@bhandari88/express-auth 1.1.0 → 1.2.0

package/README.md

@@ -34,6 +34,7 @@ npm install @bhandari88/express-auth
 - ✅ **Easy Integration**
   - Plug-and-play API
   - Express middleware for protected routes
+  - Request data validation middleware with custom messages
   - Role-based access control
   - Automatic route setup
   - TypeScript support
@@ -170,6 +171,201 @@ app.get('/api/admin',
 );
 ```
 
+### 5. Use Validation Middleware
+
+The package includes a powerful validation middleware for request data validation with custom error messages. No third-party dependencies required!
+
+#### Basic Usage
+
+```typescript
+import { validate, validateBody, validateQuery, validateParams } from '@bhandari88/express-auth';
+
+// Validate request body
+app.post('/api/users', validateBody({
+  email: {
+    rules: [
+      { type: 'required', message: 'Email is required' },
+      { type: 'email', message: 'Invalid email format' }
+    ]
+  },
+  password: {
+    rules: [
+      { type: 'required', message: 'Password is required' },
+      { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+    ]
+  },
+  age: {
+    rules: [
+      { type: 'number', message: 'Age must be a number' },
+      { type: 'min', value: 18, message: 'Age must be at least 18' },
+      { type: 'max', value: 120, message: 'Age must be at most 120' }
+    ]
+  }
+}), (req, res) => {
+  // req.body is validated
+  res.json({ message: 'User created', data: req.body });
+});
+```
+
+#### Shorthand Syntax
+
+You can also use a simpler array syntax:
+
+```typescript
+app.post('/api/register', validateBody({
+  username: [
+    { type: 'required', message: 'Username is required' },
+    { type: 'minLength', value: 3, message: 'Username must be at least 3 characters' },
+    { type: 'maxLength', value: 30, message: 'Username must be at most 30 characters' },
+    { type: 'pattern', value: /^[a-zA-Z0-9_-]+$/, message: 'Username can only contain letters, numbers, underscores, and hyphens' }
+  ],
+  email: [
+    { type: 'required' },
+    { type: 'email', message: 'Invalid email address' }
+  ]
+}), handler);
+```
+
+#### Validate Query Parameters
+
+```typescript
+app.get('/api/users', validateQuery({
+  page: [
+    { type: 'number', message: 'Page must be a number' },
+    { type: 'min', value: 1, message: 'Page must be at least 1' }
+  ],
+  limit: [
+    { type: 'number' },
+    { type: 'min', value: 1 },
+    { type: 'max', value: 100, message: 'Limit cannot exceed 100' }
+  ],
+  status: [
+    { type: 'enum', values: ['active', 'inactive', 'pending'], message: 'Status must be active, inactive, or pending' }
+  ]
+}), (req, res) => {
+  // req.query is validated
+  res.json({ users: [] });
+});
+```
+
+#### Validate Route Parameters
+
+```typescript
+app.get('/api/users/:id', validateParams({
+  id: [
+    { type: 'required', message: 'User ID is required' },
+    { type: 'pattern', value: /^[a-f\d]{24}$/i, message: 'Invalid user ID format' }
+  ]
+}), (req, res) => {
+  // req.params is validated
+  res.json({ user: {} });
+});
+```
+
+#### Validate Multiple Sources
+
+```typescript
+app.put('/api/users/:id', validate({
+  id: [
+    { type: 'required' },
+    { type: 'pattern', value: /^[a-f\d]{24}$/i }
+  ],
+  email: [
+    { type: 'email' }
+  ],
+  status: [
+    { type: 'enum', values: ['active', 'inactive'] }
+  ]
+}, { 
+  source: ['params', 'body'] // Validate both params and body
+}), handler);
+```
+
+#### Custom Validation
+
+```typescript
+app.post('/api/custom', validateBody({
+  password: [
+    { type: 'required' },
+    { type: 'minLength', value: 8 },
+    { 
+      type: 'custom', 
+      validator: (value) => {
+        // Custom validation logic
+        return /[A-Z]/.test(value) && /[a-z]/.test(value) && /[0-9]/.test(value);
+      },
+      message: 'Password must contain uppercase, lowercase, and number'
+    }
+  ],
+  confirmPassword: [
+    { type: 'required' },
+    {
+      type: 'custom',
+      validator: (value, data) => {
+        // Access other fields from the request
+        return value === data.password;
+      },
+      message: 'Passwords do not match'
+    }
+  ]
+}), handler);
+```
+
+#### Available Validation Rules
+
+| Rule | Description | Example |
+|------|-------------|---------|
+| `required` | Field must be present and not empty | `{ type: 'required', message: 'Field is required' }` |
+| `string` | Value must be a string | `{ type: 'string' }` |
