@bhandari88/express-auth 1.1.0 → 1.3.0

package/README.md

@@ -34,6 +34,7 @@ npm install @bhandari88/express-auth
 - ✅ **Easy Integration**
   - Plug-and-play API
   - Express middleware for protected routes
+  - Request data validation middleware with custom messages
   - Role-based access control
   - Automatic route setup
   - TypeScript support
@@ -44,6 +45,14 @@ npm install @bhandari88/express-auth
   - Optional refresh tokens
   - Customizable user fields
 
+- ✅ **End-to-End Encryption** (NEW in v1.3.0)
+  - AES-256-GCM authenticated encryption
+  - Automatic chunking for large data
+  - Password-based key derivation (PBKDF2)
+  - Secure IV/nonce generation
+  - Support for strings and Buffers
+  - Easy-to-use API for encryption/decryption
+
 ## Peer Dependencies
 
 Make sure you have the following peer dependencies installed:
@@ -170,6 +179,394 @@ app.get('/api/admin',
 );
 ```
 
+### 5. Use Validation Middleware
+
+The package includes a powerful validation middleware for request data validation with custom error messages. No third-party dependencies required!
+
+#### Basic Usage
+
+```typescript
+import { validate, validateBody, validateQuery, validateParams } from '@bhandari88/express-auth';
+
+// Validate request body
+app.post('/api/users', validateBody({
+  email: {
+    rules: [
+      { type: 'required', message: 'Email is required' },
+      { type: 'email', message: 'Invalid email format' }
+    ]
+  },
+  password: {
+    rules: [
+      { type: 'required', message: 'Password is required' },
+      { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+    ]
+  },
+  age: {
+    rules: [
+      { type: 'number', message: 'Age must be a number' },
+      { type: 'min', value: 18, message: 'Age must be at least 18' },
+      { type: 'max', value: 120, message: 'Age must be at most 120' }
+    ]
+  }
+}), (req, res) => {
+  // req.body is validated
+  res.json({ message: 'User created', data: req.body });
+});
+```
+
+#### Shorthand Syntax
+
+You can also use a simpler array syntax:
+
+```typescript
+app.post('/api/register', validateBody({
+  username: [
+    { type: 'required', message: 'Username is required' },
+    { type: 'minLength', value: 3, message: 'Username must be at least 3 characters' },
+    { type: 'maxLength', value: 30, message: 'Username must be at most 30 characters' },
+    { type: 'pattern', value: /^[a-zA-Z0-9_-]+$/, message: 'Username can only contain letters, numbers, underscores, and hyphens' }
+  ],
+  email: [
+    { type: 'required' },
+    { type: 'email', message: 'Invalid email address' }
+  ]
+}), handler);
+```
+
+#### Validate Query Parameters
+
+```typescript
+app.get('/api/users', validateQuery({
+  page: [
+    { type: 'number', message: 'Page must be a number' },
+    { type: 'min', value: 1, message: 'Page must be at least 1' }
+  ],
+  limit: [
+    { type: 'number' },
+    { type: 'min', value: 1 },
+    { type: 'max', value: 100, message: 'Limit cannot exceed 100' }
+  ],
+  status: [
+    { type: 'enum', values: ['active', 'inactive', 'pending'], message: 'Status must be active, inactive, or pending' }
+  ]
+}), (req, res) => {
+  // req.query is validated
+  res.json({ users: [] });
+});
+```
+
+#### Validate Route Parameters
+
+```typescript
+app.get('/api/users/:id', validateParams({
+  id: [
+    { type: 'required', message: 'User ID is required' },
+    { type: 'pattern', value: /^[a-f\d]{24}$/i, message: 'Invalid user ID format' }
+  ]
+}), (req, res) => {
+  // req.params is validated
+  res.json({ user: {} });
+});
+```
+
+#### Validate Multiple Sources
+
+```typescript
+app.put('/api/users/:id', validate({
+  id: [
+    { type: 'required' },
+    { type: 'pattern', value: /^[a-f\d]{24}$/i }
+  ],
+  email: [
+    { type: 'email' }
+  ],
+  status: [
+    { type: 'enum', values: ['active', 'inactive'] }
+  ]
+}, { 
+  source: ['params', 'body'] // Validate both params and body
+}), handler);
+```
+
+#### Custom Validation
+
+```typescript
+app.post('/api/custom', validateBody({
+  password: [
+    { type: 'required' },
+    { type: 'minLength', value: 8 },
+    { 
+      type: 'custom', 
+      validator: (value) => {
+        // Custom validation logic
+        return /[A-Z]/.test(value) && /[a-z]/.test(value) && /[0-9]/.test(value);
+      },
+      message: 'Password must contain uppercase, lowercase, and number'
+    }
+  ],
+  confirmPassword: [
+    { type: 'required' },
+    {
+      type: 'custom',
+      validator: (value, data) => {
+        // Access other fields from the request
+        return value === data.password;
+      },
+      message: 'Passwords do not match'
+    }
+  ]
+}), handler);
+```
+
+#### Available Validation Rules
+
+| Rule | Description | Example |
+|------|-------------|---------|
+| `required` | Field must be present and not empty | `{ type: 'required', message: 'Field is required' }` |
+| `string` | Value must be a string | `{ type: 'string' }` |
+| `number` | Value must be a number | `{ type: 'number' }` |
+| `boolean` | Value must be a boolean | `{ type: 'boolean' }` |
+| `email` | Value must be a valid email | `{ type: 'email', message: 'Invalid email' }` |
+| `min` | Number must be >= value | `{ type: 'min', value: 1 }` |
+| `max` | Number must be <= value | `{ type: 'max', value: 100 }` |
+| `minLength` | String length must be >= value | `{ type: 'minLength', value: 8 }` |
+| `maxLength` | String length must be <= value | `{ type: 'maxLength', value: 255 }` |
+| `pattern` | String must match regex | `{ type: 'pattern', value: /^[a-z]+$/ }` |
+| `enum` | Value must be in array | `{ type: 'enum', values: ['a', 'b', 'c'] }` |
+| `array` | Value must be an array | `{ type: 'array' }` |
+| `object` | Value must be an object | `{ type: 'object' }` |
+| `custom` | Custom validation function | `{ type: 'custom', validator: (val) => boolean }` |
+
+#### Validation Options
+
+```typescript
+validate(schema, {
+  source: 'body' | 'query' | 'params' | ['body', 'query'], // What to validate (default: 'body')
+  abortEarly: boolean // Stop on first error or collect all errors (default: false)
+})
+```
+
+#### Error Response Format
+
+When validation fails, the middleware returns a 400 status with:
+
+```json
+{
+  "success": false,
+  "error": "Validation failed",
+  "errors": {
+    "email": "Invalid email format",
+    "password": "Password must be at least 8 characters"
+  }
+}
+```
+
+Or with `abortEarly: true`, only the first error:
+
+```json
+{
+  "success": false,
+  "error": "Validation failed",
+  "errors": {
+    "email": "Email is required"
+  }
+}
+```
+
+### 6. End-to-End Data Encryption & Decryption
+
