@starklabs/backend-core 1.1.1 → 1.2.1

package/.env.example

@@ -0,0 +1,21 @@
+# development@v3
+PORT=4000
+API_VERSION=1 # must be an integer
+
+# Duration format: 1m | 5m | 10m | 15m | 30m | 1h | 6h | 12h | 1d | 3d | 7d | 14d | 30d
+TOKEN_EXPIRY=7d
+JWT_SECRET=
+MASTER_KEY=
+ISOFFLINE=true
+ENV=development
+INTERNAL_ROLES=["developer","admin"]
+RESEND_API_KEY=
+
+# Duration format: 1m | 5m | 10m | 15m | 30m | 1h | 6h | 12h | 1d | 3d | 7d | 14d | 30d
+RATE_LIMIT_DURATION=15m
+RATE_LIMIT_REQ=200
+RATE_LIMIT_MSG="Too many requests, please try again later."
+CLOUDINARY_API_SECRET=
+CLOUDINARY_API_KEY=5
+CLOUDINARY_CLOUD_NAME=
+CLOUDINARY_FOLDER_NAME=uploads

package/dist/js/config/cloudinary.js

@@ -0,0 +1,18 @@
+import multer from "multer";
+import { v2 as cloudinary } from "cloudinary";
+
+const upload = multer({ storage: multer.memoryStorage() });
+
+const configureCloudinary = ({
+  cloudinaryAPIKey,
+  cloudinaryCloudName,
+  cloudinaryAPISecret,
+}) => {
+  cloudinary.config({
+    cloud_name: cloudinaryCloudName,
+    api_key: cloudinaryAPIKey,
+    api_secret: cloudinaryAPISecret,
+  });
+};
+
+export { cloudinary, configureCloudinary, upload };

package/dist/js/config/config.js

@@ -0,0 +1,11 @@
+let config = {};
+
+const setConfig = (options) => {
+  config = options;
+};
+
+const getConfig = () => {
+  return config;
+};
+
+export { setConfig, getConfig, config };

package/dist/js/config/duration.js

@@ -0,0 +1,22 @@
+export const DURATIONS = {
+  "1m": 60 * 1000,
+  "5m": 5 * 60 * 1000,
+  "10m": 10 * 60 * 1000,
+  "15m": 15 * 60 * 1000,
+  "30m": 30 * 60 * 1000,
+  "1h": 60 * 60 * 1000,
+  "6h": 6 * 60 * 60 * 1000,
+  "12h": 12 * 60 * 60 * 1000,
+  "1d": 24 * 60 * 60 * 1000,
+  "3d": 3 * 24 * 60 * 60 * 1000,
+  "7d": 7 * 24 * 60 * 60 * 1000,
+  "14d": 14 * 24 * 60 * 60 * 1000,
+  "30d": 30 * 24 * 60 * 60 * 1000,
+};
+
+const getDuration = (key) => {
+  if (!DURATIONS[key]) throw new Error("Invalid expiry key");
+  return DURATIONS[key];
+};
+
+export default getDuration;

