npm - auth-verify - Versions diffs - 0.0.1 → 1.0.3 - Mend

auth-verify 0.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/index.js CHANGED Viewed

@@ -1,182 +1,86 @@
-const sqlite3 = require("sqlite3").verbose();
-const nodemailer = require('nodemailer')
-const crypto = require('crypto');
-const { request } = require("http");
-class Verifier {
-    constructor(sender = {}){
-        this.otpLen = sender.otp?.leng || 6;
-        this.expMin = sender.otp?.expMin || 3;
-        this.limit = sender.otp?.limit || 5;
-        this.cooldown = sender.otp?.cooldown || 60;
-        // Setup SMTP
-        this.transport = nodemailer.createTransport({
-            service: `${sender.serv}`,
-            auth: {
-                user: `${sender.sender}`,
-                pass: sender.pass
+const JWTManager = require("./src/jwt");
+const OTPManager = require("./src/otp");
+const SessionManager = require("./src/session");
+class AuthVerify {
+  constructor(options = {}) {
+    const {
+      jwtSecret,
+      otpExpiry = 300,
+      storeTokens = "none",
+      otpHash = "sha256",
+      redisUrl,
+    } = options;
+    if (!jwtSecret) throw new Error("jwtSecret is required in AuthVerify options");
+    this.senderName;
+    this.jwt = new JWTManager(jwtSecret, { storeTokens });
+    this.otp = new OTPManager({
+      storeTokens,
+      otpExpiry,
+      otpHash,
+      redisUrl,
+    });
+    this.session = new SessionManager({ storeTokens, redisUrl });
+    this.senders = new Map();
+    // this.register = {
+    //   sender: (name, fn)=>{
+    //     if (!name || typeof fn !== "function") {
+    //       throw new Error("Sender registration requires a name and a function");
+    //     }else{
+    //       try{
+    //         this.senders.set(name, fn);
+    //       }catch(err){
+    //         throw new Error(err);
+    //       }
+    //     }
+    //   }
+    // }
+    // ✅ No getters — directly reference otp.dev (it's a plain object)
+  }
+  // Session helpers
+  async createSession(userId, options = {}) {
+    return this.session.create(userId, options);
+  }
+  async verifySession(sessionId) {
+    return this.session.verify(sessionId);
+  }
+  async destroySession(sessionId) {
+    return this.session.destroy(sessionId);
+  }
+  async use(name){
+    const senderFn = this.senders.get(name);
+    if(!senderFn) throw new Error(`Sender "${name}" not found`);
+    this.senderName = senderFn;
+  }
+    register = {
+        sender: (name, fn) => {
+            if (!name || typeof fn !== "function") {
+                throw new Error("Sender registration requires a name and a function");
             }
-        });
-        this.sender = `${sender.smtp?.sender}`
-        //making a db for saving otp codes
-        this.db = new sqlite3.Database('./authverify.db');
-        this.db.serialize(()=>{
-            // creating a table
-            this.db.run(`
-                CREATE TABLE IF NOT EXISTS verifications (
-                email TEXT PRIMARY KEY,
-                code TEXT,
-                expiresAt TEXT,
-                requests INTEGER DEFAULT 0,
-                lastRequest TEXT
-                )
-            `);
-        });
-    }
-     // Generate OTP securely
-    generateOTP() {
-        const buffer = crypto.randomBytes(this.otpLen);
-        const number = parseInt(buffer.toString('hex'), 16)
-        .toString()
-        .slice(0, this.otpLen);
-        return number.padStart(this.otpLen, '0');
-    }
-    html(html){
-        this.htmlContent = html;
-        return this;
-    }
-    subject(subject){
-        this.mailSubject = subject;
-        return this;
-    }
-    text(text){
-        this.mailText = text;
-        return this;
-    }
-    sendTo(email, callback){
-        this.recieverEmail = email;
-        const code = this.generateOTP();
-        const expAt = new Date(Date.now() + this.expMin * 60 * 1000).toISOString();
-        this.db.get(`SELECT * FROM verifications WHERE email = ?`, [email], (err, row)=>{
-            if(err) return callback(err);
-            const now = new Date();
-            let requests = 1;
-            if(row){
-                const lastRequest = row.lastRequest ? new Date(row.lastRequest) : null;
-                if(lastRequest && now.toDateString() === lastRequest.toDateString()){
-                    requests = row.requests + 1;
-                    if(requests > this.limit){
-                        return callback(new Error("Too many OTP requests today"));
-                    }
-                    const diff = (now - lastRequest) / 1000;
-                    if(diff < this.cooldown){
-                        return callback(new Error(`Please wait ${Math.ceil(this.cooldown - diff)} seconds before requesting a new OTP.`));
-                    }
-                }
-            }
-            this.db.run(`INSERT INTO verifications (email, code, expiresAt, requests, lastRequest) VALUES (?, ?, ?, ?, ?)