+The package includes a powerful encryption service for secure end-to-end encryption and decryption of large data using AES-256-GCM with automatic chunking support.
+
+#### Basic Usage
+
+```typescript
+import { EncryptionService } from '@bhandari88/express-auth';
+
+// Create encryption service with default settings
+const encryption = new EncryptionService();
+
+// Encrypt data
+const data = 'Sensitive information that needs to be encrypted';
+const password = 'my-secure-password-123';
+
+const encrypted = await encryption.encrypt(data, password);
+console.log(encrypted);
+// {
+//   encrypted: 'base64-encrypted-data...',
+//   salt: 'base64-salt...',
+//   iv: 'base64-iv...',
+//   authTag: 'base64-auth-tag...',
+//   algorithm: 'aes-256-gcm'
+// }
+
+// Decrypt data
+const decrypted = await encryption.decrypt(encrypted, password);
+console.log(decrypted.toString('utf8')); // 'Sensitive information that needs to be encrypted'
+```
+
+#### Encrypt/Decrypt Strings (Convenience Methods)
+
+```typescript
+// Encrypt to string (includes all metadata as JSON)
+const encryptedString = await encryption.encryptToString(data, password);
+// Store encryptedString in database, file, etc.
+
+// Decrypt from string
+const decryptedString = await encryption.decryptFromString(encryptedString, password);
+console.log(decryptedString); // Original data
+```
+
+#### Encrypt/Decrypt Large Data
+
+The encryption service automatically handles large data by chunking it into smaller pieces. This is transparent to you:
+
+```typescript
+// Encrypt large file or data
+const fs = require('fs');
+const largeData = fs.readFileSync('large-file.pdf');
+
+const encrypted = await encryption.encrypt(largeData, password);
+// Automatically chunked and encrypted
+
+// Decrypt large data
+const decrypted = await encryption.decrypt(encrypted, password);
+fs.writeFileSync('decrypted-file.pdf', decrypted);
+```
+
+#### Encrypt/Decrypt Buffers
+
+```typescript
+// Encrypt Buffer
+const buffer = Buffer.from('Binary data', 'utf8');
+const encrypted = await encryption.encrypt(buffer, password);
+
+// Decrypt to Buffer
+const decrypted = await encryption.decrypt(encrypted, password);
+console.log(decrypted); // Buffer
+```
+
+#### Custom Configuration
+
+```typescript
+import { EncryptionService, EncryptionConfig } from '@bhandari88/express-auth';
+
+const config: EncryptionConfig = {
+  algorithm: 'aes-256-gcm',           // 'aes-256-gcm' | 'aes-192-gcm' | 'aes-128-gcm'
+  keyDerivationIterations: 100000,    // PBKDF2 iterations (higher = more secure but slower)
+  saltLength: 32,                      // Salt length in bytes
+  ivLength: 16,                        // IV length in bytes
+  authTagLength: 16,                   // Auth tag length in bytes
+  chunkSize: 64 * 1024,                // Chunk size for large data (64KB default)
+};
+
+const encryption = new EncryptionService(config);
+```
+
+#### Generate Secure Passwords
+
+```typescript
+import { EncryptionService } from '@bhandari88/express-auth';
+
+// Generate secure random password (base64)
+const password = EncryptionService.generateSecurePassword(32);
+console.log(password); // Random base64 string
+
+// Generate secure random password (hex)
+const hexPassword = EncryptionService.generateSecurePasswordHex(32);
+console.log(hexPassword); // Random hex string
+```
+
+#### Express Route Example
+
+```typescript
+import express from 'express';
+import { EncryptionService } from '@bhandari88/express-auth';
+
+const app = express();
+app.use(express.json());
+
+const encryption = new EncryptionService();
+
+// Encrypt endpoint
+app.post('/api/encrypt', async (req, res) => {
+  try {
+    const { data, password } = req.body;
+    
+    if (!data || !password) {
+      return res.status(400).json({ 
+        success: false, 
+        error: 'Data and password are required' 
+      });
+    }
+
+    const encrypted = await encryption.encryptToString(data, password);
+    res.json({ success: true, encrypted });
+  } catch (error) {
+    res.status(500).json({ 
+      success: false, 
+      error: error instanceof Error ? error.message : 'Encryption failed' 
+    });
+  }
+});
+
+// Decrypt endpoint
+app.post('/api/decrypt', async (req, res) => {
+  try {
+    const { encrypted, password } = req.body;
+    
+    if (!encrypted || !password) {
+      return res.status(400).json({ 
+        success: false, 
+        error: 'Encrypted data and password are required' 
+      });
+    }
+
+    const decrypted = await encryption.decryptFromString(encrypted, password);
+    res.json({ success: true, decrypted });
+  } catch (error) {
+    res.status(500).json({ 
+      success: false, 
+      error: error instanceof Error ? error.message : 'Decryption failed' 
+    });
+  }
+});
+```
+
+#### Security Features
+
+- **AES-256-GCM**: Industry-standard authenticated encryption
+- **Automatic Chunking**: Handles large data efficiently without memory issues
+- **PBKDF2 Key Derivation**: 100,000 iterations by default (configurable)
+- **Random Salt & IV**: Unique salt and IV for each encryption
+- **Authentication Tags**: Prevents tampering with encrypted data
+- **No External Dependencies**: Uses Node.js built-in crypto module
+
+#### Encryption Configuration Options
+
+```typescript
+interface EncryptionConfig {
+  algorithm?: 'aes-256-gcm' | 'aes-192-gcm' | 'aes-128-gcm';  // Default: 'aes-256-gcm'
+  keyDerivationIterations?: number;                             // Default: 100000
+  saltLength?: number;                                          // Default: 32 bytes
+  ivLength?: number;                                            // Default: 16 bytes
+  authTagLength?: number;                                       // Default: 16 bytes
+  chunkSize?: number;                                           // Default: 64KB
+}
+```
+
+#### Encryption Result Format
+
+```typescript
+interface EncryptionResult {
+  encrypted: string;      // Base64 encoded encrypted data
+  salt: string;           // Base64 encoded salt used for key derivation
+  iv: string;             // Base64 encoded IV/nonce
+  authTag?: string;       // Base64 encoded authentication tag (for single chunk)
+  algorithm: string;      // Algorithm used ('aes-256-gcm')
+}
+```
+
 ## API Endpoints
 
 ### Register User
@@ -389,6 +786,13 @@ interface AuthConfig {
 
 5. **Input Validation**: All inputs are validated and sanitized automatically
 
+6. **Data Encryption**:
+   - Use AES-256-GCM for authenticated encryption
+   - Minimum 8 character password for encryption
+   - Store encrypted data securely (database, files, etc.)
+   - Never share encryption passwords in plain text
+   - Use strong, randomly generated passwords when possible
+
 ## Types
 
