@bhandari88/express-auth 1.0.0

package/dist/utils/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ValidatorService = exports.PasswordService = exports.JwtService = void 0;
+var jwt_1 = require("./jwt");
+Object.defineProperty(exports, "JwtService", { enumerable: true, get: function () { return jwt_1.JwtService; } });
+var password_1 = require("./password");
+Object.defineProperty(exports, "PasswordService", { enumerable: true, get: function () { return password_1.PasswordService; } });
+var validator_1 = require("./validator");
+Object.defineProperty(exports, "ValidatorService", { enumerable: true, get: function () { return validator_1.ValidatorService; } });

package/dist/utils/jwt.d.ts

@@ -0,0 +1,15 @@
+import { JwtPayload, AuthConfig, AuthTokens } from '../types';
+export declare class JwtService {
+    private accessTokenSecret;
+    private refreshTokenSecret;
+    private accessTokenExpiresIn;
+    private refreshTokenExpiresIn;
+    private enableRefreshTokens;
+    constructor(config: AuthConfig);
+    generateAccessToken(payload: Omit<JwtPayload, 'type' | 'iat' | 'exp'>): string;
+    generateRefreshToken(payload: Omit<JwtPayload, 'type' | 'iat' | 'exp'>): string;
+    generateTokens(payload: Omit<JwtPayload, 'type' | 'iat' | 'exp'>): AuthTokens;
+    verifyAccessToken(token: string): JwtPayload;
+    verifyRefreshToken(token: string): JwtPayload;
+    private getExpiresInSeconds;
+}

package/dist/utils/jwt.js

@@ -0,0 +1,120 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtService = void 0;
+const jwt = __importStar(require("jsonwebtoken"));
+class JwtService {
+    constructor(config) {
+        this.accessTokenSecret = config.jwtSecret;
+        this.refreshTokenSecret = config.refreshTokenSecret || config.jwtSecret;
+        this.accessTokenExpiresIn = config.jwtExpiresIn || '15m';
+        this.refreshTokenExpiresIn = config.refreshTokenExpiresIn || '7d';
+        this.enableRefreshTokens = config.enableRefreshTokens ?? true;
+    }
+    generateAccessToken(payload) {
+        return jwt.sign({ ...payload, type: 'access' }, this.accessTokenSecret, { expiresIn: this.accessTokenExpiresIn });
+    }
+    generateRefreshToken(payload) {
+        if (!this.enableRefreshTokens) {
+            throw new Error('Refresh tokens are not enabled');
+        }
+        return jwt.sign({ ...payload, type: 'refresh' }, this.refreshTokenSecret, { expiresIn: this.refreshTokenExpiresIn });
+    }
+    generateTokens(payload) {
+        const accessToken = this.generateAccessToken(payload);
+        const tokens = {
+            accessToken,
+            expiresIn: this.getExpiresInSeconds(this.accessTokenExpiresIn),
+        };
+        if (this.enableRefreshTokens) {
+            tokens.refreshToken = this.generateRefreshToken(payload);
+        }
+        return tokens;
+    }
+    verifyAccessToken(token) {
+        try {
+            const decoded = jwt.verify(token, this.accessTokenSecret);
+            if (decoded.type !== 'access') {
+                throw new Error('Invalid token type');
+            }
+            return decoded;
+        }
+        catch (error) {
+            if (error instanceof jwt.TokenExpiredError) {
+                throw new Error('Access token expired');
+            }
+            if (error instanceof jwt.JsonWebTokenError) {
+                throw new Error('Invalid access token');
+            }
+            throw error;
+        }
+    }
+    verifyRefreshToken(token) {
+        if (!this.enableRefreshTokens) {
+            throw new Error('Refresh tokens are not enabled');
+        }
+        try {
+            const decoded = jwt.verify(token, this.refreshTokenSecret);
+            if (decoded.type !== 'refresh') {
+                throw new Error('Invalid token type');
+            }
+            return decoded;
+        }
+        catch (error) {
+            if (error instanceof jwt.TokenExpiredError) {
+                throw new Error('Refresh token expired');
+            }
+            if (error instanceof jwt.JsonWebTokenError) {
+                throw new Error('Invalid refresh token');
+            }
+            throw error;
+        }
+    }
+    getExpiresInSeconds(expiresIn) {
+        const match = expiresIn.match(/^(\d+)([smhd])$/);
+        if (!match)
+            return 900; // Default 15 minutes
+        const value = parseInt(match[1]);
+        const unit = match[2];
+        switch (unit) {
+            case 's': return value;
+            case 'm': return value * 60;
+            case 'h': return value * 60 * 60;
+            case 'd': return value * 24 * 60 * 60;
+            default: return 900;
+        }
+    }
+}
+exports.JwtService = JwtService;

