npm - auth-verify - Versions diffs - 0.0.2 → 1.1.0 - Mend

auth-verify 0.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/index.js CHANGED Viewed

@@ -1,182 +1,86 @@
-const sqlite3 = require("sqlite3").verbose();
-const nodemailer = require('nodemailer')
-const crypto = require('crypto');
-const { request } = require("http");
-class Verifier {
-    constructor(sender = {}){
-        this.otpLen = sender.otp?.leng || 6;
-        this.expMin = sender.otp?.expMin || 3;
-        this.limit = sender.otp?.limit || 5;
-        this.cooldown = sender.otp?.cooldown || 60;
-        // Setup SMTP
-        this.transport = nodemailer.createTransport({
-            service: `${sender.serv}`,
-            auth: {
-                user: `${sender.sender}`,
-                pass: sender.pass
+const JWTManager = require("./src/jwt");
+const OTPManager = require("./src/otp");
+const SessionManager = require("./src/session");
+class AuthVerify {
+  constructor(options = {}) {
+    const {
+      jwtSecret,
+      otpExpiry = 300,
+      storeTokens = "none",
+      otpHash = "sha256",
+      redisUrl,
+    } = options;
+    if (!jwtSecret) throw new Error("jwtSecret is required in AuthVerify options");
+    this.senderName;
+    this.jwt = new JWTManager(jwtSecret, { storeTokens });
+    this.otp = new OTPManager({
+      storeTokens,
+      otpExpiry,
+      otpHash,
+      redisUrl,
+    });
+    this.session = new SessionManager({ storeTokens, redisUrl });
+    this.senders = new Map();
+    // this.register = {
+    //   sender: (name, fn)=>{
+    //     if (!name || typeof fn !== "function") {
+    //       throw new Error("Sender registration requires a name and a function");
+    //     }else{
+    //       try{
+    //         this.senders.set(name, fn);
+    //       }catch(err){
+    //         throw new Error(err);
+    //       }
+    //     }
+    //   }
+    // }
+    // ✅ No getters — directly reference otp.dev (it's a plain object)
+  }
+  // Session helpers
+  async createSession(userId, options = {}) {
+    return this.session.create(userId, options);
+  }
+  async verifySession(sessionId) {
+    return this.session.verify(sessionId);
+  }
+  async destroySession(sessionId) {
+    return this.session.destroy(sessionId);
+  }
+  async use(name){
+    const senderFn = this.senders.get(name);
+    if(!senderFn) throw new Error(`Sender "${name}" not found`);
+    this.senderName = senderFn;
+  }
+    register = {
+        sender: (name, fn) => {
+            if (!name || typeof fn !== "function") {
+                throw new Error("Sender registration requires a name and a function");
             }
-        });
-        this.sender = `${sender.smtp?.sender}`
-        //making a db for saving otp codes
-        this.db = new sqlite3.Database('./authverify.db');
-        this.db.serialize(()=>{
-            // creating a table
-            this.db.run(`
-                CREATE TABLE IF NOT EXISTS verifications (
-                email TEXT PRIMARY KEY,
-                code TEXT,
-                expiresAt TEXT,
-                requests INTEGER DEFAULT 0,
-                lastRequest TEXT
-                )
-            `);
-        });
-    }
-     // Generate OTP securely
-    generateOTP() {
-        const buffer = crypto.randomBytes(this.otpLen);
-        const number = parseInt(buffer.toString('hex'), 16)
-        .toString()
-        .slice(0, this.otpLen);
-        return number.padStart(this.otpLen, '0');
-    }
-    html(html){
-        this.htmlContent = html;
-        return this;
-    }
-    subject(subject){
-        this.mailSubject = subject;
-        return this;
-    }
-    text(text){
-        this.mailText = text;
-        return this;
-    }
-    sendTo(email, callback){
-        this.recieverEmail = email;
-        const code = this.generateOTP();
-        const expAt = new Date(Date.now() + this.expMin * 60 * 1000).toISOString();
-        this.db.get(`SELECT * FROM verifications WHERE email = ?`, [email], (err, row)=>{
-            if(err) return callback(err);
-            const now = new Date();
-            let requests = 1;
-            if(row){
-                const lastRequest = row.lastRequest ? new Date(row.lastRequest) : null;
-                if(lastRequest && now.toDateString() === lastRequest.toDateString()){
-                    requests = row.requests + 1;
-                    if(requests > this.limit){
-                        return callback(new Error("Too many OTP requests today"));
-                    }
-                    const diff = (now - lastRequest) / 1000;
-                    if(diff < this.cooldown){
-                        return callback(new Error(`Please wait ${Math.ceil(this.cooldown - diff)} seconds before requesting a new OTP.`));
-                    }
-                }
-            }
-            this.db.run(`INSERT INTO verifications (email, code, expiresAt, requests, lastRequest) VALUES (?, ?, ?, ?, ?)
