auth-verify 1.10.0 → 1.11.0

package/auth-verify.client.js

@@ -80,97 +80,6 @@ window.AuthVerify = class AuthVerify {
     return new Uint8Array([...str].map(c => c.charCodeAt(0)));
   }
 
-  // start(route){
-  //   this.startRegisterApi = route;
-  //   return this;
-  // }
-
-  // finish(route){
-  //   this.finishRegisterApi = route;
-  //   return this;
-  // }
-
-//   // -----------------------------
-//   // REGISTER PASSKEY (full flow)
-//   // -----------------------------
-//   async registerPasskey(user) {
-//     try {
-//       // 1️⃣ Get registration options from backend
-//       const publicKey = await this.post(`${this.startRegisterApi}`).data({user});
-
-//       // 2️⃣ Decode challenge & user.id automatically
-//       publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
-//       publicKey.user.id = this.base64urlToUint8Array(publicKey.user.id);
-
-//       // 3️⃣ Ask browser to create credential
-//       const credential = await navigator.credentials.create({ publicKey });
-
-//       // 4️⃣ Convert ArrayBuffers to base64
-//       const data = {
-//         id: credential.id,
-//         rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
-//         type: credential.type,
-//         response: {
-//           clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
-//           attestationObject: btoa(String.fromCharCode(...new Uint8Array(credential.response.attestationObject))),
-//         },
-//       };
-
-//       // 5️⃣ Send credential to backend to finish registration
-//       const result = await this.post(`${this.finishRegisterApi}`).data(data);
-
-//       return result;
-
-//     } catch (err) {
-//       console.error("[AuthVerify registerPasskey]", err);
-//       return { error: true, message: err.message };
-//     }
-//   }
-
-//   // -----------------------------
-// // LOGIN / AUTHENTICATE PASSKEY
-// // -----------------------------
-// async loginPasskey(user) {
-//         try {
-//             // 1️⃣ Get assertion options (challenge) from backend
-//             const publicKey = await this.post(`${this.startRegisterApi}`).data({ user, login: true });
-
-//             // 2️⃣ Decode Base64URL fields
-//             publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
-//             publicKey.allowCredentials = publicKey.allowCredentials.map(cred => ({
-//             ...cred,
-//             id: this.base64urlToUint8Array(cred.id)
-//             }));
-
-//             // 3️⃣ Ask browser to get credential
-//             const credential = await navigator.credentials.get({ publicKey });
-
-//             // 4️⃣ Convert ArrayBuffers to Base64
-//             const data = {
-//             id: credential.id,
-//             rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
-//             type: credential.type,
-//             response: {
-//                 clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
-//                 authenticatorData: btoa(String.fromCharCode(...new Uint8Array(credential.response.authenticatorData))),
-//                 signature: btoa(String.fromCharCode(...new Uint8Array(credential.response.signature))),
-//                 userHandle: credential.response.userHandle
-//                 ? btoa(String.fromCharCode(...new Uint8Array(credential.response.userHandle)))
-//                 : null,
-//             },
-//             };
-
-//             // 5️⃣ Send assertion to backend for verification
-//             const result = await this.post(`${this.finishRegisterApi}`).data(data);
-
-//             return result;
-
-//         } catch (err) {
-//             console.error("[AuthVerify loginPasskey]", err);
-//             return { error: true, message: err.message };
-//         }
-//   }
-
   async issue(publicKey){
     publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
     publicKey.user.id = this.base64urlToUint8Array(publicKey.user.id);

package/package.json

@@ -3,20 +3,24 @@
     "axios": "^1.12.2",
     "base64url": "^3.0.1",
     "cbor": "^10.0.11",
+    "cors": "^2.8.5",
     "crypto": "^1.0.1",
+    "express": "^5.1.0",
     "ioredis": "^5.8.1",
     "jsonwebtoken": "^9.0.2",
     "node-telegram-bot-api": "^0.66.0",
     "nodemailer": "^7.0.6",
+    "path": "^0.12.7",
     "qrcode": "^1.5.4",
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And generating TOTP codes and QR codes. And handling JWT with Cookies. And also handling passwordless logins with passkeys/webauth. And handling magiclink passwordless logins",
   "main": "index.js",
   "scripts": {
-    "test": "jest --runInBand"
+    "test": "jest --runInBand",
+    "start:api": "node rest-api/index.js"
   },
   "repository": {
     "type": "git",
@@ -51,7 +55,9 @@
     "passwordless",
     "magiclink",
     "hash",
-    "password_hashing"
+    "password_hashing",
+    "api",
+    "rest-api"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",