package/dist/utils/password.d.ts

@@ -0,0 +1,14 @@
+import { AuthConfig } from '../types';
+export declare class PasswordService {
+    private keylen;
+    private saltLength;
+    private cost;
+    constructor(config: AuthConfig);
+    private scryptAsync;
+    hash(password: string): Promise<string>;
+    compare(password: string, hashedPassword: string): Promise<boolean>;
+    validatePassword(password: string): {
+        valid: boolean;
+        message?: string;
+    };
+}

package/dist/utils/password.js

@@ -0,0 +1,103 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordService = void 0;
+const crypto = __importStar(require("crypto"));
+class PasswordService {
+    constructor(config) {
+        // Use keylen instead of rounds for scrypt
+        // scrypt is memory-hard and more secure than bcrypt
+        this.keylen = 64; // 64 bytes = 512 bits
+        this.saltLength = 32; // 32 bytes = 256 bits
+        this.cost = config.bcryptRounds || 16384; // CPU/memory cost parameter (2^14)
+    }
+    async scryptAsync(password, salt, keylen, options) {
+        return new Promise((resolve, reject) => {
+            crypto.scrypt(password, salt, keylen, options || {}, (err, derivedKey) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(derivedKey);
+            });
+        });
+    }
+    async hash(password) {
+        if (!password || password.length < 6) {
+            throw new Error('Password must be at least 6 characters long');
+        }
+        // Generate random salt
+        const salt = crypto.randomBytes(this.saltLength);
+        // Hash password using scrypt
+        const hash = await this.scryptAsync(password, salt, this.keylen, { N: this.cost });
+        // Return salt:hash as base64 encoded string
+        const saltBase64 = salt.toString('base64');
+        const hashBase64 = hash.toString('base64');
+        return `${saltBase64}:${hashBase64}`;
+    }
+    async compare(password, hashedPassword) {
+        try {
+            // Extract salt and hash from stored string (format: salt:hash)
+            const [saltBase64, hashBase64] = hashedPassword.split(':');
+            if (!saltBase64 || !hashBase64) {
+                return false;
+            }
+            const salt = Buffer.from(saltBase64, 'base64');
+            const storedHash = Buffer.from(hashBase64, 'base64');
+            // Hash the provided password with the extracted salt
+            const derivedHash = await this.scryptAsync(password, salt, this.keylen, { N: this.cost });
+            // Use timing-safe comparison to prevent timing attacks
+            if (storedHash.length !== derivedHash.length) {
+                return false;
+            }
+            return crypto.timingSafeEqual(storedHash, derivedHash);
+        }
+        catch (error) {
+            return false;
+        }
+    }
+    validatePassword(password) {
+        if (!password) {
+            return { valid: false, message: 'Password is required' };
+        }
+        if (password.length < 6) {
+            return { valid: false, message: 'Password must be at least 6 characters long' };
+        }
+        if (password.length > 128) {
+            return { valid: false, message: 'Password must be less than 128 characters' };
+        }
+        return { valid: true };
+    }
+}
+exports.PasswordService = PasswordService;