-                ON CONFLICT(email) DO UPDATE SET
-                code = excluded.code,
-                expiresAt = excluded.expiresAt,
-                requests = excluded.requests,
-                lastRequest = excluded.lastRequest`, [email, code, expAt, requests, now.toISOString()], (DBerr)=>{
-                if(DBerr) return callback(DBerr);
-                this.otpOptions = {
-                    from: this.sender,
-                    to: `${email}`,
-                    subject: this.mailSubject ? this.mailSubject.replace("{otp}", code) : undefined,
-                    text: this.mailText ? this.mailText.replace("{otp}", code) : undefined,
-                    html: this.htmlContent ? this.htmlContent.replace("{otp}", code) : undefined
-                }
-                this.transport.sendMail(this.otpOptions, (emailErr, info)=>{
-                    if(emailErr) return callback(emailErr);
-                    // console.log('📨 Email sent:', info.response);
-                    callback(null, true);
-                });
-                // console.log('💾 Code saved to DB');
-            });
-        });
-        return this;
-    }
-    code(userCode){
-        this.userCode = userCode
-        return this;
-    }
-    verifyFor(email, callback){
-        const now = new Date().toISOString();
-        this.db.get(`SELECT * FROM verifications WHERE email = ? AND expiresAt > ?`, [email, now], (DBerr, row)=>{
-            if(DBerr) return callback(DBerr);
+            this.senders.set(name, fn);
+            // console.log(`✅ Sender registered: ${name}`);
+        }
+    };
-            // console.log(`Code was got`);
+    // use a sender by name
+    use(name) {
+        const senderFn = this.senders.get(name);
+        if (!senderFn) throw new Error(`Sender "${name}" not found`);
-            if(!row){
-                // console.log(this.recieverEmail);
-                callback(null, false)
-            }else{
-                if(row.code === this.userCode){
-                    // console.log('✅ User verified');
-                    callback(null, true);
-                }else{
-                    // console.log("❌ Code isn't correct")
-                    callback(null, false);
-                }
+        return {
+            send: async (options) => {
+                return await senderFn(options); // call user function
             }
-        });
-    }
-    makeOTP(length){
-        const buffer = crypto.randomBytes(length);
-        const number = parseInt(buffer.toString('hex'), 16)
-        .toString()
-        .slice(0, length);
-        return number.padStart(length, '0');
-    }
-    getOTP(email, callback){
-        this.db.get(`SELECT * FROM verifications WHERE email = ?`, [email], (err, row)=>{
-            if(err) return callback(err);
-            if(!row) return callback(null, null);
-            callback(null, { code: row.code, expiresAt: row.expiresAt });
-        });
+        };
     }
-    cleanExpired() {
-    const now = new Date().toISOString();
-    this.db.run(
-        `DELETE FROM verifications WHERE expiresAt <= ?`,
-        [now],
-        function(err) {
-            if (err) console.error("Error cleaning expired OTPs:", err.message);
-            // Optional: console.log(`${this.changes} expired OTPs removed`);
-        }
-    );
-}
 }
-module.exports = Verifier;
+module.exports = AuthVerify;

package/package.json CHANGED Viewed

@@ -1,15 +1,20 @@
 {
   "dependencies": {
+    "axios": "^1.12.2",
     "crypto": "^1.0.1",
     "express": "^5.1.0",
+    "ioredis": "^5.8.1",
+    "jsonwebtoken": "^9.0.2",
+    "node-telegram-bot-api": "^0.66.0",
     "nodemailer": "^7.0.6",
-    "sqlite3": "^5.1.7"
+    "redis": "^5.8.3",
+    "twilio": "^5.10.3",
+    "uuid": "^13.0.0"
   },
   "name": "auth-verify",
-  "version": "0.0.2",
+  "version": "1.1.0",
   "description": "A simple Node.js library for sending and verifying OTP via email",
   "main": "index.js",
-  "devDependencies": {},
   "scripts": {
     "test": "node test.js"
   },
@@ -31,7 +36,8 @@
     "login",
     "two-factor",
     "2fa",
-    "email"
+    "email",
+    "jwt"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",

package/readme.md CHANGED Viewed

@@ -1,119 +1,296 @@
 # auth-verify
-`auth-verify` is a **Node.js library** for handling **OTP (One-Time Password) generation, email verification, and expiration tracking**. It provides secure OTP generation, rate-limiting, cooldowns, and integration with **Nodemailer** for sending verification emails.