package/readme.md

@@ -1,6 +1,6 @@
 # auth-verify
 
-**AuthVerify** is a modular authentication library for Node.js, providing JWT, OTP, TOTP, Passkeys (WebAuthn), Magic Links, Sessions, and OAuth helpers. You can easily register custom senders for OTPs or notifications.
+**AuthVerify** is a modular authentication library for Node.js, providing JWT, OTP, TOTP, Passkeys (WebAuthn), Magic Links, Sessions, and OAuth helpers. You can easily register custom senders for OTPs or notifications. Auth-verify now supports **REST API** for generating, sending OTP with email/SMS and verifying it.
  - [Installation](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-installation)
  - [Initialization](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-example-initialize-library-commonjs)
  - [JWT](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-jwt-usage)
@@ -13,6 +13,7 @@
  - [Custom Senders](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#developer-extensibility-custom-senders)
  - [Session Management](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-sessionmanager-api-documentation---auth-verify)
  - [Crypto hashing](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-cryptomanager-api-guide)
+ - [Auth-verify REST API](https://auth-verify-sy2y.onrender.com/)
 ---
 
 ## 🧩 Installation
@@ -34,9 +35,10 @@ npm install auth-verify
 - `OTPManager`: generate, store, send, verify, resend OTPs. Supports `storeTokens: "memory" | "redis" | "none"`. Supports email, SMS helper, Telegram bot, and custom dev senders.
 - `TOTPManager`: generate, verify uri, codes and QR codes.
 - `SessionManager`: simple session creation/verification/destroy with memory or Redis backend.
-- `OAuthManager`: Handle OAuth 2.0 logins for Google, Facebook, GitHub, X, Linkedin, Apple, Discord, Slack, Microsoft, Telegram and WhatsApp.
+- `OAuthManager`: Handle OAuth 2.0 logins for 20+ providers.
 - `PasskeyManager`: Handle passwordless login and registration using WebAuthn/passkey.
 - `MagicLinkManager`: Handle passwordless login with magic link generation and verification.
+- `CrpytoManager`: Handle hashing passwords or another data with algorithms like: `"pbkdf2"` and `"scrypt"`
 ---
 
 ## 🚀 Example: Initialize library (CommonJS)
@@ -316,6 +318,7 @@ const otp = auth.otp; // internally uses OTPManager
 
 ### ⚙️ Sender Configuration
 #### Email sender
+##### Using Gmail
 ```js
 otp.sender({
     via: "email", // or "sms", "telegram", "whatsapp"
@@ -329,6 +332,17 @@ otp.sender({
 
 // or you can use otp.setSender({...});
 ```
+##### Using SMTP service
+```js
+otp.sender({
+  via: "email", // or "sms", "telegram", "whatsapp"
+  sender: "your_email@gmail.com",
+  pass: "your_app_password",
+  host: "smtp.gmail.com",
+  port: 587,
+  secure: false
+})
+```
 #### SMS sender
 ##### Using infobip:
 ```js
@@ -412,6 +426,9 @@ await otp.send("user@example.com", {
     text: "Your OTP is 123456",
     html: "<b>123456</b>"
 });
+
+// or simply
+await otp.send("user@example.com");
 ```
 Supports channels:
 | `via`    | Notes                                    |
@@ -432,10 +449,11 @@ otp.send("user@example.com", options, (err, info) => {
 ### 🔑 Verify OTP
 ```js
 // Promise style
-const result = await otp.verify({ check: "user@example.com", code: "123456" });
+const result = await otp.verify("user@example.com", "123456");
+//const result = await otp.verify({ check: "user@example.com", code: "123456" }); or you can use this style
 
 // Callback style
-otp.verify({ check: "user@example.com", code: "123456" }, (err, success) => {
+otp.verify("user@example.com", "123456", (err, success) => {
     if(err) console.error(err.message);
     else console.log("✅ OTP verified");
 });
@@ -1737,16 +1755,9 @@ auth-verify/
 │  ├─ /session/index.js
 |  ├─ /oauth/index.js
 │  └─ helpers/helper.js
-├─ tests/
-│  ├─ jwa.test.js
-│  ├─ cryptomanager.test.js
-│  ├─ jwtmanager.multitab.test.js
-│  ├─ jwtmanager.test.js
-│  ├─ otpmanager.test.js
-│  ├─ oauth.test.js
-│  ├─ totpmanager.test.js
-│  ├─ passkeymanager.test.js
-│  ├─ magiclinkmanager.test.js
+├─ rest-api/
+│  ├─ public/index.html
+│  ├─ index.js
 ├─ babel.config.js
 ├─ auth-verify.client.js
 ```