package/dist/js/core/app.js

@@ -0,0 +1,122 @@
+import express from "express";
+import AppLog from "../utils/AppLog.js";
+import connectDB from "../lib/db.js";
+import { crud, auth } from "./index.js";
+import mongoose from "mongoose";
+import createModel from "../lib/model.factory.js";
+import registerModel from "../lib/model.registry.js";
+import errorMiddleware from "../middleware/error.middleware.js";
+import { getConfig, config } from "../config/config.js";
+import AppError from "../utils/AppError.js";
+import helmet from "helmet";
+import cors from "cors";
+import cookieParser from "cookie-parser";
+import { apiLimiter } from "../utils/rateLimiter.js";
+import { configureCloudinary } from "../config/cloudinary.js";
+
+const app = express();
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+app.use(express.json());
+
+const registerCollections = (collections, apiVersion) => {
+  collections.forEach(
+    ({
+      route,
+      modelName,
+      mongooseSchema,
+      otpSchema = false,
+      routes,
+      validations,
+    }) => {
+      // 1. create model dynamically
+      if (modelName && mongooseSchema) {
+        const model = createModel(modelName, mongooseSchema);
+
+        // register model
+        registerModel[modelName] = model;
+
+        if (otpSchema) {
+          const otpModel = createModel("otpUser", otpSchema);
+          registerModel["otpModel"] = otpModel;
+        }
+      }
+
+      // 3. register CRUD routes
+      if (route === "auth") {
+        auth(route, routes, modelName, validations, apiVersion);
+        config.userModel = modelName;
+      } else {
+        crud(route, routes, modelName, validations, apiVersion);
+      }
+    },
+  );
+};
+
+const configValidation = ({ port, collections }) => {
+  if (!port) {
+    throw new Error("Port is missing in StarkCore.create({})");
+  }
+
+  if (!collections) {
+    throw new Error("Collections array is missing in StarkCore.create({})");
+  } else if (!Array.isArray(collections)) {
+    throw new Error("Collections must be an array datatype");
+  } else if (collections.length === 0) {
+    throw new Error("Collections shouldn't be empty in StarkCore.create({})");
+  }
+};
+
+const startServer = async () => {
+  try {
+    const config = getConfig();
+    configValidation(config);
+    const {
+      port,
+      collections,
+      rateLimitDuration,
+      maxReqLimit,
+      rateLimitMsg,
+      cloudinaryAPIKey,
+      cloudinaryCloudName,
+      cloudinaryAPISecret,
+      apiVersion,
+    } = config;
+
+    app.use(cors());
+    app.use(helmet());
+    app.use(cookieParser());
+    app.use(apiLimiter({ rateLimitDuration, maxReqLimit, rateLimitMsg }));
+
+    connectDB();
+
+    configureCloudinary({
+      cloudinaryAPIKey,
+      cloudinaryCloudName,
+      cloudinaryAPISecret,
+    });
+
+    registerCollections(collections, apiVersion);
+
+    app.use((req, res) => {
+      res.status(404).json({
+        success: false,
+        message: `Cannot ${req.method} ${req.originalUrl}`,
+      });
+    });
+
+    app.use(errorMiddleware);
+
+    app.listen(port, () => {
+      console.log(
+        `Server running at http://localhost:${port}/api/v${apiVersion}`,
+      );
+    });
+  } catch (err) {
+    console.log(err);
+    AppLog("X", "startServer", err.message);
+  }
+};
+
+export { startServer, app };