+| `number` | Value must be a number | `{ type: 'number' }` |
+| `boolean` | Value must be a boolean | `{ type: 'boolean' }` |
+| `email` | Value must be a valid email | `{ type: 'email', message: 'Invalid email' }` |
+| `min` | Number must be >= value | `{ type: 'min', value: 1 }` |
+| `max` | Number must be <= value | `{ type: 'max', value: 100 }` |
+| `minLength` | String length must be >= value | `{ type: 'minLength', value: 8 }` |
+| `maxLength` | String length must be <= value | `{ type: 'maxLength', value: 255 }` |
+| `pattern` | String must match regex | `{ type: 'pattern', value: /^[a-z]+$/ }` |
+| `enum` | Value must be in array | `{ type: 'enum', values: ['a', 'b', 'c'] }` |
+| `array` | Value must be an array | `{ type: 'array' }` |
+| `object` | Value must be an object | `{ type: 'object' }` |
+| `custom` | Custom validation function | `{ type: 'custom', validator: (val) => boolean }` |
+
+#### Validation Options
+
+```typescript
+validate(schema, {
+  source: 'body' | 'query' | 'params' | ['body', 'query'], // What to validate (default: 'body')
+  abortEarly: boolean // Stop on first error or collect all errors (default: false)
+})
+```
+
+#### Error Response Format
+
+When validation fails, the middleware returns a 400 status with:
+
+```json
+{
+  "success": false,
+  "error": "Validation failed",
+  "errors": {
+    "email": "Invalid email format",
+    "password": "Password must be at least 8 characters"
+  }
+}
+```
+
+Or with `abortEarly: true`, only the first error:
+
+```json
+{
+  "success": false,
+  "error": "Validation failed",
+  "errors": {
+    "email": "Email is required"
+  }
+}
+```
+
 ## API Endpoints
 
 ### Register User

package/dist/index.d.ts

@@ -57,5 +57,6 @@ export { JwtService } from './utils/jwt';
 export { PasswordService } from './utils/password';
 export { ValidatorService } from './utils/validator';
 export { AuthMiddleware } from './middleware/auth.middleware';
+export { validate, validateBody, validateQuery, validateParams, ValidationOptions, ValidationSource, ValidationSchema, ValidationRule, FieldValidation } from './middleware/validation.middleware';
 export { LocalAuthHandler } from './handlers/local-auth';
 export { SocialAuthHandler } from './handlers/social-auth';

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SocialAuthHandler = exports.LocalAuthHandler = exports.AuthMiddleware = exports.ValidatorService = exports.PasswordService = exports.JwtService = exports.Auth = void 0;
+exports.SocialAuthHandler = exports.LocalAuthHandler = exports.validateParams = exports.validateQuery = exports.validateBody = exports.validate = exports.AuthMiddleware = exports.ValidatorService = exports.PasswordService = exports.JwtService = exports.Auth = void 0;
 const jwt_1 = require("./utils/jwt");
 const password_1 = require("./utils/password");
 const local_auth_1 = require("./handlers/local-auth");
@@ -226,6 +226,11 @@ var validator_1 = require("./utils/validator");
 Object.defineProperty(exports, "ValidatorService", { enumerable: true, get: function () { return validator_1.ValidatorService; } });
 var auth_middleware_2 = require("./middleware/auth.middleware");
 Object.defineProperty(exports, "AuthMiddleware", { enumerable: true, get: function () { return auth_middleware_2.AuthMiddleware; } });
+var validation_middleware_1 = require("./middleware/validation.middleware");
+Object.defineProperty(exports, "validate", { enumerable: true, get: function () { return validation_middleware_1.validate; } });
+Object.defineProperty(exports, "validateBody", { enumerable: true, get: function () { return validation_middleware_1.validateBody; } });
+Object.defineProperty(exports, "validateQuery", { enumerable: true, get: function () { return validation_middleware_1.validateQuery; } });
+Object.defineProperty(exports, "validateParams", { enumerable: true, get: function () { return validation_middleware_1.validateParams; } });
 var local_auth_2 = require("./handlers/local-auth");
 Object.defineProperty(exports, "LocalAuthHandler", { enumerable: true, get: function () { return local_auth_2.LocalAuthHandler; } });
 var social_auth_2 = require("./handlers/social-auth");

package/dist/middleware/validation.middleware.d.ts

@@ -0,0 +1,114 @@
+import { RequestHandler } from 'express';
+export type ValidationSource = 'body' | 'query' | 'params';
+export type ValidationRule = {
+    type: 'required';
+    message?: string;
+} | {
+    type: 'string';
+    message?: string;