package/rest-api/index.js

@@ -0,0 +1,171 @@
+const express = require("express");
+const cors = require("cors");
+const AuthVerify = require("../index");
+const path = require("path");
+
+const app = express();
+app.use(cors());
+app.use(express.json());
+app.use(express.static("public"));
+
+const router = express.Router();   // FIXED
+
+const auth = new AuthVerify();
+
+// If user enters any route ("/", "/docs", etc) send homepage
+app.get("/", (req, res) => {
+  res.sendFile(path.join(__dirname, "public/index.html"));
+});
+
+// Generating OTP (just generate code, no sending)
+router.post('/auth/otp/generate/:leng', async (req, res) => {
+    try {
+        let { leng } = req.params;
+        const length = leng ? parseInt(leng) : 6;  // default 6 digits if undefined
+
+        const otp = auth.otp.generate(length);
+
+        return res.json({
+            ok: true,
+            code: otp.code,
+            length
+        });
+    } catch (err) {
+        console.error(err);
+        return res.status(500).json({ ok: false, error: "Failed to generate OTP", message: err.message });
+    }
+});
+
+
+// ----------- Gmail Provider -------------
+router.post('/auth/otp/send/gmail/:to', async (req, res) => {
+    try {
+        const { to } = req.params;
+        const { email, pass, subject, text, html } = req.body.sender || {};
+
+        if (!email || !pass) {
+            return res.status(400).json({ error: "Missing sender email or password" });
+        }
+
+        auth.otp.sender({
+            via: 'email',
+            service: 'gmail',
+            sender: email,
+            pass
+        });
+
+        const info = await auth.otp.send(to, {
+            subject: subject || "Your OTP Code",
+            text: text || "",
+            html: html || ""
+        });
+
+        return res.json({
+            ok: true,
+            provider: "gmail",
+            to
+        });
+
+    } catch (err) {
+        console.error(err);
+        return res.status(500).json({ error: "Failed to send OTP" });
+    }
+});
+
+// ----------- SMTP Provider -------------
+router.post('/auth/otp/send/email/:to', async (req, res) => {
+    try {
+        const { to } = req.params;
+        const { email, pass, host, port, secure, subject, text, html } = req.body.sender || {};
+
+        if (!email || !pass || !host || !port) {
+            return res.status(400).json({ error: "Missing sender email or pass or host or port" });
+        }
+
+        auth.otp.sender({
+            via: 'email',
+            host,
+            port,
+            secure: secure || false,
+            sender: email,
+            pass
+        });
+
+        const info = await auth.otp.send(to, {
+            subject: subject || "Your OTP Code",
+            text: text || "",
+            html: html || ""
+        });
+
+        return res.json({
+            ok: true,
+            provider: "smtp",
+            to
+        });
+
+    } catch (err) {
+        console.error(err);
+        return res.status(500).json({ error: "Failed to send OTP" });
+    }
+});
+
+// ------ OTP SMS -------
+router.post('/auth/otp/send/sms/:to', async (req, res)=>{
+    try {
+        const { to } = req.params;
+        const { provider, apiKey, apiSecret, sender, text } = req.body.sender || {};
+
+        if(!provider || !apiKey || !apiSecret || !sender) return res.status(400).json({error: "Missing sender provider or apiKey or apiSecret or sender"}); 
+
+        auth.otp.sender({
+            via: 'sms',
+            provider,
+            apiKey,
+            apiSecret,
+            sender
+        });
+
+        const info = await auth.otp.send(to, {text});
+
+        return res.json({
+            ok: true,
+            provider,
+            to
+        });
+    } catch(err){
+        console.error(err);
+        return res.status(500).json({ error: "Failed to send OTP with SMS" });
+    }
+});
+
+// Verify OTP sent by email
+router.post('/auth/otp/verify/:to', async (req, res) => {
+    try {
+        const { to } = req.params;
+        const { otp } = req.body;
+
+        if (!otp) {
+            return res.status(400).json({ success: false, message: "Missing OTP code" });
+        }
+
+        const valid = await auth.otp.verify(to, otp);
+
+        if (valid) {
+            return res.status(200).json({ success: true, message: "OTP verified", to });
+        } else {
+            return res.status(400).json({ success: false, message: "OTP is incorrect", to });
+        }
+
+    } catch (err) {
+        console.error(err);
+        return res.status(500).json({ success: false, message: "Failed to verify OTP", error: err.message });
+    }
+});
+
+
+// mount router
+app.use("/api", router);   // IMPORTANT!!
+
+app.listen(3000, () => {
+    console.log("REST API running on port 3000");
+});