package/dist/js/core/auth/OTP.js

@@ -0,0 +1,115 @@
+// module imports
+import { Resend } from "resend";
+import crypto from "crypto";
+
+// custom imports
+import AppError from "../../utils/AppError.js";
+import { getConfig } from "../../config/config.js";
+
+// sendOTP()
+const sendOTP = async (email) => {
+  // OTP
+  const OTP = crypto.randomInt(100000, 1000000).toString();
+  const otpExpiry = Date.now() + 1000 * 60 * 5;
+
+  // config
+  const { isOffline, resendAPIKey } = getConfig();
+  if (isOffline) return { OTP, otpExpiry };
+
+  if (!resendAPIKey)
+    throw new AppError("resendAPIKey is missing in StarkCore.create({})");
+
+  // html
+  const htmlTemp = `<!DOCTYPE html>
+  <html>
+<head>
+<meta charset="UTF-8" />
+<title>Email Verification</title>
+</head>
+<body style="margin:0; padding:0; font-family:Arial, sans-serif;">
+<table width="100%" cellpadding="0" cellspacing="0" border="0" style="padding:40px 0; padding-top: 0px;">
+<tr>
+<td align="center">
+<table width="500" cellpadding="0" cellspacing="0" border="0" style="border-radius:12px; box-shadow:0 10px 25px rgba(0,0,0,0.08); padding:40px; padding-top: 10px;">
+
+<tr>
+<td align="center" style="padding-bottom:20px;">
+<h2 style="margin:0; color:#111827; font-weight:600;">Stark Vault</h2>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:20px;">
+<h1 style="margin:0; font-size:22px; color:#111827;">
+Email Verification Code
+</h1>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:30px; color:#6b7280; font-size:15px; line-height:1.6;">
+Use the verification code below to complete your sign-in process.
+This code will expire in <strong>5 minutes</strong>.
+</td>
+</tr>
+
+<tr>
+<td align="center" style="padding-bottom:30px;">
+<div style="
+display:inline-block;
+padding:18px 32px;
+font-size:28px;
+letter-spacing:8px;
+font-weight:bold;
+color:#111827;
+background:#f3f4f6;
+border-radius:8px;
+border:1px solid #e5e7eb;">
+${OTP}
+</div>
+</td>
+</tr>
+
+<tr>
+<td align="center" style="color:#9ca3af; font-size:13px; line-height:1.5;">
+If you didn’t request this code, you can safely ignore this email.
+Never share your verification code with anyone.
+</td>
+</tr>
+
+<tr>
+<td style="padding-top:30px;">
+<hr style="border:none; border-top:1px solid #e5e7eb;" />
+</td>
+          </tr>
+          
+          <tr>
+          <td align="center" style="padding-top:15px; font-size:12px; color:#9ca3af;">
+          © 2026 Your Company. All rights reserved.
+          </td>
+          </tr>
+          
+          </table>
+          </td>
+          </tr>
+          </table>
+          </body>
+          </html>`;
+
+  const resend = new Resend(resendAPIKey);
+  const { data, error } = await resend.emails.send({
+    from: "Stark Vault <noreply@vault.musastark.space>",
+    to: email,
+    subject: "OTP - StarkVault",
+    html: htmlTemp,
+  });
+
+  if (error) {
+    console.log("[OTP.js] 102: ", error);
+    throw new AppError(error.message, 409);
+  }
+
+  return { OTP, otpExpiry };
+};
+
+export default sendOTP;

package/dist/js/core/auth/auth.controller.js

@@ -0,0 +1,63 @@
+import { app } from "../app.js";
+import mongoose, { model } from "mongoose";
+import asyncHandler from "../../utils/asyncHandler.js";
+import authService from "./auth.service.js";
+import registerModel from "../../lib/model.registry.js";
+import getDuration from "../../config/duration.js";
+import AppError from "../../utils/AppError.js";
+import zodValidations from "../../lib/zod.validations.js";
+import z from "zod";
+import { getConfig } from "../../config/config.js";
+
+const auth = (route, routes, modelName, validations, apiVersion) => {
+  const { ENV, tokenExpiry } = getConfig();
+
+  routes.forEach((el) => {
+    app[el.method](
+      `/api/v${apiVersion}/${route}${el.path}`,
+      asyncHandler(async (req, res) => {
+        const Model = registerModel[modelName];
+        if (!Model) throw new Error(`Model not found for endpoint: ${el.path}`);
+        const OTPModel = registerModel["otpModel"];
+        if (!OTPModel)
+          throw new AppError("otpSchema is missing in auth collection");
+
+        const zodObj = z.object(validations[el.handler]);
+        const isValid = await zodObj.safeParse(req.body || {});
+
+        if (!isValid.success) {
+          const issue = isValid.error.issues[0];
+
+          if (issue.code === "invalid_type")
+            throw new AppError(`${issue.path.join(".")} is required`);
+
+          throw new AppError(issue.message, 409);
+        }
+
+        // send data to service
+        const result = await authService[el.handler]({
+          body: isValid.data,
+          Model,
+          OTPModel,
+        });
+        if (result?.token) {
+          res.cookie("authToken", result.token, {
+            httpOnly: true,
+            maxAge: getDuration(tokenExpiry),
+            sameSite: ENV === "production" ? "none" : "lax",
+            secure: ENV === "production" ? true : false,
+            domain: ENV === "production" ? ".musastark.space" : undefined,
+          });
+        }
+
+        return res.json({
+          success: true,
+          user: result?.user,
+          message: result?.msg,
+        });
+      }),
+    );
+  });
+};
+
+export default auth;