+**auth-verify** is a Node.js authentication utility that provides:
+- Secure OTP (one-time password) generation and verification
+- Sending OTPs via Email, SMS (pluggable helpers), and Telegram bot
+- JWT creation, verification and optional token revocation with memory/Redis storage
+- Session management (in-memory or Redis)
+- Developer extensibility: custom senders and `auth.register.sender()` / `auth.use(name).send(...)`
----
-## Features
-- Generate secure OTP codes
-- Send OTP via **email** using Nodemailer
-- Verify OTP codes with expiration checks
-- Limit OTP requests per day and enforce cooldowns
-- Store OTPs in a **SQLite database**
-- Fully asynchronous with callback support
+> This README documents the code structure and APIs found in the library files you provided (OTPManager, JWTManager, SessionManager, AuthVerify).
 ---
 ## Installation
 ```bash
+# from npm (when published)
 npm install auth-verify
+# or locally during development
+# copy the package into your project and `require` it`
 ```
-### 🚀 Quick Start
-##### 1. Initialize Verifier
+---
+## Quick overview
+- `AuthVerify` (entry): constructs and exposes `.jwt`, `.otp`, and (optionally) `.session` managers.
+- `JWTManager`: sign, verify, decode, revoke tokens. Supports `storeTokens: "memory" | "redis" | "none"`.
+- `OTPManager`: generate, store, send, verify, resend OTPs. Supports `storeTokens: "memory" | "redis" | "none"`. Supports email, SMS helper, Telegram bot, and custom dev senders.
+- `SessionManager`: simple session creation/verification/destroy with memory or Redis backend.
+---
+## Example: Initialize library (CommonJS)
 ```js
-const Verifier = require('auth-verify');
-const verifier = new Verifier({
-    sender: 'your_email@example.com',
-    pass: 'your_email_password',
-    serv: 'gmail', // SMTP service name
-    otp: {
-        leng: 6,        // OTP length (default: 6)
-        expMin: 3,      // OTP expiration in minutes (default: 3)
-        limit: 5,       // Max requests per day (default: 5)
-        cooldown: 60    // Cooldown between requests in seconds (default: 60)
-    }
+const AuthVerify = require('auth-verify');
+const auth = new AuthVerify({
+  jwtSecret: "super_secret_value",
+  storeTokens: "memory", // or "redis" or "none"
+  otpExpiry: "5m",       // supports number (seconds) OR string like '30s', '5m', '1h'
+  otpHash: "sha256",     // optional OTP hashing algorithm
+  // you may pass redisUrl inside managers' own options when using redis
 });
 ```
-##### 2. Send OTP
+---
+## JWT usage
 ```js
-verifier
-    .html("<h1>Your OTP is {otp}</h1>")   // optional HTML template
-    .subject("Verify your account: {otp}") // optional subject
-    .text("Your OTP is {otp}")            // optional plain text
-    .sendTo('user@example.com', (err, success) => {
-        if (err) return console.error(err);
-        console.log("OTP sent successfully!");
-    });
+// create JWT
+const token = await auth.jwt.sign({ userId: 123 }, '1h'); // expiry string or number (ms)
+console.log('token', token);
+// verify
+const decoded = await auth.jwt.verify(token);
+console.log('decoded', decoded);
+// decode without verification
+const payload = await auth.jwt.decode(token);
+// revoke a token (immediately)
+await auth.jwt.revoke(token, 0);
+// revoke token until a time in the future (e.g. '10m' or number ms)
+await auth.jwt.revokeUntil(token, '10m');
+// check if token is revoked (returns boolean)
+const isRevoked = await auth.jwt.isRevoked(token);
 ```
-##### 3. Verify OTP
+## 🍪 Automatic Cookie Handling (New in v1.1.0)
+You can now automatically store and verify JWTs via HTTP cookies — no need to manually send them!
