auth-verify 1.13.6 → 1.14.0

package/index.js

@@ -51,7 +51,7 @@ class AuthVerify {
       redisUrl,
     });
 
-    this.session = new SessionManager({ storeTokens, redisUrl });
+    // this.session = new SessionManager({ storeTokens, redisUrl });
     this.oauth = new OAuthManager();
     this.totp = new TOTPManager(totp);
 
@@ -63,17 +63,17 @@ class AuthVerify {
   }
 
   // --- Session helpers ---
-  async createSession(userId, options = {}) {
-    return this.session.create(userId, options);
-  }
+  // async createSession(userId, options = {}) {
+  //   return this.session.create(userId, options);
+  // }
 
-  async verifySession(sessionId) {
-    return this.session.verify(sessionId);
-  }
+  // async verifySession(sessionId) {
+  //   return this.session.verify(sessionId);
+  // }
 
-  async destroySession(sessionId) {
-    return this.session.destroy(sessionId);
-  }
+  // async destroySession(sessionId) {
+  //   return this.session.destroy(sessionId);
+  // }
 
   // --- Passkey helpers ---
   async registerPasskey(user) {

package/package.json

@@ -19,7 +19,7 @@
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.13.6",
+  "version": "1.14.0",
   "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And generating TOTP codes and QR codes. And handling JWT with Cookies. And also handling passwordless logins with passkeys/webauth. And handling magiclink passwordless logins",
   "main": "index.js",
   "scripts": {

package/readme.md

@@ -1,6 +1,6 @@
 # auth-verify
 
-**AuthVerify** is a modular authentication library for Node.js, providing JWT, OTP, TOTP, Passkeys (WebAuthn), Magic Links, Sessions, and OAuth helpers. You can easily register custom senders for OTPs or notifications. Auth-verify now supports **REST API** for generating, sending OTP with email/SMS and verifying it.
+**AuthVerify** is a modular authentication library for Node.js, providing JWT, OTP, TOTP, Passkeys (WebAuthn), Magic Links, and OAuth helpers. You can easily register custom senders for OTPs or notifications. Auth-verify now supports **REST API** for generating, sending OTP with email/SMS and verifying it.
  - [Installation](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-installation)
  - [Initialization](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-example-initialize-library-commonjs)
  - [JWT](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-jwt-usage)
@@ -11,7 +11,6 @@
  - [OAuth](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-oauth-manager--auth-verify)
  - [Magic Links](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-magiclink-passwordless-login-v180)
  - [Custom Senders](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#developer-extensibility-custom-senders)
- - [Session Management](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-sessionmanager-api-documentation---auth-verify)
  - [Crypto hashing](https://github.com/Jahongir2007/auth-verify/blob/main/docs/docs.md#-cryptomanager-api-guide)
  - [Auth-verify REST API](https://auth-verify-sy2y.onrender.com/)
 ---
@@ -30,11 +29,10 @@ npm install auth-verify
 
 ## ⚙️ Quick overview
 
-- `AuthVerify` (entry): constructs and exposes `.jwt`, `.otp`, (optionally) `.session`, `.totp` and `.oauth` managers.
+- `AuthVerify` (entry): constructs and exposes `.jwt`, `.otp`, `.totp` and `.oauth` managers.
 - `JWTManager`: sign, verify, decode, revoke tokens. Supports `storeTokens: "memory" | "redis" | "none"` and middleware with custom cookie, header, and token extraction.
 - `OTPManager`: generate, store, send, verify, resend OTPs. Supports `storeTokens: "memory" | "redis" | "none"`. Supports email, SMS helper, Telegram bot, and custom dev senders.
 - `TOTPManager`: generate, verify uri, codes and QR codes.
-- `SessionManager`: simple session creation/verification/destroy with memory or Redis backend.
 - `OAuthManager`: Handle OAuth 2.0 logins for 20+ providers.
 - `PasskeyManager`: Handle passwordless login and registration using WebAuthn/passkey.
 - `MagicLinkManager`: Handle passwordless login with magic link generation and verification.
@@ -1447,7 +1445,22 @@ await auth.magic.sender({
   pass: 'your_smtp_password'
 });
 ```
-> ✅ Both Gmail and any SMTP provider are supported.
+
+#### API services Example
+```js
+auth.magic.sender({
+  service: 'api',
+  apiService: 'resend', // 'mailgun', 'sendgrid'
+  sender:  'noreply@yourdomain.com',
+  apiKey: 'YOUR_API_KEY'
+})
+```
+> For `"mailgun"` you should also add also your domain 
+> ```js
+>  domain: "your-domain.com"
+>```
+
+> ✅ Gmail, any SMTP provider and API based email services are supported.
 > Use app passwords or tokens instead of your real password!
 
 ### 📩 Send Magic Link
@@ -1518,7 +1531,7 @@ auth.magic.send('user@example.com', (err) => {
 ```js
 const express = require('express');
 const bodyParser = require('body-parser');
-const { AuthVerify } = require('auth-verify');
+const AuthVerify = require('auth-verify');
 
