@starklabs/backend-core 1.0.0

package/dist/cjs/db.cjs

@@ -0,0 +1,17 @@
+const mongoose = require("mongoose");
+const AppLog = require("./utils/AppLog.cjs");
+
+// connecting to db
+const connectDB = async (uri, db) => {
+  const mongodbUri = uri || "mongodb://localhost:27017";
+  try {
+    await mongoose.connect(`${mongodbUri}/${db || "test"}`);
+    AppLog("check", "db.js", "Connected successfully!");
+  } catch (error) {
+    AppLog("X", "db.js", "Error while connecting!");
+    AppLog("X", "db.js", error.message);
+  }
+};
+
+// export
+module.exports = connectDB;

package/dist/cjs/index.cjs

@@ -0,0 +1,58 @@
+const connectDB = require("./db.cjs");
+const { seal, unSeal, generateMasterKey, hash, verifyHash } = require("./utils/libsodium.cjs");
+const { signJWT, verifyJWT } = require("./utils/jwt.cjs");
+
+const privateKeys = new WeakMap();
+
+class StarkAuth {
+  constructor(config) {
+    privateKeys.set(this, {
+      _masterKey: config.MASTER_KEY,
+      _JWT_SECRET: config.JWT_SECRET,
+      _JWT_EXPIRY: config.JWT_EXPIRY,
+    });
+  }
+
+  static async create(config) {
+    await connectDB(config.MONGO_URI, config.DB_NAME);
+    return new StarkAuth(config);
+  }
+
+  async encrypt(str) {
+    const { _masterKey } = privateKeys.get(this);
+    return seal(str, _masterKey);
+  }
+
+  async decrypt(str, nonce, publicKey, securedPrivateKey) {
+    const { _masterKey } = privateKeys.get(this);
+    return unSeal(str, nonce, publicKey, securedPrivateKey, _masterKey);
+  }
+
+  signJWT(payLoad) {
+    const { _JWT_SECRET, _JWT_EXPIRY } = privateKeys.get(this);
+    return signJWT(payLoad, _JWT_SECRET, _JWT_EXPIRY);
+  }
+
+  verifyJWT(token) {
+    const { _JWT_SECRET } = privateKeys.get(this);
+    return verifyJWT(token, _JWT_SECRET);
+  }
+}
+
+module.exports = StarkAuth;
+
+const crypto = {
+  generateMasterKey,
+  hash,
+  verifyHash,
+};
+
+const AppError = require("./utils/AppError.cjs");
+const AppLog = require("./utils/AppLog.cjs");
+const asyncHandler = require("./utils/asyncHandler.cjs");
+
+module.exports = StarkAuth;
+module.exports.crypto = crypto;
+module.exports.AppError = AppError;
+module.exports.AppLog = AppLog;
+module.exports.asyncHandler = asyncHandler;

package/dist/cjs/utils/AppError.cjs

@@ -0,0 +1,13 @@
+// custom error class
+class AppError extends Error {
+  // constructor
+  constructor(message, statusCode) {
+    // calling parent constructor
+    super(message);
+
+    this.statusCode = statusCode;
+    this.isOperational = true;
+  }
+}
+
+module.exports = AppError;

package/dist/cjs/utils/AppLog.cjs

@@ -0,0 +1,13 @@
+// emojis object
+const emojis = {
+  check: "✅",
+  X: "❌",
+};
+
+// console logs
+const AppLog = (emoji, file, message) => {
+  console.log(`${emojis[emoji]} [${file}] ${message}`);
+};
+
+// export
+module.exports = AppLog;

package/dist/cjs/utils/asyncHandler.cjs

@@ -0,0 +1,6 @@
+// async handler wrapper
+const asyncHandler = (fn) => async (req, res, next) => {
+  Promise.resolve(fn(req, res, next)).catch(next);
+};
+
+module.exports = asyncHandler;