 ```typescript

package/dist/index.d.ts

@@ -56,6 +56,8 @@ export * from './types';
 export { JwtService } from './utils/jwt';
 export { PasswordService } from './utils/password';
 export { ValidatorService } from './utils/validator';
+export { EncryptionService, EncryptionConfig, EncryptionResult } from './utils/encryption';
 export { AuthMiddleware } from './middleware/auth.middleware';
+export { validate, validateBody, validateQuery, validateParams, ValidationOptions, ValidationSource, ValidationSchema, ValidationRule, FieldValidation } from './middleware/validation.middleware';
 export { LocalAuthHandler } from './handlers/local-auth';
 export { SocialAuthHandler } from './handlers/social-auth';

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SocialAuthHandler = exports.LocalAuthHandler = exports.AuthMiddleware = exports.ValidatorService = exports.PasswordService = exports.JwtService = exports.Auth = void 0;
+exports.SocialAuthHandler = exports.LocalAuthHandler = exports.validateParams = exports.validateQuery = exports.validateBody = exports.validate = exports.AuthMiddleware = exports.EncryptionService = exports.ValidatorService = exports.PasswordService = exports.JwtService = exports.Auth = void 0;
 const jwt_1 = require("./utils/jwt");
 const password_1 = require("./utils/password");
 const local_auth_1 = require("./handlers/local-auth");
@@ -224,8 +224,15 @@ var password_2 = require("./utils/password");
 Object.defineProperty(exports, "PasswordService", { enumerable: true, get: function () { return password_2.PasswordService; } });
 var validator_1 = require("./utils/validator");
 Object.defineProperty(exports, "ValidatorService", { enumerable: true, get: function () { return validator_1.ValidatorService; } });
+var encryption_1 = require("./utils/encryption");
+Object.defineProperty(exports, "EncryptionService", { enumerable: true, get: function () { return encryption_1.EncryptionService; } });
 var auth_middleware_2 = require("./middleware/auth.middleware");
 Object.defineProperty(exports, "AuthMiddleware", { enumerable: true, get: function () { return auth_middleware_2.AuthMiddleware; } });
+var validation_middleware_1 = require("./middleware/validation.middleware");
+Object.defineProperty(exports, "validate", { enumerable: true, get: function () { return validation_middleware_1.validate; } });
+Object.defineProperty(exports, "validateBody", { enumerable: true, get: function () { return validation_middleware_1.validateBody; } });
+Object.defineProperty(exports, "validateQuery", { enumerable: true, get: function () { return validation_middleware_1.validateQuery; } });
+Object.defineProperty(exports, "validateParams", { enumerable: true, get: function () { return validation_middleware_1.validateParams; } });
 var local_auth_2 = require("./handlers/local-auth");
 Object.defineProperty(exports, "LocalAuthHandler", { enumerable: true, get: function () { return local_auth_2.LocalAuthHandler; } });
 var social_auth_2 = require("./handlers/social-auth");