 const app = express();
 app.use(bodyParser.json());
@@ -1602,79 +1615,6 @@ When a custom sender is registered, `auth.otp.message()` will first attempt the
 
 ---
 
-## 📝 SessionManager API Documentation - `auth-verify`
-The session manager of `auth-verify` provides a simple way to **create**, **verify**, and **destroy user sessions** in either **memory** or **Redis** storage.
-
-### Import
-```js
-const AuthVerify = require('auth-verify');
-const auth = new AuthVerify({ storeTokens: 'redis', redisUrl: "redis://localhost:6379" });
-```
-##### Options:
-| Option        | Type   | Default                    | Description                                               |
-| ------------- | ------ | -------------------------- | --------------------------------------------------------- |
-| `storeTokens` | string | `'memory'`                 | Storage type for sessions: `'memory'` or `'redis'`        |
-| `redisUrl`    | string | `"redis://localhost:6379"` | Redis connection URL (required if `storeTokens: 'redis'`) |
-
-### Methods
-#### 1️⃣ `create(userId, options)`
-Create a new session for a user.
-**Parameters:**
-| Name      | Type   | Required | Description                             |           |
-| --------- | ------ | -------- | --------------------------------------- | --------- |
-| `userId`  | string | ✅        | Unique ID of the user                   |           |
-| `options` | object | ❌        | Optional settings: `{ expiresIn: number | string }` |
-
-`expiresIn` formats:
- - Number → seconds
- - String → `"30s"`, `"5m"`, `"2h"`, `"1d"`
-##### **Returns:**
-`Promise<string>` → The session ID (UUID)
-##### **Example:**
-```js
-// Memory storage
-const auth = new AuthVerify({ storeTokens: 'memory' });
-const sessionId = await auth.session.create("user123", { expiresIn: "2h" });
-console.log(sessionId); // "550e8400-e29b-41d4-a716-446655440000"
-```
-#### 2️⃣ `verify(sessionId)`
-Verify if a session is valid.
-##### **Parameters:**
-| Name        | Type   | Required | Description              |
-| ----------- | ------ | -------- | ------------------------ |
-| `sessionId` | string | ✅        | The session ID to verify |
-##### Returns:
-`Promise<string>` → Returns the `userId` if session is valid
-##### Throws:
- - `"Session not found or expired"`
- - `"Session expired"`
-##### Example:
-```js
-const userId = await auth.session.verify(sessionId);
-console.log(userId); // "user123"
-```
-#### 3️⃣ `destroy(sessionId)`
-Invalidate (destroy) a session manually.
-##### Parameters:
-| Name        | Type   | Required | Description               |
-| ----------- | ------ | -------- | ------------------------- |
-| `sessionId` | string | ✅        | The session ID to destroy |
-##### Returns:
-`Promise<void>`
-##### Example:
-```js
-await auth.session.destroy(sessionId);
-console.log("Session destroyed");
-```
-
-### Notes & Best Practices
- - **Memory** storage is fast but not persistent across server restarts. Use **Redis** in production.
- - Always verify session before allowing access to protected routes.
- - Optionally, combine with JWT or OTP for multi-layered authentication.
- - Use `expiresIn` wisely — shorter times improve security but may require more frequent re-login.
-
----
-
 ## 🔐 CryptoManager API Guide
 It supports both **PBKDF2** and **scrypt** algorithms for password or data hashing.
 