package/dist/cjs/utils/jwt.cjs

@@ -0,0 +1,38 @@
+const jwt = require("jsonwebtoken");
+const AppError = require("./AppError.cjs");
+
+const EXPIRY = {
+  "2m": 1000 * 60 * 2,
+  "10m": 1000 * 60 * 10,
+  "1h": 1000 * 60 * 60,
+  "6h": 1000 * 60 * 60 * 6,
+  "12h": 1000 * 60 * 60 * 12,
+  "1d": 1000 * 60 * 60 * 24,
+  "3d": 1000 * 60 * 60 * 24 * 3,
+  "7d": 1000 * 60 * 60 * 24 * 7,
+  "14d": 1000 * 60 * 60 * 24 * 14,
+  "30d": 1000 * 60 * 60 * 24 * 30,
+};
+
+const getExpiry = (key) => {
+  if (!EXPIRY[key]) throw new Error("Invalid expiry key");
+  return EXPIRY[key];
+};
+
+const signJWT = (payLoad, JWT_SECRET, JWT_EXPIRY) => {
+  try {
+    return jwt.sign(payLoad, JWT_SECRET, { expiresIn: JWT_EXPIRY });
+  } catch (error) {
+    throw new AppError(error.message);
+  }
+};
+
+const verifyJWT = (token, JWT_SECRET) => {
+  try {
+    return jwt.verify(token, JWT_SECRET);
+  } catch (error) {
+    throw new AppError("Invalid or expired token", 401);
+  }
+};
+
+module.exports = { EXPIRY, signJWT, verifyJWT };

package/dist/cjs/utils/libsodium.cjs

@@ -0,0 +1,133 @@
+const sodium = require("libsodium-wrappers-sumo");
+const AppError = require("./AppError.cjs");
+
+// Hash password
+const hash = async (password) => {
+  await sodium.ready;
+
+  const salt = sodium.randombytes_buf(sodium.crypto_pwhash_SALTBYTES);
+
+  const hashStr = sodium.crypto_pwhash(
+    32,
+    password,
+    salt,
+    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_ALG_DEFAULT
+  );
+
+  // store salt + hashStr together
+  return sodium.to_base64(salt) + ":" + sodium.to_base64(hashStr);
+};
+
+// verifyPassword
+const verifyHash = async (password, storedHash) => {
+  await sodium.ready;
+
+  const [saltB64, hashB64] = storedHash.split(":");
+
+  const salt = sodium.from_base64(saltB64);
+  const originalHash = sodium.from_base64(hashB64);
+
+  const testHash = sodium.crypto_pwhash(
+    32,
+    password,
+    salt,
+    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_ALG_DEFAULT
+  );
+
+  return sodium.memcmp(originalHash, testHash);
+};
+
+// generate master key
+const generateMasterKey = async () => {
+  await sodium.ready;
+
+  const key = sodium.crypto_secretbox_keygen();
+
+  const base64Key = sodium.to_base64(
+    key,
+    sodium.base64_variants.ORIGINAL
+  );
+
+  
+  console.log(base64Key);
+  return base64Key
+};
+
+// seal
+const seal = async (string, masterKey) => {
+  try {
+    await sodium.ready;
+
+    const keyPair = sodium.crypto_box_keypair();
+    const strBytes = sodium.from_string(string);
+
+    const encrypted = sodium.crypto_box_seal(strBytes, keyPair.publicKey);
+    const str = sodium.to_base64(encrypted);
+
+    masterKey = sodium.from_base64(masterKey, sodium.base64_variants.ORIGINAL);
+    let nonce = sodium.randombytes_buf(24);
+
+    const pk = sodium.crypto_secretbox_easy(
+      keyPair.privateKey,
+      nonce,
+      masterKey
+    );
+
+    nonce = sodium.to_base64(nonce);
+
+    const securedPrivateKey = sodium.to_base64(pk);
+    const publicKey = sodium.to_base64(keyPair.publicKey);
+
+    return {
+      str,
+      nonce,
+      publicKey,
+      securedPrivateKey,
+    };
+  } catch (error) {
+    console.log(error.message);
+    throw new AppError("Error while encrypting");
+  }
+};
+
+// unSeal
+const unSeal = async (str, nonce, publicKey, securedPrivateKey, masterKey) => {
+  try {
+    if (!str || !nonce || !publicKey || !securedPrivateKey)
+      throw new AppError(
+        "Str, nonce, public key and secured private key are required"
+      );
+
+    await sodium.ready;
+
+    masterKey = sodium.from_base64(masterKey, sodium.base64_variants.ORIGINAL);
+    nonce = sodium.from_base64(nonce);
+    securedPrivateKey = sodium.from_base64(securedPrivateKey);
+    publicKey = sodium.from_base64(publicKey);
+    str = sodium.from_base64(str);
+
+    const privateKey = sodium.crypto_secretbox_open_easy(
+      securedPrivateKey,
+      nonce,
+      masterKey
+    );
+
+    const decrypted = sodium.crypto_box_seal_open(str, publicKey, privateKey);
+    return sodium.to_string(decrypted);
+  } catch (error) {
+    console.log(error.message);
+    throw new AppError("Error while decrypting");
+  }
+};
+
+module.exports = {
+  hash,
+  verifyHash,
+  generateMasterKey,
+  seal,
+  unSeal,
+};