package/dist/middleware/validation.middleware.d.ts

@@ -0,0 +1,114 @@
+import { RequestHandler } from 'express';
+export type ValidationSource = 'body' | 'query' | 'params';
+export type ValidationRule = {
+    type: 'required';
+    message?: string;
+} | {
+    type: 'string';
+    message?: string;
+} | {
+    type: 'number';
+    message?: string;
+} | {
+    type: 'boolean';
+    message?: string;
+} | {
+    type: 'email';
+    message?: string;
+} | {
+    type: 'min';
+    value: number;
+    message?: string;
+} | {
+    type: 'max';
+    value: number;
+    message?: string;
+} | {
+    type: 'minLength';
+    value: number;
+    message?: string;
+} | {
+    type: 'maxLength';
+    value: number;
+    message?: string;
+} | {
+    type: 'pattern';
+    value: RegExp;
+    message?: string;
+} | {
+    type: 'enum';
+    values: any[];
+    message?: string;
+} | {
+    type: 'custom';
+    validator: (value: any) => boolean | Promise<boolean>;
+    message?: string;
+} | {
+    type: 'array';
+    message?: string;
+} | {
+    type: 'object';
+    message?: string;
+};
+export interface FieldValidation {
+    rules: ValidationRule[];
+    message?: string;
+}
+export interface ValidationSchema {
+    [field: string]: FieldValidation | ValidationRule[];
+}
+export interface ValidationOptions {
+    source?: ValidationSource | ValidationSource[];
+    abortEarly?: boolean;
+}
+/**
+ * Validation middleware factory for request data validation
+ *
+ * @example
+ * ```typescript
+ * import { validate } from '@bhandari88/express-auth';
+ *
+ * // Simple validation
+ * app.post('/login', validate({
+ *   email: {
+ *     rules: [
+ *       { type: 'required', message: 'Email is required' },
+ *       { type: 'email', message: 'Invalid email format' }
+ *     ]
+ *   },
+ *   password: {
+ *     rules: [
+ *       { type: 'required', message: 'Password is required' },
+ *       { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+ *     ]
+ *   }
+ * }), (req, res) => {
+ *   // req.body is validated
+ * });
+ *
+ * // Validate query parameters
+ * app.get('/users', validate({
+ *   page: {
+ *     rules: [
+ *       { type: 'number', message: 'Page must be a number' },
+ *       { type: 'min', value: 1, message: 'Page must be at least 1' }
+ *     ]
+ *   }
+ * }, { source: 'query' }), (req, res) => {
+ *   // req.query is validated
+ * });
+ * ```
+ */
+export declare function validate(schema: ValidationSchema, options?: ValidationOptions): RequestHandler;
+/**
+ * Validate request body
+ */
+export declare function validateBody(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;
+/**
+ * Validate request query parameters
+ */
+export declare function validateQuery(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;
+/**
+ * Validate request route parameters
+ */
+export declare function validateParams(schema: ValidationSchema, options?: Omit<ValidationOptions, 'source'>): RequestHandler;