 ```js
-verifier.code('123456').verifyFor('user@example.com', (err, isValid) => {
-    if (err) return console.error(err);
-    console.log(isValid ? "✅ OTP verified" : "❌ Invalid or expired OTP");
+const AuthVerify = require("auth-verify");
+const express = require("express");
+const app = express();
+const auth = new AuthVerify({
+  jwtSecret: "supersecret", storeTokens: "memory"
+});
+app.post("/login", async (req, res) => {
+  const token = await auth.jwt.sign({ userId: 1 }, "5s", { res });
+  res.json({ token }); // token is also set as cookie automatically
+});
+app.get("/verify", async (req, res) => {
+  try {
+    const data = await auth.jwt.verify(req); // auto reads from cookie
+    res.json({ valid: true, data });
+  } catch (err) {
+    res.json({ valid: false, error: err.message });
+  }
 });
+app.listen(3000, () => console.log("🚀 Server running at http://localhost:3000"));
 ```
-##### 4. Get OTP Details (for testing/debugging)
+What it does automatically:
+ - Saves token in a secure HTTP-only cookie
+ - Reads and verifies token from cookies
+ - Supports both async/await and callback styles
+Notes:
+- `sign` and `verify` support callback and promise styles in the implementation. When `storeTokens` is `"redis"` you should use the promise/async style (callback mode returns an error for redis in the current implementation).
+---
+## OTP (email / sms / telegram / custom sender)
+### Configure sender
+You can set the default sender (email/sms/telegram):
 ```js
-verifier.getOTP('user@example.com', (err, data) => {
-    if (err) return console.error(err);
-    console.log(data); // { code: '123456', expiresAt: '2025-09-28T...' }
+// email example
+auth.otp.setSender({
+  via: 'email',
+  sender: 'your@address.com',
+  pass: 'app-password-or-smtp-pass',
+  service: 'gmail' // or 'smtp'
+  // if smtp service: host, port, secure (boolean)
+});
+// sms example (the internal helper expects provider/apiKey or mock flag)
+auth.otp.setSender({
+  via: 'sms',
+  provider: 'infobip',
+  apiKey: 'xxx',
+  apiSecret: 'yyy',
+  sender: 'SENDER_NAME',
+  mock: true // in dev prints message instead of sending
+});
+// telegram example
+auth.otp.setSender({
+  via: 'telegram',
+  token: '123:ABC', // bot token
+  // call auth.otp.setupTelegramBot(token) to start the bot
 });
 ```
-##### 5. Clean Expired OTPs
+### Generate → Save → Send (chainable)
+OTP generation is chainable: `generate()` returns the OTP manager instance.
+```js
+// chainable + callback style example
+auth.otp.generate(6).set('user@example.com', (err) => {
+  if (err) throw err;
+  auth.otp.message({
+    to: 'user@example.com',
+    subject: 'Your OTP',
+    html: `Your code: <b>${auth.otp.code}</b>`
+  }, (err, info) => {
+    if (err) console.error('send error', err);
+    else console.log('sent', info && info.messageId);
+  });
+});
+```
+Async/await style:
+```js
+await auth.otp.generate(6);              // generates and stores `auth.otp.code`
+await auth.otp.set('user@example.com'); // saves OTP into memory/redis
+await auth.otp.message({
+  to: 'user@example.com',
+  subject: 'Verify',
+  html: `Your code: <b>${auth.otp.code}</b>`
+});
+```
+### Verify
 ```js
-verifier.cleanExpired(); // Deletes expired OTPs from the database
+// Promise style
+try {
+  const ok = await auth.otp.verify({ check: 'user@example.com', code: '123456' });
+  console.log('verified', ok);
+} catch (err) {
+  console.error('verify failed', err.message);
+}
+// Callback style also supported: auth.otp.verify({check, code}, callback)
 ```
-#### API Reference
-`new Verifier(options)`
-`sender` – sender email for Nodemailer
+### Resend and cooldown / max attempts
+- `auth.otp.cooldown('30s')` or `auth.otp.cooldown(30000)` — set cooldown duration.