package/dist/cjs/utils/successResponse.cjs

@@ -0,0 +1,13 @@
+// success response to client
+const successResponse = (res, data, status) => {
+  const response = { success: true };
+
+  if (data) {
+    response.data = data;
+  }
+
+  res.status(status).json(response);
+};
+
+// export
+module.exports = successResponse;

package/dist/js/db.js

@@ -0,0 +1,19 @@
+// module imports
+import mongoose from "mongoose";
+
+import AppLog from "./utils/AppLog.js";
+
+// connecting to db
+const connectDB = async (uri, db) => {
+  const mongodbUri = uri || "mongodb://localhost:27017";
+  try {
+    AppLog("check", "db.js", "Connected successfully!");
+    return await mongoose.connect(`${mongodbUri}/${db || "test"}`);
+  } catch (error) {
+    AppLog("X", "db.js", "Error while connecting!");
+    AppLog("X", "db.js", error.message);
+  }
+};
+
+// export
+export default connectDB;

package/dist/js/index.js

@@ -0,0 +1,65 @@
+// connectDB - connects MongoDB database
+import connectDB from "./db.js";
+
+// seal/unSeal - encrypt and decrypt data
+import { seal, unSeal } from "./utils/libsodium.js";
+import { signJWT, verifyJWT } from "./utils/jwt.js";
+
+class StarkAuth {
+  #_masterKey;
+  #_JWT_SECRET;
+  #_JWT_EXPIRY;
+
+  // constructor - store keys etc.
+  constructor(config) {
+    this.#_masterKey = config.MASTER_KEY;
+    this.#_JWT_SECRET = config.JWT_SECRET;
+    this.#_JWT_EXPIRY = config.JWT_EXPIRY;
+  }
+
+  // create - initializes DB and auth instance
+  static async create(config) {
+    await connectDB(config.MONGO_URI, config.DB_NAME);
+    return new StarkAuth(config);
+  }
+
+  // encrypt - encrypts string using master key
+  async encrypt(str) {
+    return seal(str, this.#_masterKey);
+  }
+
+  // decrypt - decrypts string using master key
+  async decrypt(str, nonce, publicKey, securedPrivateKey) {
+    return unSeal(str, nonce, publicKey, securedPrivateKey, this.#_masterKey);
+  }
+
+  // signJWT
+  signJWT(payLoad) {
+    return signJWT(payLoad, this.#_JWT_SECRET, this.#_JWT_EXPIRY);
+  }
+
+  // verifyJWT
+  verifyJWT(token) {
+    return verifyJWT(token, this.#_JWT_SECRET);
+  }
+}
+
+export default StarkAuth;
+
+// crypto - exports hashing utilities
+import { generateMasterKey, hash, verifyHash } from "./utils/libsodium.js";
+
+export const crypto = {
+  generateMasterKey,
+  hash,
+  verifyHash,
+};
+
+// AppError - custom application error class
+export { default as AppError } from "./utils/AppError.js";
+
+// AppLog - structured logging utility
+export { default as AppLog } from "./utils/AppLog.js";
+
+// async handler - AppError in async functions
+export { default as asyncHandler } from "./utils/asyncHandler.js";