package/dist/middleware/validation.middleware.js

@@ -0,0 +1,290 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validate = validate;
+exports.validateBody = validateBody;
+exports.validateQuery = validateQuery;
+exports.validateParams = validateParams;
+/**
+ * Validation middleware factory for request data validation
+ *
+ * @example
+ * ```typescript
+ * import { validate } from '@bhandari88/express-auth';
+ *
+ * // Simple validation
+ * app.post('/login', validate({
+ *   email: {
+ *     rules: [
+ *       { type: 'required', message: 'Email is required' },
+ *       { type: 'email', message: 'Invalid email format' }
+ *     ]
+ *   },
+ *   password: {
+ *     rules: [
+ *       { type: 'required', message: 'Password is required' },
+ *       { type: 'minLength', value: 8, message: 'Password must be at least 8 characters' }
+ *     ]
+ *   }
+ * }), (req, res) => {
+ *   // req.body is validated
+ * });
+ *
+ * // Validate query parameters
+ * app.get('/users', validate({
+ *   page: {
+ *     rules: [
+ *       { type: 'number', message: 'Page must be a number' },
+ *       { type: 'min', value: 1, message: 'Page must be at least 1' }
+ *     ]
+ *   }
+ * }, { source: 'query' }), (req, res) => {
+ *   // req.query is validated
+ * });
+ * ```
+ */
+function validate(schema, options = {}) {
+    const { source = 'body', abortEarly = false, } = options;
+    const sources = Array.isArray(source) ? source : [source];
+    return async (req, res, next) => {
+        try {
+            const errors = [];
+            // Collect data from all specified sources
+            const dataToValidate = {};
+            for (const src of sources) {
+                if (src === 'body') {
+                    Object.assign(dataToValidate, req.body);
+                }
+                else if (src === 'query') {
+                    Object.assign(dataToValidate, req.query);
+                }
+                else if (src === 'params') {
+                    Object.assign(dataToValidate, req.params);
+                }
+            }
+            // Validate each field in the schema
+            for (const [field, fieldValidation] of Object.entries(schema)) {
+                const value = dataToValidate[field];
+                // Get rules array
+                let rules;
+                let fieldMessage;
+                if (Array.isArray(fieldValidation)) {
+                    rules = fieldValidation;
+                }
+                else {
+                    rules = fieldValidation.rules;
+                    fieldMessage = fieldValidation.message;
+                }
+                // Validate each rule
+                for (const rule of rules) {
+                    const error = await validateRule(field, value, rule, fieldMessage);
+                    if (error) {
+                        errors.push(error);
+                        if (abortEarly) {
+                            break;
+                        }
+                    }
+                }
+                if (abortEarly && errors.length > 0) {
+                    break;
+                }
+            }
+            if (errors.length > 0) {
+                res.status(400).json({
+                    success: false,
+                    error: 'Validation failed',
+                    errors: errors.length === 1
+                        ? { [errors[0].field]: errors[0].message }
+                        : errors.reduce((acc, err) => {
+                            acc[err.field] = err.message;
+                            return acc;
+                        }, {}),
+                });
+                return;
+            }
+            next();
+        }
+        catch (error) {
+            res.status(500).json({
+                success: false,
+                error: 'Validation error',
+            });
+        }
+    };
+}
+/**
+ * Validate a single rule
+ */
+async function validateRule(field, value, rule, fieldMessage) {
+    const getMessage = (defaultMsg) => {
+        return rule.message || fieldMessage || defaultMsg;
+    };
+    switch (rule.type) {
+        case 'required':
+            if (value === undefined || value === null || value === '') {
+                return {
+                    field,
+                    message: getMessage(`${field} is required`),
+                };
+            }
+            break;
+        case 'string':
+            if (value !== undefined && typeof value !== 'string') {
+                return {
+                    field,
+                    message: getMessage(`${field} must be a string`),
+                };
+            }
+            break;
+        case 'number':
+            if (value !== undefined && (typeof value !== 'number' || isNaN(value))) {
+                // Try to parse string numbers
+                if (typeof value === 'string' && !isNaN(Number(value))) {
+                    return null; // Valid number string
+                }
+                return {
+                    field,
+                    message: getMessage(`${field} must be a number`),
+                };
+            }
+            break;
+        case 'boolean':
+            if (value !== undefined && typeof value !== 'boolean') {
+                // Accept string booleans
+                if (typeof value === 'string' && (value === 'true' || value === 'false')) {
+                    return null;
+                }
+                return {
+                    field,
+                    message: getMessage(`${field} must be a boolean`),
+                };
+            }
+            break;
+        case 'email':
+            if (value !== undefined && value !== '') {
+                const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+                if (!emailRegex.test(String(value))) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be a valid email`),
+                    };
+                }
+            }
+            break;
+        case 'min':
+            if (value !== undefined && value !== '') {
+                const numValue = typeof value === 'string' ? Number(value) : value;
+                if (typeof numValue === 'number' && !isNaN(numValue) && numValue < rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at least ${rule.value}`),
+                    };
+                }
+            }
+            break;
+        case 'max':
+            if (value !== undefined && value !== '') {
+                const numValue = typeof value === 'string' ? Number(value) : value;
+                if (typeof numValue === 'number' && !isNaN(numValue) && numValue > rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at most ${rule.value}`),
+                    };
+                }
+            }
+            break;
+        case 'minLength':
+            if (value !== undefined && value !== '') {
+                const strValue = String(value);
+                if (strValue.length < rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at least ${rule.value} characters`),
+                    };
+                }
+            }
+            break;
+        case 'maxLength':
+            if (value !== undefined && value !== '') {
+                const strValue = String(value);
+                if (strValue.length > rule.value) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be at most ${rule.value} characters`),
+                    };
+                }
+            }
+            break;
+        case 'pattern':
+            if (value !== undefined && value !== '') {
+                if (!rule.value.test(String(value))) {
+                    return {
+                        field,
+                        message: getMessage(`${field} format is invalid`),
+                    };
+                }
+            }
+            break;
+        case 'enum':
+            if (value !== undefined && value !== '') {
+                if (!rule.values.includes(value)) {
+                    return {
+                        field,
+                        message: getMessage(`${field} must be one of: ${rule.values.join(', ')}`),
+                    };
+                }
+            }
+            break;
+        case 'array':
+            if (value !== undefined && !Array.isArray(value)) {
+                return {
+                    field,
+                    message: getMessage(`${field} must be an array`),
+                };
+            }
+            break;
+        case 'object':
+            if (value !== undefined && (typeof value !== 'object' || Array.isArray(value) || value === null)) {
+                return {
+                    field,
+                    message: getMessage(`${field} must be an object`),
+                };
+            }
+            break;
+        case 'custom':
+            try {
+                const isValid = await rule.validator(value);
+                if (!isValid) {
+                    return {
+                        field,
+                        message: getMessage(`${field} is invalid`),
+                    };
+                }
+            }
+            catch (error) {
+                return {
+                    field,
+                    message: getMessage(`${field} validation failed`),
+                };
+            }
+            break;
+    }
+    return null;
+}
+/**
+ * Validate request body
+ */
+function validateBody(schema, options = {}) {
+    return validate(schema, { ...options, source: 'body' });
+}
+/**
+ * Validate request query parameters
+ */
+function validateQuery(schema, options = {}) {
+    return validate(schema, { ...options, source: 'query' });
+}
+/**
+ * Validate request route parameters
+ */
+function validateParams(schema, options = {}) {
+    return validate(schema, { ...options, source: 'params' });
+}