package/dist/js/core/auth/auth.service.js

@@ -0,0 +1,290 @@
+import registerModel from "../../lib/model.registry.js";
+import {
+  AppError,
+  hash,
+  verifyHash,
+  signJWT,
+  AppLog,
+} from "../../utils/index.js";
+import { getConfig } from "../../config/config.js";
+
+// custom imports
+import sendOTP from "./OTP.js";
+
+// signup
+const signup = async ({ body, Model, OTPModel }) => {
+  const foundUser = await Model.findOne({ email: body.email });
+  if (foundUser) {
+    if (foundUser.provider === "local")
+      throw new AppError(
+        "User with this email already exists. Please login.",
+        409,
+      );
+
+    if (foundUser.provider === "google")
+      throw new AppError(
+        "Please login with Google. User with this email already exists with Google provider.",
+        409,
+      );
+  }
+
+  const reqOTPUser = await OTPModel.findOne({ email: body.email });
+  if (reqOTPUser) throw new AppError("You already requested an OTP.");
+
+  const { OTP, otpExpiry } = await sendOTP(body.email);
+  if (getConfig().isOffline) {
+    console.log("OTP:", OTP);
+  }
+
+  const hashedPassword = await hash(body.password);
+  const hashedOTP = await hash(OTP);
+
+  body.password = hashedPassword;
+  body.role = "user";
+  body = { ...body, otp: hashedOTP, otpExpiry, provider: "local" };
+
+  await OTPModel.create(body);
+
+  return { msg: "OTP sent successfully" };
+};
+
+// twoFactorAuth
+const twoFactorAuth = async ({ body, Model, OTPModel }) => {
+  const { email, otp } = body;
+  const otpuser = await OTPModel.findOneAndUpdate(
+    { email },
+    { $inc: { otpCount: 1 } },
+    { returnDocument: "after" },
+  )
+    .select("+password")
+    .lean();
+
+  if (!otpuser)
+    throw new AppError(
+      "You didn't request OTP. Please try re-login, signup or check your email.",
+      409,
+    );
+
+  // ifExpire
+  if (Date.now() > otpuser.otpExpiry) {
+    throw new AppError("OTP expired. Please request another one.", 409);
+  }
+
+  // anti brute force
+  if (otpuser.otpCount >= 10)
+    throw new AppError(
+      "OTP verification limit reached. Please request another one.",
+      409,
+    );
+
+  // ifInValid
+  const isValid = await verifyHash(otp.toString(), otpuser.otp);
+  if (!isValid) throw new AppError("Invalid OTP", 409);
+
+  if (otpuser.type === "forgotPassword") {
+    await OTPModel.updateOne({ email }, { $set: { status: "verified" } });
+
+    return { msg: "Verified successfully" };
+  }
+
+  // insert in user
+  delete otpuser.otpExpiry;
+  delete otpuser.otp;
+  delete otpuser.otpCount;
+
+  const foundUser = await Model.findOne({ email });
+  if (!foundUser) {
+    await Model.create(otpuser);
+  }
+
+  [
+    "password",
+    "createdAt",
+    "updatedAt",
+    "__v",
+    "provider",
+    "type",
+    "status",
+  ].forEach((el) => {
+    delete otpuser[el];
+  });
+
+  const { jwtSecret, tokenExpiry, isOffline } = getConfig();
+  if (!jwtSecret) throw new AppError("jwtSecret is missing in StarkCore({})");
+  if (!tokenExpiry)
+    throw new AppError("jwtExpiry is missing in StarkCore.create({})");
+
+  const token = signJWT(
+    {
+      email: otpuser.email,
+      id: otpuser._id,
+      role: otpuser.role,
+    },
+    jwtSecret,
+    tokenExpiry,
+  );
+
+  await OTPModel.deleteOne({ email });
+
+  return { token, user: otpuser, msg: "Verified successfully" };
+};
+
+// resendOTP
+const resendOTP = async ({ body, OTPModel }) => {
+  const user = await OTPModel.findOne({ email: body.email });
+  if (!user)
+    throw new AppError(
+      "OTP can't be sent. Please try re-login or signup.",
+      409,
+    );
+
+  const { OTP, otpExpiry } = await sendOTP(body.email);
+  if (getConfig().isOffline) {
+    console.log("OTP: ", OTP);
+  }