package/dist/js/utils/AppError.js

@@ -0,0 +1,13 @@
+// custom error class
+class AppError extends Error {
+  // constructor
+  constructor(message, statusCode) {
+    // calling parent constructor
+    super(message);
+
+    this.statusCode = statusCode;
+    this.isOperational = true;
+  }
+}
+
+export default AppError;

package/dist/js/utils/AppLog.js

@@ -0,0 +1,19 @@
+// emojis object
+const emojis = {
+  check: "✅",
+  X: "❌",
+};
+
+// console logs
+/**
+ *
+ * @param {check | X} emoji
+ * @param {string} file
+ * @param {string} message
+ */
+const AppLog = (emoji, file, message) => {
+  console.log(`${emojis[emoji]} [${file}] ${message}`);
+};
+
+// export
+export default AppLog;

package/dist/js/utils/asyncHandler.js

@@ -0,0 +1,5 @@
+const asyncHandler = (fn) => async (req, res, next) => {
+  Promise.resolve(fn(req, res, next)).catch(next);
+};
+
+export default asyncHandler;

package/dist/js/utils/index.js

@@ -0,0 +1,7 @@
+// exports for this directory
+export { default as AppLog } from "./AppLog.js";
+export { default as successResponse } from "./successResponse.js";
+export { default as asyncHandler } from "./asyncHandler.js";
+export { default as AppError } from "./AppError.js";
+export { signJWT, verifyJWT } from "./jwt.js";
+export { hashPassword, verifyPassword } from "./libsodium.js";

package/dist/js/utils/jwt.js

@@ -0,0 +1,38 @@
+import jwt from "jsonwebtoken";
+import AppError from "./AppError.js";
+
+export const EXPIRY = {
+  "2m": 1000 * 60 * 2,
+  "10m": 1000 * 60 * 10,
+  "1h": 1000 * 60 * 60,
+  "6h": 1000 * 60 * 60 * 6,
+  "12h": 1000 * 60 * 60 * 12,
+  "1d": 1000 * 60 * 60 * 24,
+  "3d": 1000 * 60 * 60 * 24 * 3,
+  "7d": 1000 * 60 * 60 * 24 * 7,
+  "14d": 1000 * 60 * 60 * 24 * 14,
+  "30d": 1000 * 60 * 60 * 24 * 30,
+};
+
+const getExpiry = (key) => {
+  if (!EXPIRY[key]) throw new Error("Invalid expiry key");
+  return EXPIRY[key];
+};
+
+const signJWT = (payLoad, JWT_SECRET, JWT_EXPIRY) => {
+  try {
+    return jwt.sign(payLoad, JWT_SECRET, { expiresIn: JWT_EXPIRY });
+  } catch (error) {
+    throw new AppError(error.message);
+  }
+};
+
+const verifyJWT = (token, JWT_SECRET) => {
+  try {
+    return jwt.verify(token, JWT_SECRET);
+  } catch (error) {
+    throw new AppError("Invalid or expired token", 401);
+  }
+};
+
+export { signJWT, verifyJWT };