package/dist/utils/encryption.d.ts

@@ -0,0 +1,145 @@
+/**
+ * Configuration options for encryption service
+ */
+export interface EncryptionConfig {
+    /**
+     * Algorithm to use for encryption (default: 'aes-256-gcm')
+     */
+    algorithm?: 'aes-256-gcm' | 'aes-192-gcm' | 'aes-128-gcm';
+    /**
+     * Key derivation iterations for PBKDF2 (default: 100000)
+     * Higher values are more secure but slower
+     */
+    keyDerivationIterations?: number;
+    /**
+     * Salt length in bytes (default: 32)
+     */
+    saltLength?: number;
+    /**
+     * IV length in bytes (default: 16 for GCM)
+     */
+    ivLength?: number;
+    /**
+     * Authentication tag length in bytes (default: 16 for GCM)
+     */
+    authTagLength?: number;
+    /**
+     * Chunk size for large data encryption in bytes (default: 64KB)
+     * Data larger than this will be encrypted in chunks
+     */
+    chunkSize?: number;
+}
+/**
+ * Encryption result containing encrypted data and metadata
+ */
+export interface EncryptionResult {
+    /**
+     * Encrypted data as base64 string
+     */
+    encrypted: string;
+    /**
+     * Salt used for key derivation (base64)
+     */
+    salt: string;
+    /**
+     * IV/nonce used for encryption (base64)
+     */
+    iv: string;
+    /**
+     * Authentication tag for GCM mode (base64)
+     */
+    authTag?: string;
+    /**
+     * Algorithm used
+     */
+    algorithm: string;
+}
+/**
+ * Service for end-to-end encryption and decryption of large data
+ * Uses AES-256-GCM for authenticated encryption with chunking support
+ */
+export declare class EncryptionService {
+    private algorithm;
+    private keyDerivationIterations;
+    private saltLength;
+    private ivLength;
+    private authTagLength;
+    private chunkSize;
+    private keyLength;
+    constructor(config?: EncryptionConfig);
+    /**
+     * Derive encryption key from password using PBKDF2
+     */
+    private deriveKey;
+    /**
+     * Encrypt data (string or Buffer) with password-based encryption
+     * Automatically handles chunking for large data
+     *
+     * @param data - Data to encrypt (string or Buffer)
+     * @param password - Password for encryption
+     * @returns Encryption result with encrypted data and metadata
+     */
+    encrypt(data: string | Buffer, password: string): Promise<EncryptionResult>;
+    /**
+     * Encrypt a single chunk of data
+     */
+    private encryptChunk;
+    /**
+     * Encrypt large data in chunks
+     */
+    private encryptLargeData;
+    /**
+     * Decrypt data that was encrypted with encrypt()
+     *
+     * @param encryptedData - Encryption result from encrypt()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as Buffer
+     */
+    decrypt(encryptedData: EncryptionResult, password: string): Promise<Buffer>;
+    /**
+     * Decrypt a single chunk
+     */
+    private decryptChunk;
+    /**
+     * Decrypt large data that was encrypted in chunks
+     */
+    private decryptLargeData;
+    /**
+     * Encrypt data and return as string (convenience method)
+     *
+     * @param data - Data to encrypt (string or Buffer)
+     * @param password - Password for encryption
+     * @returns Encrypted data as base64 string (includes all metadata)
+     */
+    encryptToString(data: string | Buffer, password: string): Promise<string>;
+    /**
+     * Decrypt data from string format (convenience method)
+     *
+     * @param encryptedString - Encrypted data as JSON string from encryptToString()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as string
+     */
+    decryptFromString(encryptedString: string, password: string): Promise<string>;
+    /**
+     * Decrypt data from string format and return as Buffer
+     *
+     * @param encryptedString - Encrypted data as JSON string from encryptToString()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as Buffer
+     */
+    decryptFromStringToBuffer(encryptedString: string, password: string): Promise<Buffer>;
+    /**
+     * Generate a secure random password/key
+     *
+     * @param length - Length of password in bytes (default: 32)
+     * @returns Random password as base64 string
+     */
+    static generateSecurePassword(length?: number): string;
+    /**
+     * Generate a secure random password/key as hex string
+     *
+     * @param length - Length of password in bytes (default: 32)
+     * @returns Random password as hex string
+     */
+    static generateSecurePasswordHex(length?: number): string;
+}