+} | {
+    type: 'number';
+    message?: string;
+} | {
+    type: 'boolean';
+    message?: string;
+} | {
+    type: 'email';
+    message?: string;
+} | {
+    type: 'min';
+    value: number;
+    message?: string;
+} | {
+    type: 'max';
+    value: number;
+    message?: string;
+} | {
+    type: 'minLength';
+    value: number;
+    message?: string;
+} | {
+    type: 'maxLength';
+    value: number;
+    message?: string;
+} | {
+    type: 'pattern';
+    value: RegExp;
+    message?: string;
+} | {
+    type: 'enum';
+    values: any[];
+    message?: string;
+} | {
+    type: 'custom';
+    validator: (value: any) => boolean | Promise<boolean>;
+    message?: string;
+} | {
+    type: 'array';
+    message?: string;
+} | {
+    type: 'object';
+    message?: string;
+};
+export interface FieldValidation {
+    rules: ValidationRule[];
+    message?: string;
+}
+export interface ValidationSchema {
+    [field: string]: FieldValidation | ValidationRule[];
+}
+export interface ValidationOptions {
+    source?: ValidationSource | ValidationSource[];
+    abortEarly?: boolean;
+}
+/**
+ * Validation middleware factory for request data validation
+ *
+ * @example
+ * ```typescript
+ * import { validate } from '@bhandari88/express-auth';
+ *
+ * // Simple validation
+ * app.post('/login', validate({
+ *   email: {
+ *     rules: [
+ *       { type: 'required', message: 'Email is required' },
+ *       { type: 'email', message: 'Invalid email format' }
+ *     ]
+ *   },
+ *   password: {
+ *     rules: [
+ *       { type: 'required', message: 'Password is required' },
+ *       { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+ *     ]
+ *   }
+ * }), (req, res) => {
+ *   // req.body is validated
+ * });
+ *
+ * // Validate query parameters
+ * app.get('/users', validate({
+ *   page: {
+ *     rules: [
+ *       { type: 'number', message: 'Page must be a number' },
+ *       { type: 'min', value: 1, message: 'Page must be at least 1' }
+ *     ]
+ *   }
+ * }, { source: 'query' }), (req, res) => {
+ *   // req.query is validated
+ * });
+ * ```
+ */
+export declare function validate(schema: ValidationSchema, options?: ValidationOptions): RequestHandler;
+/**
+ * Validate request body
+ */
+export declare function validateBody(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;
+/**
+ * Validate request query parameters
+ */
+export declare function validateQuery(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;
+/**
+ * Validate request route parameters
+ */
+export declare function validateParams(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;

package/dist/middleware/validation.middleware.js

@@ -0,0 +1,290 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validate = validate;
+exports.validateBody = validateBody;
+exports.validateQuery = validateQuery;
+exports.validateParams = validateParams;
+/**
+ * Validation middleware factory for request data validation
+ *
+ * @example
+ * ```typescript
+ * import { validate } from '@bhandari88/express-auth';
+ *
+ * // Simple validation
+ * app.post('/login', validate({
+ *   email: {
+ *     rules: [
+ *       { type: 'required', message: 'Email is required' },
+ *       { type: 'email', message: 'Invalid email format' }
+ *     ]
+ *   },
+ *   password: {
+ *     rules: [
+ *       { type: 'required', message: 'Password is required' },
+ *       { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+ *     ]
+ *   }
+ * }), (req, res) => {
+ *   // req.body is validated
+ * });
+ *
+ * // Validate query parameters
+ * app.get('/users', validate({
+ *   page: {
+ *     rules: [
+ *       { type: 'number', message: 'Page must be a number' },
+ *       { type: 'min', value: 1, message: 'Page must be at least 1' }
+ *     ]
+ *   }
+ * }, { source: 'query' }), (req, res) => {
+ *   // req.query is validated
+ * });
+ * ```
+ */
+function validate(schema, options = {}) {
+    const { source = 'body', abortEarly = false, } = options;
+    const sources = Array.isArray(source) ? source : [source];
+    return async (req, res, next) => {
+        try {
+            const errors = [];
+            // Collect data from all specified sources
+            const dataToValidate = {};
+            for (const src of sources) {
+                if (src === 'body') {
+                    Object.assign(dataToValidate, req.body);
+                }
+                else if (src === 'query') {
