@starklabs/backend-core 1.1.0 → 1.2.0

package/.env.example

@@ -0,0 +1,21 @@
+# development@v3
+PORT=4000
+API_VERSION=1 # must be an integer
+
+# Duration format: 1m | 5m | 10m | 15m | 30m | 1h | 6h | 12h | 1d | 3d | 7d | 14d | 30d
+TOKEN_EXPIRY=7d
+JWT_SECRET=
+MASTER_KEY=
+ISOFFLINE=true
+ENV=development
+INTERNAL_ROLES=["developer","admin"]
+RESEND_API_KEY=
+
+# Duration format: 1m | 5m | 10m | 15m | 30m | 1h | 6h | 12h | 1d | 3d | 7d | 14d | 30d
+RATE_LIMIT_DURATION=15m
+RATE_LIMIT_REQ=200
+RATE_LIMIT_MSG="Too many requests, please try again later."
+CLOUDINARY_API_SECRET=
+CLOUDINARY_API_KEY=5
+CLOUDINARY_CLOUD_NAME=
+CLOUDINARY_FOLDER_NAME=uploads

package/README.md

@@ -23,7 +23,7 @@ npm install @starklabs/backend-core
 The following environment variables are required:
 
 ```env
-MONGO_URI=mongodb://localhost:27017
+MONGODB_URI=mongodb://localhost:27017
 DB_NAME=your_database_name
 MASTER_KEY=your_base64_encoded_32_byte_key
 JWT_SECRET=your_jwt_secret_string
@@ -62,7 +62,7 @@ import starkAuth, { crypto, AppError, AppLog, asyncHandler } from '@starklabs/ba
 
 // Initialize
 const auth = await starkAuth.create({
-  MONGO_URI: process.env.MONGO_URI,
+  MONGODB_URI: process.env.MONGODB_URI,
   DB_NAME: process.env.DB_NAME,
   MASTER_KEY: process.env.MASTER_KEY,
   JWT_SECRET: process.env.JWT_SECRET,
@@ -97,7 +97,7 @@ const starkAuth = require('@starklabs/backend-core');
 
 // Initialize
 const auth = await starkAuth.create({
-  MONGO_URI: process.env.MONGO_URI,
+  MONGODB_URI: process.env.MONGODB_URI,
   DB_NAME: process.env.DB_NAME,
   MASTER_KEY: process.env.MASTER_KEY,
   JWT_SECRET: process.env.JWT_SECRET,
@@ -118,7 +118,7 @@ const payload = auth.verifyJWT(token);
 Initializes database connection and returns a new StarkAuth instance.
 
 **Parameters:**
-- `config.MONGO_URI` (string): MongoDB connection URI
+- `config.MONGODB_URI` (string): MongoDB connection URI
 - `config.DB_NAME` (string): Database name
 - `config.MASTER_KEY` (string): Base64-encoded 32-byte encryption key
 - `config.JWT_SECRET` (string): Secret for JWT signing
@@ -128,7 +128,7 @@ Initializes database connection and returns a new StarkAuth instance.
 
 ```javascript
 const auth = await starkAuth.create({
-  MONGO_URI: 'mongodb://localhost:27017',
+  MONGODB_URI: 'mongodb://localhost:27017',
   DB_NAME: 'myapp',
   MASTER_KEY: 'eZkZDoy2s+DvGe44QGa7AdU41nKhglEaIjFsxfQCKao=',
   JWT_SECRET: 'your-secret-key',
@@ -335,7 +335,7 @@ let auth;
 app.use(async (req, res, next) => {
   if (!auth) {
     auth = await starkAuth.create({
-      MONGO_URI: process.env.MONGO_URI,
+      MONGODB_URI: process.env.MONGODB_URI,
       DB_NAME: process.env.DB_NAME,
       MASTER_KEY: process.env.MASTER_KEY,
       JWT_SECRET: process.env.JWT_SECRET,
@@ -456,7 +456,7 @@ Ensure `JWT_EXPIRY` is one of the supported values: `"2m"`, `"10m"`, `"1h"`, `"6
 ### "Error while connecting!"
 Check that:
 - MongoDB is running and accessible
-- `MONGO_URI` is correct
+- `MONGODB_URI` is correct
 - Network/firewall allows connection
 
 ### "Invalid or expired token"

package/dist/js/config/cloudinary.js

@@ -0,0 +1,18 @@
+import multer from "multer";
+import { v2 as cloudinary } from "cloudinary";
+
+const upload = multer({ storage: multer.memoryStorage() });
+
+const configureCloudinary = ({
+  cloudinaryAPIKey,
+  cloudinaryCloudName,
+  cloudinaryAPISecret,
+}) => {
+  cloudinary.config({
+    cloud_name: cloudinaryCloudName,
+    api_key: cloudinaryAPIKey,
+    api_secret: cloudinaryAPISecret,
+  });
+};
+
+export { cloudinary, configureCloudinary, upload };