package/dist/utils/encryption.js

@@ -0,0 +1,291 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionService = void 0;
+const crypto = __importStar(require("crypto"));
+/**
+ * Service for end-to-end encryption and decryption of large data
+ * Uses AES-256-GCM for authenticated encryption with chunking support
+ */
+class EncryptionService {
+    constructor(config = {}) {
+        this.algorithm = config.algorithm || 'aes-256-gcm';
+        this.keyDerivationIterations = config.keyDerivationIterations || 100000;
+        this.saltLength = config.saltLength || 32;
+        this.ivLength = config.ivLength || 16;
+        this.authTagLength = config.authTagLength || 16;
+        this.chunkSize = config.chunkSize || 64 * 1024; // 64KB default
+        // Determine key length based on algorithm
+        if (this.algorithm.includes('256')) {
+            this.keyLength = 32; // 256 bits
+        }
+        else if (this.algorithm.includes('192')) {
+            this.keyLength = 24; // 192 bits
+        }
+        else {
+            this.keyLength = 16; // 128 bits
+        }
+    }
+    /**
+     * Derive encryption key from password using PBKDF2
+     */
+    async deriveKey(password, salt) {
+        return new Promise((resolve, reject) => {
+            crypto.pbkdf2(password, salt, this.keyDerivationIterations, this.keyLength, 'sha256', (err, derivedKey) => {
+                if (err)
+                    reject(err);
+                else
+                    resolve(derivedKey);
+            });
+        });
+    }
+    /**
+     * Encrypt data (string or Buffer) with password-based encryption
+     * Automatically handles chunking for large data
+     *
+     * @param data - Data to encrypt (string or Buffer)
+     * @param password - Password for encryption
+     * @returns Encryption result with encrypted data and metadata
+     */
+    async encrypt(data, password) {
+        if (!data) {
+            throw new Error('Data to encrypt cannot be empty');
+        }
+        if (!password || password.length < 8) {
+            throw new Error('Password must be at least 8 characters long');
+        }
+        // Convert string to Buffer if needed
+        const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, 'utf8');
+        // Generate random salt and IV
+        const salt = crypto.randomBytes(this.saltLength);
+        const iv = crypto.randomBytes(this.ivLength);
+        // Derive encryption key from password
+        const key = await this.deriveKey(password, salt);
+        // For small data, encrypt directly
+        if (dataBuffer.length <= this.chunkSize) {
+            const result = this.encryptChunk(dataBuffer, key, iv);
+            result.salt = salt.toString('base64');
+            return result;
+        }
+        // For large data, encrypt in chunks
+        const result = await this.encryptLargeData(dataBuffer, key, iv);
+        result.salt = salt.toString('base64');
+        return result;
+    }
+    /**
+     * Encrypt a single chunk of data
+     */
+    encryptChunk(data, key, iv) {
+        const cipher = crypto.createCipheriv(this.algorithm, key, iv);
+        const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        return {
+            encrypted: encrypted.toString('base64'),
+            salt: '', // Will be set by caller
+            iv: iv.toString('base64'),
+            authTag: authTag.toString('base64'),
+            algorithm: this.algorithm,
+        };
+    }
+    /**
+     * Encrypt large data in chunks
+     */
+    async encryptLargeData(data, key, iv) {
+        const chunks = [];
+        const totalChunks = Math.ceil(data.length / this.chunkSize);
+        // Generate a unique IV for each chunk (derive from base IV)
+        const chunkIVs = [];
+        for (let i = 0; i < totalChunks; i++) {
+            // Derive chunk IV from base IV and chunk index
+            const chunkIVBuffer = Buffer.allocUnsafe(this.ivLength);
+            crypto.createHash('sha256')
+                .update(iv)
+                .update(Buffer.from(i.toString()))
+                .digest()
+                .copy(chunkIVBuffer, 0, 0, this.ivLength);
+            chunkIVs.push(chunkIVBuffer);
+        }
+        // Encrypt each chunk
+        for (let i = 0; i < totalChunks; i++) {
+            const start = i * this.chunkSize;
+            const end = Math.min(start + this.chunkSize, data.length);
+            const chunk = data.slice(start, end);
+            const chunkIV = chunkIVs[i];
+            const cipher = crypto.createCipheriv(this.algorithm, key, chunkIV);
+            const encrypted = Buffer.concat([cipher.update(chunk), cipher.final()]);
+            const authTag = cipher.getAuthTag();
+            // Store chunk with its auth tag: base64(encrypted:authTag)
+            const chunkWithTag = Buffer.concat([encrypted, authTag]);
+            chunks.push(chunkWithTag.toString('base64'));
+        }
+        // Combine all chunks with delimiter
+        const encryptedData = chunks.join('|');
+        return {
+            encrypted: encryptedData,
+            salt: '', // Will be set by caller
+            iv: iv.toString('base64'),
+            authTag: undefined, // Not used for chunked encryption (each chunk has its own tag)
+            algorithm: this.algorithm,
+        };
+    }
+    /**
+     * Decrypt data that was encrypted with encrypt()
+     *
+     * @param encryptedData - Encryption result from encrypt()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as Buffer
+     */
+    async decrypt(encryptedData, password) {
+        if (!encryptedData || !encryptedData.encrypted) {
+            throw new Error('Invalid encrypted data');
+        }
+        if (!password || password.length < 8) {
+            throw new Error('Password must be at least 8 characters long');
+        }
+        // Reconstruct salt and IV
+        if (!encryptedData.salt) {
+            throw new Error('Salt is required for decryption');
+        }
+        const salt = Buffer.from(encryptedData.salt, 'base64');
+        const iv = Buffer.from(encryptedData.iv, 'base64');
+        // Derive encryption key from password
+        const key = await this.deriveKey(password, salt);
+        // Check if data is chunked (contains '|' delimiter)
+        if (encryptedData.encrypted.includes('|')) {
+            return this.decryptLargeData(encryptedData.encrypted, key, iv);
+        }
+        // Decrypt single chunk
+        return this.decryptChunk(encryptedData, key, iv);
+    }
+    /**
+     * Decrypt a single chunk
+     */
+    decryptChunk(encryptedData, key, iv) {
+        const encrypted = Buffer.from(encryptedData.encrypted, 'base64');
+        if (!encryptedData.authTag) {
+            throw new Error('Authentication tag is required for decryption');
+        }
+        const authTag = Buffer.from(encryptedData.authTag, 'base64');
+        const decipher = crypto.createDecipheriv(encryptedData.algorithm || this.algorithm, key, iv);
+        decipher.setAuthTag(authTag);
+        return Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    }
+    /**
+     * Decrypt large data that was encrypted in chunks
+     */
+    decryptLargeData(encryptedData, key, iv) {
+        const chunks = encryptedData.split('|');
+        const decryptedChunks = [];
+        for (let i = 0; i < chunks.length; i++) {
+            // Derive chunk IV from base IV and chunk index
+            const chunkIVBuffer = Buffer.allocUnsafe(this.ivLength);
+            crypto.createHash('sha256')
+                .update(iv)
+                .update(Buffer.from(i.toString()))
+                .digest()
+                .copy(chunkIVBuffer, 0, 0, this.ivLength);
+            // Extract encrypted data and auth tag
+            const chunkWithTag = Buffer.from(chunks[i], 'base64');
+            const encrypted = chunkWithTag.slice(0, -this.authTagLength);
+            const authTag = chunkWithTag.slice(-this.authTagLength);
+            // Decrypt chunk
+            const decipher = crypto.createDecipheriv(this.algorithm, key, chunkIVBuffer);
+            decipher.setAuthTag(authTag);
+            const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+            decryptedChunks.push(decrypted);
+        }
+        return Buffer.concat(decryptedChunks);
+    }
+    /**
+     * Encrypt data and return as string (convenience method)
+     *
+     * @param data - Data to encrypt (string or Buffer)
+     * @param password - Password for encryption
+     * @returns Encrypted data as base64 string (includes all metadata)
+     */
+    async encryptToString(data, password) {
+        const result = await this.encrypt(data, password);
+        // Include salt in result for proper decryption
+        if (!result.salt) {
+            // Generate salt for this encryption
+            const salt = crypto.randomBytes(this.saltLength);
+            result.salt = salt.toString('base64');
+        }
+        // Return as JSON string (can be easily stored/transmitted)
+        return JSON.stringify(result);
+    }
+    /**
+     * Decrypt data from string format (convenience method)
+     *
+     * @param encryptedString - Encrypted data as JSON string from encryptToString()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as string
+     */
+    async decryptFromString(encryptedString, password) {
+        const encryptedData = JSON.parse(encryptedString);
+        const decrypted = await this.decrypt(encryptedData, password);
+        return decrypted.toString('utf8');
+    }
+    /**
+     * Decrypt data from string format and return as Buffer
+     *
+     * @param encryptedString - Encrypted data as JSON string from encryptToString()
+     * @param password - Password used for encryption
+     * @returns Decrypted data as Buffer
+     */
+    async decryptFromStringToBuffer(encryptedString, password) {
+        const encryptedData = JSON.parse(encryptedString);
+        return this.decrypt(encryptedData, password);
+    }
+    /**
+     * Generate a secure random password/key
+     *
+     * @param length - Length of password in bytes (default: 32)
+     * @returns Random password as base64 string
+     */
+    static generateSecurePassword(length = 32) {
+        return crypto.randomBytes(length).toString('base64');
+    }
+    /**
+     * Generate a secure random password/key as hex string
+     *
+     * @param length - Length of password in bytes (default: 32)
+     * @returns Random password as hex string
+     */
+    static generateSecurePasswordHex(length = 32) {
+        return crypto.randomBytes(length).toString('hex');
+    }
+}
+exports.EncryptionService = EncryptionService;