-                ON CONFLICT(email) DO UPDATE SET
-                code = excluded.code,
-                expiresAt = excluded.expiresAt,
-                requests = excluded.requests,
-                lastRequest = excluded.lastRequest`, [email, code, expAt, requests, now.toISOString()], (DBerr)=>{
-                if(DBerr) return callback(DBerr);
-                this.otpOptions = {
-                    from: this.sender,
-                    to: `${email}`,
-                    subject: this.mailSubject ? this.mailSubject.replace("{otp}", code) : undefined,
-                    text: this.mailText ? this.mailText.replace("{otp}", code) : undefined,
-                    html: this.htmlContent ? this.htmlContent.replace("{otp}", code) : undefined
-                }
-                this.transport.sendMail(this.otpOptions, (emailErr, info)=>{
-                    if(emailErr) return callback(emailErr);
-                    // console.log('📨 Email sent:', info.response);
-                    callback(null, true);
-                });
-                // console.log('💾 Code saved to DB');
-            });
-        });
-        return this;
-    }
-    code(userCode){
-        this.userCode = userCode
-        return this;
-    }
-    verifyFor(email, callback){
-        const now = new Date().toISOString();
-        this.db.get(`SELECT * FROM verifications WHERE email = ? AND expiresAt > ?`, [email, now], (DBerr, row)=>{
-            if(DBerr) return callback(DBerr);
+            this.senders.set(name, fn);
+            // console.log(`✅ Sender registered: ${name}`);
+        }
+    };
-            // console.log(`Code was got`);
+    // use a sender by name
+    use(name) {
+        const senderFn = this.senders.get(name);
+        if (!senderFn) throw new Error(`Sender "${name}" not found`);
-            if(!row){
-                // console.log(this.recieverEmail);
-                callback(null, false)
-            }else{
-                if(row.code === this.userCode){
-                    // console.log('✅ User verified');
-                    callback(null, true);
-                }else{
-                    // console.log("❌ Code isn't correct")
-                    callback(null, false);
-                }
+        return {
+            send: async (options) => {
+                return await senderFn(options); // call user function
             }
-        });
-    }
-    makeOTP(length){
-        const buffer = crypto.randomBytes(length);
-        const number = parseInt(buffer.toString('hex'), 16)
-        .toString()
-        .slice(0, length);
-        return number.padStart(length, '0');
-    }
-    getOTP(email, callback){
-        this.db.get(`SELECT * FROM verifications WHERE email = ?`, [email], (err, row)=>{
-            if(err) return callback(err);
-            if(!row) return callback(null, null);
-            callback(null, { code: row.code, expiresAt: row.expiresAt });
-        });
+        };
     }
-    cleanExpired() {
-    const now = new Date().toISOString();
-    this.db.run(
-        `DELETE FROM verifications WHERE expiresAt <= ?`,
-        [now],
-        function(err) {
-            if (err) console.error("Error cleaning expired OTPs:", err.message);
-            // Optional: console.log(`${this.changes} expired OTPs removed`);
-        }
-    );
-}
 }
-module.exports = Verifier;
+module.exports = AuthVerify;

package/package.json CHANGED Viewed

@@ -1,15 +1,19 @@
 {
   "dependencies": {
+    "axios": "^1.12.2",
     "crypto": "^1.0.1",
-    "express": "^5.1.0",
+    "ioredis": "^5.8.1",
+    "jsonwebtoken": "^9.0.2",
+    "node-telegram-bot-api": "^0.66.0",
     "nodemailer": "^7.0.6",
-    "sqlite3": "^5.1.7"
+    "redis": "^5.8.3",
+    "twilio": "^5.10.3",
+    "uuid": "^13.0.0"
   },
   "name": "auth-verify",
-  "version": "0.0.1",
+  "version": "1.0.3",
   "description": "A simple Node.js library for sending and verifying OTP via email",
   "main": "index.js",
-  "devDependencies": {},
   "scripts": {
     "test": "node test.js"
   },
@@ -31,12 +35,14 @@
     "login",
     "two-factor",
     "2fa",
-    "email"
+    "email",
+    "jwt"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",
   "bugs": {
     "url": "https://github.com/jahongir2007/auth-verify/issues"
   },
-  "homepage": "https://jahongir2007.github.io/auth-verify/"
+  "homepage": "https://jahongir2007.github.io/auth-verify/",
+  "devDependencies": {}
 }

package/readme.md ADDED Viewed

@@ -0,0 +1,262 @@
+# auth-verify
+**auth-verify** is a Node.js authentication utility that provides:
+- Secure OTP (one-time password) generation and verification
+- Sending OTPs via Email, SMS (pluggable helpers), and Telegram bot
+- JWT creation, verification and optional token revocation with memory/Redis storage
+- Session management (in-memory or Redis)
+- Developer extensibility: custom senders and `auth.register.sender()` / `auth.use(name).send(...)`
+> This README documents the code structure and APIs found in the library files you provided (OTPManager, JWTManager, SessionManager, AuthVerify).