+- `auth.otp.maxAttempt(5)` — set maximum attempts allowed.
+- `auth.otp.resend(identifier)` — regenerate and resend OTP, observing cooldown and expiry rules.
+`resend` returns the new code (promise style) or calls callback.
+---
+## Telegram integration
+There are two ways to use Telegram flow:
+1. Use the built-in `senderConfig.via = 'telegram'` and call `auth.otp.setupTelegramBot(botToken)` — this starts a polling bot that asks users to share their phone via `/start`, and then matches the phone to in-memory/Redis OTP records and replies with the code.
+2. Developer-supplied custom sender (see below) — you can create your own bot and call it from `auth.use(...).send(...)` or register via `auth.register.sender()`.
-`pass` – email password
+**Important**: Only one bot using long polling must be running per bot token — if you get `409 Conflict` it's because another process or instance is already polling that bot token.
-`serv` – SMTP service name
+---
+## Developer extensibility (custom senders)
+You can register custom senders and use them:
+```js
+// register a named sender function
+auth.register.sender('consoleOtp', async ({ to, code }) => {
+  console.log(`[DEV SEND] send to ${to}: ${code}`);
+});
+// use it later (chainable)
+await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5) });
+```
+---
-`otp` – object:
+When a custom sender is registered, `auth.otp.message()` will first attempt the `customSender` before falling back to built-in providers.
-`leng` (number) – OTP length (default: 6)
+---
-`expMin` (number) – OTP expiration in minutes (default: 3)
+## SessionManager
-`limit` (number) – Max requests per day (default: 5)
+```js
+const SessionManager = require('./src/session'); // or auth.session after export
+const sessions = new SessionManager({ storeTokens: 'redis' });
-`cooldown` (number) – Cooldown in seconds between requests (default: 60)
+// create
+const sessionId = await sessions.create('user123', { expiresIn: '2h' });
-#### Methods
+// verify
+const userId = await sessions.verify(sessionId);
-`html(content)` – Sets optional HTML content with {otp} placeholder
+// destroy
+await sessions.destroy(sessionId);
+```
-`subject(content)` – Sets optional email subject with {otp} placeholder
+Notes:
+- `expiresIn` accepts numeric seconds or strings like `'30s'`, `'5m'`, `'1h'`, `'1d'`.
+---
-`text(content)` – Sets optional plain text with {otp} placeholder
+## Helpers
-`sendTo(email, callback)` – Sends OTP to an email
+`helpers/helper.js` exposes utility functions used by managers:
-`code(otp)` – Set user-provided OTP for verification
+- `generateSecureOTP(length, hashAlgorithm)` — returns secure numeric OTP string
+- `parseTime(strOrNumber)` — converts `'1h' | '30s' | number` into milliseconds
+- `resendGeneratedOTP(params)` — helper to send email via nodemailer (used by resend)
+- `sendSMS(params)` — helper for sending SMS using supported providers or mock
-`verifyFor(email, callback)` – Verify OTP for the given email
+---
-`getOTP(email, callback)` – Retrieve OTP and expiration from DB
+## Error handling and notes
-`cleanExpired()` – Delete expired OTPs from database
+- Many methods support both **callback** and **Promise (async/await)** styles. When using Redis store, prefer **async/await** (callback variants intentionally return an error when Redis is selected).
+- OTP storage keys are the user identifier you pass (email or phone number). Keep identifiers consistent.
+- Be careful when using Telegram polling: do not run two instances with polling true for the same bot token (use webhooks or a single process).
+- When configuring SMTP (non-Gmail), provide `host`, `port` and `secure` in `setSender()`.
-#### Database
+---
-Uses SQLite (authverify.db) to store:
+## Suggested folder structure
-Email
+```
+auth-verify/
+├─ README.md
+├─ package.json
+├─ src/
+│  ├─ index.js         // exports AuthVerify
+│  ├─ jwt.js
+│  ├─ otp.js
+│  ├─ session.js
+│  └─ helpers/helper.js
+```
-OTP code
+---
-Expiration timestamp
+## Contributing & License
-Request count
+Contributions welcome! Open issues / PRs for bugs, improvements, or API suggestions.
-Last request timestamp
+MIT © 2025 — Jahongir Sobirov