package/dist/utils/index.d.ts

@@ -1,3 +1,4 @@
 export { JwtService } from './jwt';
 export { PasswordService } from './password';
 export { ValidatorService } from './validator';
+export { EncryptionService, EncryptionConfig, EncryptionResult } from './encryption';

package/dist/utils/index.js

@@ -1,9 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ValidatorService = exports.PasswordService = exports.JwtService = void 0;
+exports.EncryptionService = exports.ValidatorService = exports.PasswordService = exports.JwtService = void 0;
 var jwt_1 = require("./jwt");
 Object.defineProperty(exports, "JwtService", { enumerable: true, get: function () { return jwt_1.JwtService; } });
 var password_1 = require("./password");
 Object.defineProperty(exports, "PasswordService", { enumerable: true, get: function () { return password_1.PasswordService; } });
 var validator_1 = require("./validator");
 Object.defineProperty(exports, "ValidatorService", { enumerable: true, get: function () { return validator_1.ValidatorService; } });
+var encryption_1 = require("./encryption");
+Object.defineProperty(exports, "EncryptionService", { enumerable: true, get: function () { return encryption_1.EncryptionService; } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bhandari88/express-auth",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "Plug-and-play authentication handler for Express.js with TypeScript supporting email, username, phone, and social login",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -23,19 +23,19 @@
   "dependencies": {
     "jsonwebtoken": "^9.0.2",
     "passport": "^0.7.0",
-    "passport-facebook": "^3.0.0",
     "passport-google-oauth20": "^2.0.0",
+    "passport-facebook": "^3.0.0",
     "validator": "^13.11.0"
   },
   "devDependencies": {
     "@types/express": "^4.17.21",
     "@types/jsonwebtoken": "^9.0.5",
-    "@types/node": "^20.10.5",
     "@types/passport": "^1.0.16",
-    "@types/passport-facebook": "^3.0.3",
     "@types/passport-google-oauth20": "^2.0.14",
+    "@types/passport-facebook": "^3.0.3",
     "@types/validator": "^13.11.7",
-    "typescript": "^5.9.3"
+    "@types/node": "^20.10.5",
+    "typescript": "^5.3.3"
   },
   "peerDependencies": {
     "express": "^4.18.0"