package/dist/js/utils/libsodium.js

@@ -0,0 +1,123 @@
+import sodium from "libsodium-wrappers-sumo";
+import AppError from "./AppError.js";
+// import envs from "../config/envs.js";
+
+// Hash password
+export const hash = async (password) => {
+  await sodium.ready;
+
+  const salt = sodium.randombytes_buf(sodium.crypto_pwhash_SALTBYTES);
+
+  const hashStr = sodium.crypto_pwhash(
+    32,
+    password,
+    salt,
+    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_ALG_DEFAULT,
+  );
+
+  // store salt + hashStr together
+  return sodium.to_base64(salt) + ":" + sodium.to_base64(hashStr);
+};
+
+// verifyPassword
+export const verifyHash = async (password, storedHash) => {
+  await sodium.ready;
+
+  const [saltB64, hashB64] = storedHash.split(":");
+
+  const salt = sodium.from_base64(saltB64);
+  const originalHash = sodium.from_base64(hashB64);
+
+  const testHash = sodium.crypto_pwhash(
+    32,
+    password,
+    salt,
+    sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
+    sodium.crypto_pwhash_ALG_DEFAULT,
+  );
+
+  return sodium.memcmp(originalHash, testHash);
+};
+
+// generate master key
+export const generateMasterKey = async () => {
+  await sodium.ready;
+
+  // Generate a secure 32-byte key
+  const key = sodium.crypto_secretbox_keygen();
+
+  // Convert to Base64 for .env storage
+  const base64Key = sodium.to_base64(key, sodium.base64_variants.ORIGINAL);
+  console.log(base64Key);
+  return base64Key;
+};
+
+// seal
+export const seal = async (string, masterKey) => {
+  try {
+    await sodium.ready;
+
+    const keyPair = sodium.crypto_box_keypair();
+    const strBytes = sodium.from_string(string);
+
+    const encrypted = sodium.crypto_box_seal(strBytes, keyPair.publicKey);
+    const str = sodium.to_base64(encrypted);
+
+    masterKey = sodium.from_base64(masterKey, sodium.base64_variants.ORIGINAL);
+    let nonce = sodium.randombytes_buf(24);
+
+    const pk = sodium.crypto_secretbox_easy(
+      keyPair.privateKey,
+      nonce,
+      masterKey,
+    );
+
+    nonce = sodium.to_base64(nonce);
+
+    const securedPrivateKey = sodium.to_base64(pk);
+    const publicKey = sodium.to_base64(keyPair.publicKey);
+
+    return {
+      str,
+      nonce,
+      publicKey,
+      securedPrivateKey,
+    };
+  } catch (error) {
+    console.log(error.message);
+    throw new AppError("Error while encrypting");
+  }
+};
+
+// unSeal
+export const unSeal = async (str, nonce, publicKey, securedPrivateKey, masterKey) => {
+  try {
+    if (!str || !nonce || !publicKey || !securedPrivateKey)
+      throw new AppError(
+        "Str, nonce, public key and secured private key are required",
+      );
+
+    await sodium.ready;
+
+    masterKey = sodium.from_base64(masterKey, sodium.base64_variants.ORIGINAL);
+    nonce = sodium.from_base64(nonce);
+    securedPrivateKey = sodium.from_base64(securedPrivateKey);
+    publicKey = sodium.from_base64(publicKey);
+    str = sodium.from_base64(str);
+
+    const privateKey = sodium.crypto_secretbox_open_easy(
+      securedPrivateKey,
+      nonce,
+      masterKey,
+    );
+
+    const decrypted = sodium.crypto_box_seal_open(str, publicKey, privateKey);
+    return sodium.to_string(decrypted);
+  } catch (error) {
+    console.log(error.message);
+    throw new AppError("Error while decrypting");
+  }
+};

package/dist/js/utils/successResponse.js

@@ -0,0 +1,13 @@
+// success response to client
+const successResponse = (res, data, status) => {
+  const response = { success: true };
+
+  if (data) {
+    response.data = data;
+  }
+
+  res.status(status).json(response);
+};
+
+// export
+export default successResponse;

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@starklabs/backend-core",
+  "version": "1.0.0",
+  "description": "A comprehensive backend authentication library featuring MongoDB integration, JWT-based authentication, encryption/decryption using libsodium, and utilities for error handling and logging. Supports both ES modules and CommonJS. Requires MONGO_URI, DB_NAME, MASTER_KEY, and JWT_SECRET environment variables.",
+  "keywords": [
+    "auth-mongo",
+    "backend-core"
+  ],
+  "license": "ISC",
+  "author": "Musa",
+  "type": "module",
+  "main": "index.js",
+  "scripts": {
+    "test": "node test.js"
+  },
+  "dependencies": {
+    "cookie-parser": "^1.4.7",
+    "cors": "^2.8.6",
+    "dotenv": "^17.4.2",
+    "express": "^5.2.1",
+    "helmet": "^8.1.0",
+    "jsonwebtoken": "^9.0.3",
+    "libsodium-wrappers-sumo": "^0.8.4",
+    "mongoose": "^9.6.1",
+    "resend": "^6.12.2",
+    "zod": "^4.4.1"
+  }
+}