@@ -1829,7 +1769,6 @@ auth-verify/
 │  ├─ totp/
 |  |  ├─ index.js
 |  |  ├─ base32.js
-│  ├─ /session/index.js
 |  ├─ /oauth/index.js
 │  └─ helpers/helper.js
 ├─ rest-api/

package/src/magiclink/index.js

@@ -1,6 +1,10 @@
 const jwt = require('jsonwebtoken');
 const nodemailer = require('nodemailer');
 const Redis = require('ioredis');
+const sgMail = require('@sendgrid/mail');
+const formData = require('form-data');
+const Mailgun = require('mailgun.js');
+const { Resend } = require('resend');
 
 class MagicLinkManager {
   constructor(config = {}) {
@@ -40,10 +44,114 @@ class MagicLinkManager {
         ? mailOption.html.replace(/{{\s*link\s*}}/gi, link)
         : `<p>Click to login: <a href="${link}">${link}</a></p>`;
 
+      if(this.senderConfig.apiService === "sendgrid" && this.senderConfig.service === 'api'){
+        sgMail.setApiKey(this.senderConfig.apiKey)
+
+        const apiMail = {
+          to: email,
+          from: this.senderConfig.sender,
+          subject: mailOption.subject || 'Your Magic Login Link ✨',
+          html: letterHtml
+        };
+
+        try{
+          const info = await sgMail.send(apiMail)
+          this.recieverConfig = mailOption
+          // return info
+
+          let timeVal = 5 * 60 * 1000;
+          if (typeof this.expiresIn === 'string') {
+            if (this.expiresIn.endsWith('m')) timeVal = parseInt(this.expiresIn) * 60 * 1000;
+            else if (this.expiresIn.endsWith('s')) timeVal = parseInt(this.expiresIn) * 1000;
+          } else if (typeof this.expiresIn === 'number') timeVal = this.expiresIn * 1000;
+
+          if (this.storeType === 'memory') {
+            this.tokenStore.set(email, token);
+            setTimeout(() => this.tokenStore.delete(email), timeVal);
+          } else if (this.storeType === 'redis') {
+            await this.redis.set(email, token, 'PX', timeVal);
+          }
+
+          return { token, link };
+        }catch(err){
+          throw new Error(err.response?.body || err.message)
+        }
+      }else if(this.senderConfig.apiService === "mailgun" && this.senderConfig.service === "api"){
+        const mg = new Mailgun(formData).client({
+          username: 'api',
+          key: this.senderConfig.apiKey,
+        });
+
+        const apiMail = {
+          to: email,
+          from: this.senderConfig.sender,
+          subject: mailOption.subject || 'Your Magic Login Link ✨',
+          html: letterHtml
+        };
+
+        try{
+          const info = await mg.messages.create(this.senderConfig.domain, apiMail)
+          this.recieverConfig = mailOption
+          // return info
+
+          let timeVal = 5 * 60 * 1000;
+          if (typeof this.expiresIn === 'string') {
+            if (this.expiresIn.endsWith('m')) timeVal = parseInt(this.expiresIn) * 60 * 1000;
+            else if (this.expiresIn.endsWith('s')) timeVal = parseInt(this.expiresIn) * 1000;
+          } else if (typeof this.expiresIn === 'number') timeVal = this.expiresIn * 1000;
+
+          if (this.storeType === 'memory') {
+            this.tokenStore.set(email, token);
+            setTimeout(() => this.tokenStore.delete(email), timeVal);
+          } else if (this.storeType === 'redis') {
+            await this.redis.set(email, token, 'PX', timeVal);
+          }
+
+          return { token, link };
+        }catch(err){
+          throw new Error(err.response?.body || err.message)
+        }
+        
+      }else if(this.senderConfig.apiService === "resend" && this.senderConfig.service === 'api'){
+        const resend = new Resend(this.senderConfig.apiKey);
+
+        const apiMail = {
+          to: email,
+          from: this.senderConfig.sender,
+          subject: mailOption.subject || 'Your Magic Login Link ✨',
+          html: letterHtml
+        };
+
+        try {
+          const info = await resend.emails.send(apiMail);
+          this.recieverConfig = mailOption;
+          // return info;
+
+          let timeVal = 5 * 60 * 1000;
+          if (typeof this.expiresIn === 'string') {
+            if (this.expiresIn.endsWith('m')) timeVal = parseInt(this.expiresIn) * 60 * 1000;
+            else if (this.expiresIn.endsWith('s')) timeVal = parseInt(this.expiresIn) * 1000;
+          } else if (typeof this.expiresIn === 'number') timeVal = this.expiresIn * 1000;
+
+          if (this.storeType === 'memory') {
+            this.tokenStore.set(email, token);
+            setTimeout(() => this.tokenStore.delete(email), timeVal);
+          } else if (this.storeType === 'redis') {
+            await this.redis.set(email, token, 'PX', timeVal);
+          }
+
+          return { token, link };
+        } catch(err) {
+          throw new Error(err.response?.body || err.message);
+        }
+      }
+
       let transporter;
       if (this.senderConfig.service === 'gmail') {
         transporter = nodemailer.createTransport({
-          service: 'gmail',
+          host: 'smtp.gmail.com',
+          port: this.senderConfig.port || 587,
+          secure: this.senderConfig.secure || false,
           auth: { user: this.senderConfig.sender, pass: this.senderConfig.pass },
           pool: true,
           maxConnections: 3,
@@ -92,7 +200,9 @@ class MagicLinkManager {
     const verifyProcess = async () => {
       try {
         const decoded = jwt.verify(token, this.secret);
-        // console.log(decoded);
+        // console.log("Decoded",decoded);
+        // console.log("Token", token);
+        // console.log("Secret", this.secret);
         const email = decoded.email;
 