package/dist/utils/validator.d.ts

@@ -0,0 +1,25 @@
+export declare class ValidatorService {
+    static validateEmail(email: string): boolean;
+    static validatePhone(phone: string): boolean;
+    static validateUsername(username: string): boolean;
+    static sanitizeEmail(email: string): string;
+    static sanitizePhone(phone: string): string;
+    static validateLoginCredentials(credentials: {
+        email?: string;
+        username?: string;
+        phone?: string;
+        password: string;
+    }): {
+        valid: boolean;
+        message?: string;
+    };
+    static validateRegisterData(data: {
+        email?: string;
+        username?: string;
+        phone?: string;
+        password: string;
+    }): {
+        valid: boolean;
+        message?: string;
+    };
+}

package/dist/utils/validator.js

@@ -0,0 +1,63 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ValidatorService = void 0;
+const validator_1 = __importDefault(require("validator"));
+class ValidatorService {
+    static validateEmail(email) {
+        return validator_1.default.isEmail(email);
+    }
+    static validatePhone(phone) {
+        // Allow international format with + prefix
+        return validator_1.default.isMobilePhone(phone.replace(/\s/g, ''), 'any', { strictMode: false });
+    }
+    static validateUsername(username) {
+        // Username: 3-30 characters, alphanumeric, underscore, hyphen
+        return /^[a-zA-Z0-9_-]{3,30}$/.test(username);
+    }
+    static sanitizeEmail(email) {
+        return validator_1.default.normalizeEmail(email) || email;
+    }
+    static sanitizePhone(phone) {
+        // Remove spaces and ensure proper format
+        return phone.replace(/\s/g, '').replace(/^(\d{10})$/, '+1$1'); // Add country code if missing
+    }
+    static validateLoginCredentials(credentials) {
+        const { email, username, phone, password } = credentials;
+        // At least one identifier must be provided
+        if (!email && !username && !phone) {
+            return { valid: false, message: 'Email, username, or phone is required' };
+        }
+        // Password is required
+        if (!password) {
+            return { valid: false, message: 'Password is required' };
+        }
+        // Validate email if provided
+        if (email && !this.validateEmail(email)) {
+            return { valid: false, message: 'Invalid email format' };
+        }
+        // Validate phone if provided
+        if (phone && !this.validatePhone(phone)) {
+            return { valid: false, message: 'Invalid phone format' };
+        }
+        // Validate username if provided
+        if (username && !this.validateUsername(username)) {
+            return { valid: false, message: 'Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens' };
+        }
+        return { valid: true };
+    }
+    static validateRegisterData(data) {
+        // At least one identifier must be provided
+        if (!data.email && !data.username && !data.phone) {
+            return { valid: false, message: 'At least one of email, username, or phone is required' };
+        }
+        const validation = this.validateLoginCredentials(data);
+        if (!validation.valid) {
+            return validation;
+        }
+        return { valid: true };
+    }
+}
+exports.ValidatorService = ValidatorService;

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@bhandari88/express-auth",
+  "version": "1.0.0",
+  "description": "Plug-and-play authentication handler for Express.js with TypeScript supporting email, username, phone, and social login",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "authentication",
+    "auth",
+    "express",
+    "jwt",
+    "typescript",
+    "social-login",
+    "passport"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "jsonwebtoken": "^9.0.2",
+    "passport": "^0.7.0",
+    "passport-google-oauth20": "^2.0.0",
+    "passport-facebook": "^3.0.0",
+    "validator": "^13.11.0"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/jsonwebtoken": "^9.0.5",
+    "@types/passport": "^1.0.16",
+    "@types/passport-google-oauth20": "^2.0.14",
+    "@types/passport-facebook": "^3.0.3",
+    "@types/validator": "^13.11.7",
+    "@types/node": "^20.10.5",
+    "typescript": "^5.3.3"
+  },
+  "peerDependencies": {
+    "express": "^4.18.0"
+  },
+  "peerDependenciesMeta": {
+    "express": {
+      "optional": false
+    }
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": ""
+  },
+  "files": [
+    "dist/**/*",
+    "README.md",
+    "INSTALLATION.md"
+  ]
+}