package/dist/js/config/config.js

@@ -0,0 +1,11 @@
+let config = {};
+
+const setConfig = (options) => {
+  config = options;
+};
+
+const getConfig = () => {
+  return config;
+};
+
+export { setConfig, getConfig, config };

package/dist/js/config/duration.js

@@ -0,0 +1,22 @@
+export const DURATIONS = {
+  "1m": 60 * 1000,
+  "5m": 5 * 60 * 1000,
+  "10m": 10 * 60 * 1000,
+  "15m": 15 * 60 * 1000,
+  "30m": 30 * 60 * 1000,
+  "1h": 60 * 60 * 1000,
+  "6h": 6 * 60 * 60 * 1000,
+  "12h": 12 * 60 * 60 * 1000,
+  "1d": 24 * 60 * 60 * 1000,
+  "3d": 3 * 24 * 60 * 60 * 1000,
+  "7d": 7 * 24 * 60 * 60 * 1000,
+  "14d": 14 * 24 * 60 * 60 * 1000,
+  "30d": 30 * 24 * 60 * 60 * 1000,
+};
+
+const getDuration = (key) => {
+  if (!DURATIONS[key]) throw new Error("Invalid expiry key");
+  return DURATIONS[key];
+};
+
+export default getDuration;

package/dist/js/core/app.js

@@ -0,0 +1,122 @@
+import express from "express";
+import AppLog from "../utils/AppLog.js";
+import connectDB from "../lib/db.js";
+import { crud, auth } from "./index.js";
+import mongoose from "mongoose";
+import createModel from "../lib/model.factory.js";
+import registerModel from "../lib/model.registry.js";
+import errorMiddleware from "../middleware/error.middleware.js";
+import { getConfig, config } from "../config/config.js";
+import AppError from "../utils/AppError.js";
+import helmet from "helmet";
+import cors from "cors";
+import cookieParser from "cookie-parser";
+import { apiLimiter } from "../utils/rateLimiter.js";
+import { configureCloudinary } from "../config/cloudinary.js";
+
+const app = express();
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+app.use(express.json());
+
+const registerCollections = (collections, apiVersion) => {
+  collections.forEach(
+    ({
+      route,
+      modelName,
+      mongooseSchema,
+      otpSchema = false,
+      routes,
+      validations,
+    }) => {
+      // 1. create model dynamically
+      if (modelName && mongooseSchema) {
+        const model = createModel(modelName, mongooseSchema);
+
+        // register model
+        registerModel[modelName] = model;
+
+        if (otpSchema) {
+          const otpModel = createModel("otpUser", otpSchema);
+          registerModel["otpModel"] = otpModel;
+        }
+      }
+
+      // 3. register CRUD routes
+      if (route === "auth") {
+        auth(route, routes, modelName, validations, apiVersion);
+        config.userModel = modelName;
+      } else {
+        crud(route, routes, modelName, validations, apiVersion);
+      }
+    },
+  );
+};
+
+const configValidation = ({ port, collections }) => {
+  if (!port) {
+    throw new Error("Port is missing in StarkCore.create({})");
+  }
+
+  if (!collections) {
+    throw new Error("Collections array is missing in StarkCore.create({})");
+  } else if (!Array.isArray(collections)) {
+    throw new Error("Collections must be an array datatype");
+  } else if (collections.length === 0) {
+    throw new Error("Collections shouldn't be empty in StarkCore.create({})");
+  }
+};
+
+const startServer = async () => {
+  try {
+    const config = getConfig();
+    configValidation(config);
+    const {
+      port,
+      collections,
+      rateLimitDuration,
+      maxReqLimit,
+      rateLimitMsg,
+      cloudinaryAPIKey,
+      cloudinaryCloudName,
+      cloudinaryAPISecret,
+      apiVersion,
+    } = config;
+
+    app.use(cors());
+    app.use(helmet());
+    app.use(cookieParser());
+    app.use(apiLimiter({ rateLimitDuration, maxReqLimit, rateLimitMsg }));
+
+    connectDB();
+
+    configureCloudinary({
+      cloudinaryAPIKey,
+      cloudinaryCloudName,
+      cloudinaryAPISecret,
+    });
+
+    registerCollections(collections, apiVersion);
+
+    app.use((req, res) => {
+      res.status(404).json({
+        success: false,
+        message: `Cannot ${req.method} ${req.originalUrl}`,
+      });
+    });
+
+    app.use(errorMiddleware);
+
+    app.listen(port, () => {
+      console.log(
+        `Server running at http://localhost:${port}/api/v${apiVersion}`,
+      );
+    });
+  } catch (err) {
+    console.log(err);
+    AppLog("X", "startServer", err.message);
+  }
+};
+
+export { startServer, app };