+  const hashedOTP = await hash(OTP);
+
+  await OTPModel.updateOne(
+    { email: body.email },
+    {
+      otp: hashedOTP,
+      otpExpiry,
+      otpCount: 0,
+    },
+  );
+
+  return { msg: "OTP sent successfully" };
+};
+
+// login
+const login = async ({ body, Model, OTPModel }) => {
+  let user = await Model.findOne({ email: body.email })
+    .select("+password")
+    .lean();
+
+  const reqOTPUser = await OTPModel.findOne({ email: body.email });
+  if (reqOTPUser) throw new AppError("You already requested an OTP.");
+
+  if (!user)
+    throw new AppError(
+      "User with this email not found. Please create your account.",
+      404,
+    );
+
+  if (user.provider === "google")
+    throw new AppError(
+      "Please login with Google. User with this email already exists with Google provider.",
+      409,
+    );
+
+  const isValid = await verifyHash(body.password, user.password);
+  if (!isValid) throw new AppError("Invalid password", 409);
+
+  const { OTP, otpExpiry } = await sendOTP(body.email);
+  if (getConfig().isOffline) {
+    console.log("OTP: ", OTP);
+  }
+  const hashedOTP = await hash(OTP);
+
+  user = { ...user, otp: hashedOTP, otpExpiry };
+
+  await OTPModel.create(user);
+
+  return { msg: "OTP sent successfully" };
+};
+
+// forgotPassword
+const forgotPassword = async ({ body, Model, OTPModel }) => {
+  let user = await Model.findOne({ email: body.email })
+    .select("+password")
+    .lean();
+  if (!user)
+    throw new AppError(
+      "User with this email not found. Please create your account.",
+      404,
+    );
+
+  const reqOTPUser = await OTPModel.findOne({ email: body.email });
+  if (reqOTPUser) {
+    if (reqOTPUser.type === "forgotPassword") {
+      throw new AppError("You already requested an OTP");
+    } else {
+      await OTPModel.deleteOne({ email: body.email });
+    }
+  }
+
+  const { OTP, otpExpiry } = await sendOTP(body.email);
+  if (getConfig().isOffline) {
+    console.log("OTP: ", OTP);
+  }
+  const hashedOTP = await hash(OTP);
+
+  await OTPModel.create({
+    ...user,
+    otp: hashedOTP,
+    otpExpiry,
+    type: "forgotPassword",
+  });
+
+  return { msg: "OTP sent successfully" };
+};
+
+// resetPassword
+const resetPassword = async ({ body, Model, OTPModel }) => {
+  const { email, password } = body;
+
+  const otpUser = await OTPModel.findOne({ email: body.email });
+  if (!otpUser)
+    throw new AppError(
+      "You didn't requested OTP. Please send request to forgot-password.",
+    );
+
+  if (otpUser.type !== "forgotPassword")
+    throw new AppError("Unauthorized. Please request to forgot-password");
+
+  if (otpUser.status === "pending")
+    throw new AppError(
+      "You haven't verfied your email yet. Please use the OTP we just sent on your email",
+    );
+
+  let user = await Model.findOne({ email: body.email }).select("+password");
+  if (!user)
+    throw new AppError(
+      "User with this email not found. Please create your account.",
+      404,
+    );
+
+  user.password = await hash(body.password);
+
+  await user.save();
+
+  await OTPModel.deleteOne({ email });
+
+  return { msg: "Password updated successfully" };
+};
+
+const deleteAccount = async ({ body, Model }) => {
+  const { email, password } = body;
+
+  let user = await Model.findOne({ email }).select("+password").lean();
+
+  if (!user)
+    throw new AppError("User not found. Please check your email.", 404);
+
+  const isValid = await verifyHash(body.password, user.password);
+  if (!isValid) throw new AppError("Invalid password", 409);
+
+  await Model.deleteOne({ email });
+
+  return { msg: "Account deleted successfully" };
+};
+
+export default {
+  login,
+  signup,
+  twoFactorAuth,
+  resendOTP,
+  forgotPassword,
+  resetPassword,
+  deleteAccount,
+};