             PUBLIC_URL = prop.getProperty("API_URL");
             HTTP_PROXY = prop.getProperty("HTTP_PROXY");
             FRONTEND_URL = prop.getProperty("FRONTEND_URL", "https://pipedapi.kavin.rocks");
+            COMPROMISED_PASSWORD_CHECK = Boolean.parseBoolean(prop.getProperty("COMPROMISED_PASSWORD_CHECK", "true"));
             prop.forEach((_key, _value) -> {
                 String key = String.valueOf(_key), value = String.valueOf(_value);
                 if (key.startsWith("hibernate"))

src/main/java/me/kavin/piped/utils/ResponseHelper.java

@@ -536,7 +536,7 @@ public class ResponseHelper {
             return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse());
         }
 
-        {
+        if (Constants.COMPROMISED_PASSWORD_CHECK) {
             String sha1Hash = DigestUtils.sha1Hex(pass).toUpperCase();
             String prefix = sha1Hash.substring(0, 5);
             String suffix = sha1Hash.substring(5);