@mountsqli/auth 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +117 -0
  2. package/package.json +18 -6
package/README.md ADDED
@@ -0,0 +1,117 @@
1
+ # @mountsqli/auth
2
+
3
+ Complete, production-ready authentication system for MountSQLi applications.
4
+
5
+ ## Features
6
+
7
+ - **Email/password** — Secure registration and login with scrypt hashing
8
+ - **JWT sessions** — Configurable expiration, revocable via database sessions
9
+ - **OAuth** — Google, GitHub with CSRF protection and email verification
10
+ - **2FA** — TOTP-based with QR code generation
11
+ - **RBAC** — Role-based access control with permission checking
12
+ - **Email verification** — Send verification emails on registration
13
+ - **Password reset** — Secure token-based password reset flow
14
+ - **Rate limiting** — Built-in protection against brute force attacks
15
+ - **CSRF protection** — For cookie-based authentication
16
+ - **Token encryption** — OAuth tokens encrypted at rest with AES-256-GCM
17
+ - **Framework middleware** — Express, Next.js, Hono, Fastify
18
+
19
+ ## Installation
20
+
21
+ ```bash
22
+ npm install @mountsqli/auth
23
+ ```
24
+
25
+ ## Quick Start
26
+
27
+ ```typescript
28
+ import { createAuth, credentials, google, github } from '@mountsqli/auth';
29
+ import { mountsqli } from '@mountsqli/pg/node-postgres';
30
+
31
+ const db = mountsqli(process.env.DATABASE_URL!);
32
+
33
+ export const auth = createAuth({
34
+ db,
35
+ secret: process.env.AUTH_SECRET!,
36
+ providers: [
37
+ credentials(),
38
+ google({ clientId: process.env.GOOGLE_ID!, clientSecret: process.env.GOOGLE_SECRET! }),
39
+ github({ clientId: process.env.GITHUB_ID!, clientSecret: process.env.GITHUB_SECRET! }),
40
+ ],
41
+ session: { strategy: 'jwt', maxAge: 30 * 24 * 60 * 60 },
42
+ });
43
+ ```
44
+
45
+ ## Usage
46
+
47
+ ### Register & Login
48
+
49
+ ```typescript
50
+ // Register
51
+ const { user, token } = await auth.register({ email, password, name });
52
+
53
+ // Login
54
+ const result = await auth.login('credentials', { email, password });
55
+ ```
56
+
57
+ ### OAuth
58
+
59
+ ```typescript
60
+ // Get redirect URL
61
+ const url = await auth.signIn('google');
62
+
63
+ // Handle callback
64
+ const result = await auth.handleCallback('google', { code, state });
65
+ ```
66
+
67
+ ### Middleware (Express)
68
+
69
+ ```typescript
70
+ import { expressMiddleware, requireAuth } from '@mountsqli/auth';
71
+
72
+ app.use(expressMiddleware(auth));
73
+ app.get('/api/me', requireAuth(auth), (req, res) => {
74
+ res.json(req.auth.user);
75
+ });
76
+ ```
77
+
78
+ ### RBAC
79
+
80
+ ```typescript
81
+ await auth.rbac.createRole({ name: 'admin', permissions: ['*'] });
82
+ await auth.rbac.assignRole(userId, 'admin');
83
+ const allowed = await auth.rbac.authorize(userId, 'posts:write');
84
+ ```
85
+
86
+ ### 2FA
87
+
88
+ ```typescript
89
+ const { secret, otpauthUrl } = await auth.twoFactor.generate(userId);
90
+ await auth.twoFactor.enable(userId, code);
91
+ ```
92
+
93
+ ### Password Reset
94
+
95
+ ```typescript
96
+ await auth.passwordReset.create(email);
97
+ await auth.passwordReset.verify(token, newPassword);
98
+ ```
99
+
100
+ ## Security
101
+
102
+ - scrypt password hashing with timing-safe comparison
103
+ - JWT with HS256 algorithm (prevents algorithm confusion)
104
+ - OAuth state validation (CSRF protection)
105
+ - AES-256-GCM token encryption at rest
106
+ - Rate limiting on all auth endpoints
107
+ - Input validation (email format, password strength)
108
+ - Generic error messages (prevents user enumeration)
109
+ - Timing-safe TOTP comparison
110
+
111
+ ## Documentation
112
+
113
+ 📖 [Documentation](https://mountsqli.vercel.app/docs/auth/overview)
114
+
115
+ ## License
116
+
117
+ MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mountsqli/auth",
3
- "version": "0.1.0",
3
+ "version": "0.1.2",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {
@@ -10,7 +10,11 @@
10
10
  },
11
11
  "main": "./dist/index.js",
12
12
  "types": "./dist/index.d.ts",
13
- "files": ["dist", "LICENSE", "README.md"],
13
+ "files": [
14
+ "dist",
15
+ "LICENSE",
16
+ "README.md"
17
+ ],
14
18
  "scripts": {
15
19
  "build": "tsup",
16
20
  "dev": "tsup --watch",
@@ -27,10 +31,18 @@
27
31
  "hono": "^4.0.0"
28
32
  },
29
33
  "peerDependenciesMeta": {
30
- "pg": { "optional": true },
31
- "express": { "optional": true },
32
- "fastify": { "optional": true },
33
- "hono": { "optional": true }
34
+ "pg": {
35
+ "optional": true
36
+ },
37
+ "express": {
38
+ "optional": true
39
+ },
40
+ "fastify": {
41
+ "optional": true
42
+ },
43
+ "hono": {
44
+ "optional": true
45
+ }
34
46
  },
35
47
  "devDependencies": {
36
48
  "@mountsqli/pg": "workspace:*",