+                    Object.assign(dataToValidate, req.query);
+                }
+                else if (src === 'params') {
+                    Object.assign(dataToValidate, req.params);
+                }
+            }
+            // Validate each field in the schema
+            for (const [field, fieldValidation] of Object.entries(schema)) {
+                const value = dataToValidate[field];
+                // Get rules array
+                let rules;
+                let fieldMessage;
+                if (Array.isArray(fieldValidation)) {
+                    rules = fieldValidation;
+                }
+                else {
+                    rules = fieldValidation.rules;
+                    fieldMessage = fieldValidation.message;
+                }
+                // Validate each rule
+                for (const rule of rules) {
+                    const error = await validateRule(field, value, rule, fieldMessage);
+                    if (error) {
+                        errors.push(error);
+                        if (abortEarly) {
+                            break;
+                        }
+                    }
+                }
+                if (abortEarly && errors.length > 0) {
+                    break;
+                }
+            }
+            if (errors.length > 0) {
+                res.status(400).json({
+                    success: false,
+                    error: 'Validation failed',
+                    errors: errors.length === 1
+                        ? { [errors[0].field]: errors[0].message }
+                        : errors.reduce((acc, err) => {
+                            acc[err.field] = err.message;
+                            return acc;
+                        }, {}),
+                });
+                return;
+            }
+            next();
+        }
+        catch (error) {
+            res.status(500).json({
+                success: false,
+                error: 'Validation error',
+            });
+        }
+    };
+}
+/**
+ * Validate a single rule
+ */
+async function validateRule(field, value, rule, fieldMessage) {
+    const getMessage = (defaultMsg) => {
+        return rule.message || fieldMessage || defaultMsg;
+    };
+    switch (rule.type) {
+        case 'required':
+            if (value === undefined || value === null || value === '') {
+                return {
+                    field,
+                    message: getMessage(`${field} is required`),
+                };
+            }
+            break;
+        case 'string':
+            if (value !== undefined && typeof value !== 'string') {
+                return {
+                    field,
+                    message: getMessage(`${field} must be a string`),
+                };
+            }
+            break;
+        case 'number':
+            if (value !== undefined && (typeof value !== 'number' || isNaN(value))) {
+                // Try to parse string numbers
+                if (typeof value === 'string' && !isNaN(Number(value))) {
+                    return null; // Valid number string
+                }
+                return {
+                    field,
+                    message: getMessage(`${field} must be a number`),
+                };
+            }
+            break;
+        case 'boolean':
+            if (value !== undefined && typeof value !== 'boolean') {
+                // Accept string booleans
+                if (typeof value === 'string' && (value === 'true' || value === 'false')) {
+                    return null;
+                }
+                return {
+                    field,
+                    message: getMessage(`${field} must be a boolean`),
+                };
+            }
+            break;
+        case 'email':
+            if (value !== undefined && value !== '') {
+                const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+                if (!emailRegex.test(String(value))) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be a valid email`),
+                    };
+                }
+            }
+            break;
+        case 'min':
+            if (value !== undefined && value !== '') {
+                const numValue = typeof value === 'string' ? Number(value) : value;
+                if (typeof numValue === 'number' && !isNaN(numValue) && numValue < rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at least ${rule.value}`),