+---
+## Installation
+```bash
+# from npm (when published)
+npm install auth-verify
+# or locally during development
+# copy the package into your project and `require` it`
+```
+---
+## Quick overview
+- `AuthVerify` (entry): constructs and exposes `.jwt`, `.otp`, and (optionally) `.session` managers.
+- `JWTManager`: sign, verify, decode, revoke tokens. Supports `storeTokens: "memory" | "redis" | "none"`.
+- `OTPManager`: generate, store, send, verify, resend OTPs. Supports `storeTokens: "memory" | "redis" | "none"`. Supports email, SMS helper, Telegram bot, and custom dev senders.
+- `SessionManager`: simple session creation/verification/destroy with memory or Redis backend.
+---
+## Example: Initialize library (CommonJS)
+```js
+const AuthVerify = require('auth-verify');
+const auth = new AuthVerify({
+  jwtSecret: "super_secret_value",
+  storeTokens: "memory", // or "redis" or "none"
+  otpExpiry: "5m",       // supports number (seconds) OR string like '30s', '5m', '1h'
+  otpHash: "sha256",     // optional OTP hashing algorithm
+  // you may pass redisUrl inside managers' own options when using redis
+});
+```
+---
+## JWT usage
+```js
+// create JWT
+const token = await auth.jwt.sign({ userId: 123 }, '1h'); // expiry string or number (ms)
+console.log('token', token);
+// verify
+const decoded = await auth.jwt.verify(token);
+console.log('decoded', decoded);
+// decode without verification
+const payload = await auth.jwt.decode(token);
+// revoke a token (immediately)
+await auth.jwt.revoke(token, 0);
+// revoke token until a time in the future (e.g. '10m' or number ms)
+await auth.jwt.revokeUntil(token, '10m');
+// check if token is revoked (returns boolean)
+const isRevoked = await auth.jwt.isRevoked(token);
+```
+Notes:
+- `sign` and `verify` support callback and promise styles in the implementation. When `storeTokens` is `"redis"` you should use the promise/async style (callback mode returns an error for redis in the current implementation).
+---
+## OTP (email / sms / telegram / custom sender)
+### Configure sender
+You can set the default sender (email/sms/telegram):
+```js
+// email example
+auth.otp.setSender({
+  via: 'email',
+  sender: 'your@address.com',
+  pass: 'app-password-or-smtp-pass',
+  service: 'gmail' // or 'smtp'
+  // if smtp service: host, port, secure (boolean)
+});
+// sms example (the internal helper expects provider/apiKey or mock flag)
+auth.otp.setSender({
+  via: 'sms',
+  provider: 'infobip',
+  apiKey: 'xxx',
+  apiSecret: 'yyy',
+  sender: 'SENDER_NAME',
+  mock: true // in dev prints message instead of sending
+});
+// telegram example
+auth.otp.setSender({
+  via: 'telegram',
+  token: '123:ABC', // bot token
+  // call auth.otp.setupTelegramBot(token) to start the bot
+});
+```
+### Generate → Save → Send (chainable)
+OTP generation is chainable: `generate()` returns the OTP manager instance.