         let stored;
@@ -107,7 +217,7 @@ class MagicLinkManager {
 
         return { success: true, user: decoded };
       } catch (err) {
-        throw new Error('Invalid or expired magic link');
+        throw new Error(`Invalid or expired magic link: ${err}`);
       }
     };
 
@@ -117,4 +227,4 @@ class MagicLinkManager {
   }
 }
 
-module.exports = MagicLinkManager;
+module.exports = MagicLinkManager;

package/src/otp/index.js

@@ -6,7 +6,7 @@ const sgMail = require('@sendgrid/mail')
 const formData = require('form-data');
 const Mailgun = require('mailgun.js');
 const { Resend } = require('resend');
-const mail = require('@sendgrid/mail');
+// const mail = require('@sendgrid/mail');
 
 class OTPManager {
     constructor(otpOptions = {}){

package/src/session/index.js

@@ -1,83 +0,0 @@
-const Redis = require("ioredis");
-const { v4: uuidv4 } = require("uuid");
-
-class SessionManager {
-    constructor(options = {}) {
-        this.storeType = options.storeTokens || 'memory'; // 'memory' or 'redis'
-
-        if (this.storeType === 'memory') {
-            this.sessions = new Map();
-        } else if (this.storeType === 'redis') {
-            this.redis = new Redis(options.redisUrl || "redis://localhost:6379");
-        }else if(this.storeType === 'none'){
-            return;
-        } else {
-            throw new Error("{storeTokens} should be 'memory' or 'redis'");
-        }
-    }
-
-    // Create a session
-    async create(userId, options = {}) {
-        const sessionId = uuidv4();
-        const expiresIn = options.expiresIn || 3600; // default 1 hour
-        if (typeof expiresIn === "string") {
-        const timeValue = parseInt(expiresIn);
-            if (expiresIn.endsWith("s")) expiresIn = timeValue;
-            else if (expiresIn.endsWith("m")) expiresIn = timeValue * 60;
-            else if (expiresIn.endsWith("h")) expiresIn = timeValue * 60 * 60;
-            else if (expiresIn.endsWith("d")) expiresIn = timeValue * 60 * 60 * 24;
-            else throw new Error("Invalid expiresIn format (use s, m, h, d)");
-        }
-        const now = Date.now();
-
-        const sessionData = {
-            userId,
-            createdAt: now,
-            expiresAt: now + expiresIn * 1000
-        };
-
-        if (this.storeType === 'memory') {
-            this.sessions.set(sessionId, sessionData);
-        } else if (this.storeType === 'redis') {
-            await this.redis.set(
-                sessionId,
-                JSON.stringify(sessionData),
-                "EX",
-                expiresIn
-            );
-        }
-
-        return sessionId;
-    }
-
-    // Verify a session
-    async verify(sessionId) {
-        let data;
-        if (this.storeType === 'memory') {
-            data = this.sessions.get(sessionId);
-        } else if (this.storeType === 'redis') {
-            const raw = await this.redis.get(sessionId);
-            data = raw ? JSON.parse(raw) : null;
-        }
-
-        if (!data) throw new Error("Session not found or expired");
-
-        if (Date.now() > data.expiresAt) {
-            await this.destroy(sessionId);
-            throw new Error("Session expired");
-        }
-
-        return data.userId;
-    }
-
-    // Destroy a session
-    async destroy(sessionId) {
-        if (this.storeType === 'memory') {
-            this.sessions.delete(sessionId);
-        } else if (this.storeType === 'redis') {
-            await this.redis.del(sessionId);
-        }
-    }
-}
-
-module.exports = SessionManager;