+                    };
+                }
+            }
+            break;
+        case 'max':
+            if (value !== undefined && value !== '') {
+                const numValue = typeof value === 'string' ? Number(value) : value;
+                if (typeof numValue === 'number' && !isNaN(numValue) && numValue > rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at most ${rule.value}`),
+                    };
+                }
+            }
+            break;
+        case 'minLength':
+            if (value !== undefined && value !== '') {
+                const strValue = String(value);
+                if (strValue.length < rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at least ${rule.value} characters`),
+                    };
+                }
+            }
+            break;
+        case 'maxLength':
+            if (value !== undefined && value !== '') {
+                const strValue = String(value);
+                if (strValue.length > rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at most ${rule.value} characters`),
+                    };
+                }
+            }
+            break;
+        case 'pattern':
+            if (value !== undefined && value !== '') {
+                if (!rule.value.test(String(value))) {
+                    return {
+                        field,
+                        message: getMessage(`${field} format is invalid`),
+                    };
+                }
+            }
+            break;
+        case 'enum':
+            if (value !== undefined && value !== '') {
+                if (!rule.values.includes(value)) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be one of: ${rule.values.join(', ')}`),
+                    };
+                }
+            }
+            break;
+        case 'array':
+            if (value !== undefined && !Array.isArray(value)) {
+                return {
+                    field,
+                    message: getMessage(`${field} must be an array`),
+                };
+            }
+            break;
+        case 'object':
+            if (value !== undefined && (typeof value !== 'object' || Array.isArray(value) || value === null)) {
+                return {
+                    field,
+                    message: getMessage(`${field} must be an object`),
+                };
+            }
+            break;
+        case 'custom':
+            try {
+                const isValid = await rule.validator(value);
+                if (!isValid) {
+                    return {
+                        field,
+                        message: getMessage(`${field} is invalid`),
+                    };
+                }
+            }
+            catch (error) {
+                return {
+                    field,
+                    message: getMessage(`${field} validation failed`),
+                };
+            }
+            break;
+    }
+    return null;
+}
+/**
+ * Validate request body
+ */
+function validateBody(schema, options = {}) {
+    return validate(schema, { ...options, source: 'body' });
+}
+/**
+ * Validate request query parameters
+ */
+function validateQuery(schema, options = {}) {
+    return validate(schema, { ...options, source: 'query' });
+}
+/**
+ * Validate request route parameters
+ */
+function validateParams(schema, options = {}) {
+    return validate(schema, { ...options, source: 'params' });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bhandari88/express-auth",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Plug-and-play authentication handler for Express.js with TypeScript supporting email, username, phone, and social login",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -23,19 +23,19 @@
   "dependencies": {
     "jsonwebtoken": "^9.0.2",
     "passport": "^0.7.0",
-    "passport-facebook": "^3.0.0",
     "passport-google-oauth20": "^2.0.0",
+    "passport-facebook": "^3.0.0",
     "validator": "^13.11.0"
   },
   "devDependencies": {
     "@types/express": "^4.17.21",
     "@types/jsonwebtoken": "^9.0.5",
-    "@types/node": "^20.10.5",
     "@types/passport": "^1.0.16",
-    "@types/passport-facebook": "^3.0.3",
     "@types/passport-google-oauth20": "^2.0.14",
+    "@types/passport-facebook": "^3.0.3",
     "@types/validator": "^13.11.7",
-    "typescript": "^5.9.3"
+    "@types/node": "^20.10.5",
+    "typescript": "^5.3.3"
   },
   "peerDependencies": {
     "express": "^4.18.0"