npm - @javagt/express-easy-auth - Versions diffs - 1.0.0 → 1.0.1 - Mend

@javagt/express-easy-auth 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@javagt/express-easy-auth",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "",
   "type": "module",
   "main": "src/index.js",

package/readme.md CHANGED Viewed

@@ -106,6 +106,20 @@ The library provides a flexible logging system and explicit control over error e
 - **Custom Logger**: Plug in your own logger (e.g., Winston, Pino) by passing it to `setupAuth`.
 - [View Example: Custom Logger](examples/05-custom-logger.js)
+### 🌐 SPA Fallback (Modern Alternative to Wildcard Routes)
+When building Single Page Applications (SPAs), avoid using catch-all wildcard routes (e.g., `app.get('*', ...)`) as they can cause routing conflicts and `PathError` in newer versions of Express.
+Instead, use a middleware-based fallback that only triggers for HTML requests:
+```javascript
+app.use((req, res, next) => {
+  if (req.method === 'GET' && req.accepts('html') && !req.path.startsWith('/api')) {
+    res.sendFile(path.join(__dirname, 'public/index.html'));
+  } else {
+    next();
+  }
+});
+```
 ---
 ## 📜 API Reference
@@ -128,6 +142,8 @@ All identity endpoints are nested under the router (recommended path: `/api/v1/a
 | | POST | `/passkeys/authenticate/verify` | — | Verify passkey login |
 | | GET | `/passkeys` | ✓ | List registered passkeys |
 | | DELETE | `/passkeys/:id` | ✓ | Delete a passkey |
+| **Account** | POST | `/password/change` | ✓ (Fresh) | Change current password |
+| | POST | `/email/change` | ✓ (Fresh) | Update email address |
 | **Password Reset** | POST | `/password-reset/request` | — | Generate reset token |
 | | POST | `/password-reset/reset` | — | Complete reset |
 | **API Keys** | GET | `/api-keys` | ✓ | List user API keys |

package/src/client.js CHANGED Viewed

@@ -102,10 +102,17 @@ export class AuthClient {
     return this.request('/logout', { method: 'POST' });
   }
-  async changePassword(newPassword, token) {
-    return this.request('/change-password', {
+  async changePassword(newPassword) {
+    return this.request('/password/change', {
       method: 'POST',
-      body: { newPassword, token }
+      body: { newPassword }
+    });
+  }
+  async changeEmail(newEmail) {
+    return this.request('/email/change', {
+      method: 'POST',
+      body: { newEmail }
     });
   }

package/src/middleware/auth.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { randomUUID, randomBytes } from 'crypto';
+import { randomUUID, randomBytes } from 'node:crypto';
 import { authDb } from '../db/init.js';
 import bcrypt from 'bcrypt';

package/src/routes/auth.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Router } from 'express';
 import bcrypt from 'bcrypt';
-import { randomUUID, randomBytes } from 'crypto';
+import { randomUUID, randomBytes } from 'node:crypto';
 import { verifySync, generateSecret } from 'otplib';
 import QRCode from 'qrcode';
 import {
@@ -290,7 +290,9 @@ router.post('/2fa/setup', requireAuth, async (req, res) => {
   const secret = generateSecret();
   req.session.pendingTotpSecret = secret;
-  const otpauthUrl = `otpauth://totp/${encodeURIComponent('AuthServer')}:${encodeURIComponent(user.email)}?secret=${secret}&issuer=AuthServer`;
+  const { rpName } = getRpConfig(req);
+  const issuer = encodeURIComponent(rpName);
+  const otpauthUrl = `otpauth://totp/${issuer}:${encodeURIComponent(user.email)}?secret=${secret}&issuer=${issuer}`;
   const qrCode = await QRCode.toDataURL(otpauthUrl);
   res.json({ secret, qrCode, otpauthUrl });
@@ -449,6 +451,33 @@ router.delete('/passkeys/:id', requireAuth, (req, res) => {
   res.json({ success: true });
 });
+// ─── ACCOUNT MANAGEMENT ──────────────────────────────────────────────────────
+router.post('/password/change', requireFreshAuth, async (req, res) => {
+  const { newPassword } = req.body;
+  if (!newPassword) return res.status(400).json({ error: 'newPassword is required' });
+  const settings = getAppSettings();
+  const minLen = parseInt(settings.password_min_length || '8', 10);
+  if (newPassword.length < minLen) {
+    return res.status(400).json({ error: `Password must be at least ${minLen} characters` });
+  }
+  const hash = await bcrypt.hash(newPassword, SALT_ROUNDS);
+  authDb.prepare('UPDATE users SET password_hash=?, updated_at=? WHERE id=?').run(hash, Date.now(), req.userId);
+  res.json({ success: true, message: 'Password changed successfully' });
+});
+router.post('/email/change', requireFreshAuth, async (req, res) => {
+  const { newEmail } = req.body;
+  if (!newEmail) return res.status(400).json({ error: 'newEmail is required' });
+  authDb.prepare('UPDATE users SET email=?, updated_at=? WHERE id=?').run(newEmail, Date.now(), req.userId);
+  res.json({ success: true, message: 'Email updated successfully', email: newEmail });
+});
 // ─── SESSIONS ────────────────────────────────────────────────────────────────
 router.get('/sessions', requireAuth, (req, res) => {

package/src/utils/authHelpers.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import bcrypt from 'bcrypt';
-import { randomBytes } from 'crypto';
+import { randomBytes } from 'node:crypto';
 /**
  * Generate a set of secure, readable recovery codes.

package/src/utils/logger.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { randomUUID } from 'crypto';
+import { randomUUID } from 'node:crypto';
 import { authDb } from '../db/init.js';
 /**