+```js
+// chainable + callback style example
+auth.otp.generate(6).set('user@example.com', (err) => {
+  if (err) throw err;
+  auth.otp.message({
+    to: 'user@example.com',
+    subject: 'Your OTP',
+    html: `Your code: <b>${auth.otp.code}</b>`
+  }, (err, info) => {
+    if (err) console.error('send error', err);
+    else console.log('sent', info && info.messageId);
+  });
+});
+```
+Async/await style:
+```js
+await auth.otp.generate(6);              // generates and stores `auth.otp.code`
+await auth.otp.set('user@example.com'); // saves OTP into memory/redis
+await auth.otp.message({
+  to: 'user@example.com',
+  subject: 'Verify',
+  html: `Your code: <b>${auth.otp.code}</b>`
+});
+```
+### Verify
+```js
+// Promise style
+try {
+  const ok = await auth.otp.verify({ check: 'user@example.com', code: '123456' });
+  console.log('verified', ok);
+} catch (err) {
+  console.error('verify failed', err.message);
+}
+// Callback style also supported: auth.otp.verify({check, code}, callback)
+```
+### Resend and cooldown / max attempts
+- `auth.otp.cooldown('30s')` or `auth.otp.cooldown(30000)` — set cooldown duration.
+- `auth.otp.maxAttempt(5)` — set maximum attempts allowed.
+- `auth.otp.resend(identifier)` — regenerate and resend OTP, observing cooldown and expiry rules.
+`resend` returns the new code (promise style) or calls callback.
+---
+## Telegram integration
+There are two ways to use Telegram flow:
+1. Use the built-in `senderConfig.via = 'telegram'` and call `auth.otp.setupTelegramBot(botToken)` — this starts a polling bot that asks users to share their phone via `/start`, and then matches the phone to in-memory/Redis OTP records and replies with the code.
+2. Developer-supplied custom sender (see below) — you can create your own bot and call it from `auth.use(...).send(...)` or register via `auth.register.sender()`.
+**Important**: Only one bot using long polling must be running per bot token — if you get `409 Conflict` it's because another process or instance is already polling that bot token.
+---
+## Developer extensibility (custom senders)
+You can register custom senders and use them:
+```js
+// register a named sender function
+auth.register.sender('consoleOtp', async ({ to, code }) => {
+  console.log(`[DEV SEND] send to ${to}: ${code}`);
+});
+// use it later (chainable)
+await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5) });
+```
+---
+When a custom sender is registered, `auth.otp.message()` will first attempt the `customSender` before falling back to built-in providers.
+---
+## SessionManager
+```js
+const SessionManager = require('./src/session'); // or auth.session after export
+const sessions = new SessionManager({ storeTokens: 'redis' });
+// create
+const sessionId = await sessions.create('user123', { expiresIn: '2h' });
+// verify
+const userId = await sessions.verify(sessionId);
+// destroy
+await sessions.destroy(sessionId);
+```
+Notes:
+- `expiresIn` accepts numeric seconds or strings like `'30s'`, `'5m'`, `'1h'`, `'1d'`.
+---
+## Helpers
+`helpers/helper.js` exposes utility functions used by managers:
+- `generateSecureOTP(length, hashAlgorithm)` — returns secure numeric OTP string
+- `parseTime(strOrNumber)` — converts `'1h' | '30s' | number` into milliseconds
+- `resendGeneratedOTP(params)` — helper to send email via nodemailer (used by resend)
+- `sendSMS(params)` — helper for sending SMS using supported providers or mock
+---
+## Error handling and notes
+- Many methods support both **callback** and **Promise (async/await)** styles. When using Redis store, prefer **async/await** (callback variants intentionally return an error when Redis is selected).
+- OTP storage keys are the user identifier you pass (email or phone number). Keep identifiers consistent.
+- Be careful when using Telegram polling: do not run two instances with polling true for the same bot token (use webhooks or a single process).
+- When configuring SMTP (non-Gmail), provide `host`, `port` and `secure` in `setSender()`.
+---
+## Suggested folder structure
+```
+auth-verify/
+├─ README.md
+├─ package.json
+├─ src/
+│  ├─ index.js         // exports AuthVerify
+│  ├─ jwt.js
+│  ├─ otp.js
+│  ├─ session.js
+│  └─ helpers/helper.js
+```
+---
+## Contributing & License
+Contributions welcome! Open issues / PRs for bugs, improvements, or API suggestions.
+MIT © 2025 — Jahongir Sobirov