package/dist/js/core/auth/OTP.js

@@ -0,0 +1,115 @@
+// module imports
+import { Resend } from "resend";
+import crypto from "crypto";
+
+// custom imports
+import AppError from "../../utils/AppError.js";
+import { getConfig } from "../../config/config.js";
+
+// sendOTP()
+const sendOTP = async (email) => {
+  // OTP
+  const OTP = crypto.randomInt(100000, 1000000).toString();
+  const otpExpiry = Date.now() + 1000 * 60 * 5;
+
+  // config
+  const { isOffline, resendAPIKey } = getConfig();
+  if (isOffline) return { OTP, otpExpiry };
+
+  if (!resendAPIKey)
+    throw new AppError("resendAPIKey is missing in StarkCore.create({})");
+
+  // html
+  const htmlTemp = `<!DOCTYPE html>
+  <html>
+<head>
+<meta charset="UTF-8" />
+<title>Email Verification</title>
+</head>
+<body style="margin:0; padding:0; font-family:Arial, sans-serif;">
+<table width="100%" cellpadding="0" cellspacing="0" border="0" style="padding:40px 0; padding-top: 0px;">
+<tr>
+<td align="center">
+<table width="500" cellpadding="0" cellspacing="0" border="0" style="border-radius:12px; box-shadow:0 10px 25px rgba(0,0,0,0.08); padding:40px; padding-top: 10px;">
+
+<tr>
+<td align="center" style="padding-bottom:20px;">
+<h2 style="margin:0; color:#111827; font-weight:600;">Stark Vault</h2>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:20px;">
+<h1 style="margin:0; font-size:22px; color:#111827;">
+Email Verification Code
+</h1>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:30px; color:#6b7280; font-size:15px; line-height:1.6;">
+Use the verification code below to complete your sign-in process.
+This code will expire in <strong>5 minutes</strong>.
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:30px;">
+<div style="
+display:inline-block;
+padding:18px 32px;
+font-size:28px;
+letter-spacing:8px;
+font-weight:bold;
+color:#111827;
+background:#f3f4f6;
+border-radius:8px;
+border:1px solid #e5e7eb;">
+${OTP}
+</div>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="color:#9ca3af; font-size:13px; line-height:1.5;">
+If you didn’t request this code, you can safely ignore this email.
+Never share your verification code with anyone.
+</td>
+</tr>
+
+<tr>
+<td style="padding-top:30px;">
+<hr style="border:none; border-top:1px solid #e5e7eb;" />
+</td>
+          </tr>
+          
+          <tr>
+          <td align="center" style="padding-top:15px; font-size:12px; color:#9ca3af;">
+          © 2026 Your Company. All rights reserved.
+          </td>
+          </tr>
+          
+          </table>
+          </td>
+          </tr>
+          </table>
+          </body>
+          </html>`;
+
+  const resend = new Resend(resendAPIKey);
+  const { data, error } = await resend.emails.send({
+    from: "Stark Vault <noreply@vault.musastark.space>",
+    to: email,
+    subject: "OTP - StarkVault",
+    html: htmlTemp,
+  });
+
+  if (error) {
+    console.log("[OTP.js] 102: ", error);
+    throw new AppError(error.message, 409);
+  }
+
+  return { OTP, otpExpiry };
+};
+
+export default sendOTP;

package/dist/js/core/auth/auth.controller.js

@@ -0,0 +1,63 @@
+import { app } from "../app.js";
+import mongoose, { model } from "mongoose";
+import asyncHandler from "../../utils/asyncHandler.js";
+import authService from "./auth.service.js";
+import registerModel from "../../lib/model.registry.js";
+import getDuration from "../../config/duration.js";
+import AppError from "../../utils/AppError.js";
+import zodValidations from "../../lib/zod.validations.js";
+import z from "zod";
+import { getConfig } from "../../config/config.js";
+
+const auth = (route, routes, modelName, validations, apiVersion) => {
+  const { ENV, tokenExpiry } = getConfig();
+
+  routes.forEach((el) => {
+    app[el.method](
+      `/api/v${apiVersion}/${route}${el.path}`,
+      asyncHandler(async (req, res) => {
+        const Model = registerModel[modelName];
+        if (!Model) throw new Error(`Model not found for endpoint: ${el.path}`);
+        const OTPModel = registerModel["otpModel"];
+        if (!OTPModel)
+          throw new AppError("otpSchema is missing in auth collection");
+
+        const zodObj = z.object(validations[el.handler]);
+        const isValid = await zodObj.safeParse(req.body || {});
+
+        if (!isValid.success) {
+          const issue = isValid.error.issues[0];
+
+          if (issue.code === "invalid_type")
+            throw new AppError(`${issue.path.join(".")} is required`);
+
+          throw new AppError(issue.message, 409);
+        }
+
+        // send data to service
+        const result = await authService[el.handler]({
+          body: isValid.data,
+          Model,
+          OTPModel,
+        });
+        if (result?.token) {
+          res.cookie("authToken", result.token, {
+            httpOnly: true,
+            maxAge: getDuration(tokenExpiry),
+            sameSite: ENV === "production" ? "none" : "lax",
+            secure: ENV === "production" ? true : false,
+            domain: ENV === "production" ? ".musastark.space" : undefined,
+          });
+        }
+
+        return res.json({
+          success: true,
+          user: result?.user,
+          message: result?.msg,
+        });
+      }),
+    );
+  });
+};
+
+export default auth;