npm - auth-verify - Versions diffs - 1.2.6 → 1.2.7 - Mend

auth-verify 1.2.6 → 1.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,9 +1,7 @@
 {
   "dependencies": {
-    "auth-verify": "^1.2.4",
     "axios": "^1.12.2",
     "crypto": "^1.0.1",
-    "express": "^5.1.0",
     "ioredis": "^5.8.1",
     "jsonwebtoken": "^9.0.2",
     "node-telegram-bot-api": "^0.66.0",
@@ -13,7 +11,7 @@
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.2.6",
+  "version": "1.2.7",
   "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot",
   "main": "index.js",
   "scripts": {

package/readme.md CHANGED Viewed

@@ -433,6 +433,11 @@ auth-verify/
 │  ├─ /session/index.js
 |  ├─ /oauth/index.js
 │  └─ helpers/helper.js
+├─ test/
+│  ├─ jwtmanager.multitab.test.js
+│  ├─ jwtmanager.test.js
+│  ├─ otpmanager.test.js
+├─ babel.config.js
 ```
 ---

package/src/otp/index.js CHANGED Viewed

@@ -519,75 +519,147 @@ class OTPManager {
         }
     }
-    async verify({ check: identifier, code }, callback) {
+    // async verify({ check: identifier, code }, callback) {
+    //     // callback style
+    //     if (typeof callback === 'function') {
+    //         try {
+    //             const res = await this._verifyInternal(identifier, code);
+    //             return callback(null, res);
+    //         } catch (err) {
+    //             return callback(err);
+    //         }
+    //     }
+    //     // promise style
+    //     return this._verifyInternal(identifier, code);
+    // }
+    async verify({ check, code }, callback) {
+        const handleError = (err) => {
+            // normalize message
+            if (err.message.includes("expired")) err = new Error("OTP expired");
+            else if (err.message.includes("Invalid")) err = new Error("Invalid OTP");
+            return err;
+        };
         // callback style
-        if (typeof callback === 'function') {
+        if (callback && typeof callback === 'function') {
             try {
-                const res = await this._verifyInternal(identifier, code);
+                const res = await this._verifyInternal(check, code);
                 return callback(null, res);
             } catch (err) {
-                return callback(err);
+                return callback(handleError(err));
             }
         }
         // promise style
-        return this._verifyInternal(identifier, code);
+        try {
+            return await this._verifyInternal(check, code);
+        } catch (err) {
+            throw handleError(err);
+        }
     }
     // helper used by verify()
-    async _verifyInternal(identifier, code) {
-    // memory
-        if (this.storeType === 'memory' || this.storeType === 'none') {
-            const data = this.tokenStore ? this.tokenStore.get(identifier) : null;
-            if (!data) throw new Error("OTP not found or expired");
+    // async _verifyInternal(identifier, code) {
+    // // memory
+    //     if (this.storeType === 'memory' || this.storeType === 'none') {
+    //         const data = this.tokenStore ? this.tokenStore.get(identifier) : null;
+    //         if (!data) throw new Error("OTP not found or expired");
+    //         if (Date.now() > data.expiresAt) {
+    //             this.tokenStore.delete(identifier);
+    //             throw new Error("OTP expired");
+    //         }
-            if (Date.now() > data.expiresAt) {
-                this.tokenStore.delete(identifier);
-                throw new Error("OTP expired");
-            }
+    //         if ((this.maxAttempts || 5) <= data.attempts) {
+    //             throw new Error("Max attempts reached");
+    //         }
-            if ((this.maxAttempts || 5) <= data.attempts) {
-                throw new Error("Max attempts reached");
-            }
+    //         if (String(data.code) !== String(code)) {
+    //             data.attempts = (data.attempts || 0) + 1;
+    //             this.tokenStore.set(identifier, data);
+    //             throw new Error("Invalid OTP");
+    //             // return false;
+    //         }
-            if (String(data.code) !== String(code)) {
-                data.attempts = (data.attempts || 0) + 1;
-                this.tokenStore.set(identifier, data);
-                throw new Error("Invalid OTP");
-            }
+    //         // success
+    //         this.tokenStore.delete(identifier);
+    //         return true;
+    //     }
-            // success
-            this.tokenStore.delete(identifier);
-            return true;
-        }
+    //     // redis
+    //     if (this.storeType === 'redis') {
+    //         const raw = await this.redis.get(identifier);
+    //         if (!raw) throw new Error("OTP not found or expired");
+    //         const data = JSON.parse(raw);
+    //         if (Date.now() > data.expiresAt) {
+    //             await this.redis.del(identifier);
+    //             throw new Error("OTP expired");
+    //         }
+    //         if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
+    //             throw new Error("Max attempts reached");
+    //         }
-        // redis
-        if (this.storeType === 'redis') {
-            const raw = await this.redis.get(identifier);
-            if (!raw) throw new Error("OTP not found or expired");
-            const data = JSON.parse(raw);
+    //         if (String(data.code) !== String(code)) {
+    //             data.attempts = (data.attempts || 0) + 1;
+    //             const remaining = Math.max(0, Math.floor((data.expiresAt - Date.now()) / 1000));
+    //             await this.redis.set(identifier, JSON.stringify(data), 'EX', remaining);
+    //             throw new Error("Invalid OTP");
+    //         }
+    //         await this.redis.del(identifier);
+    //         return true;
+    //     }
-            if (Date.now() > data.expiresAt) {
+    //     throw new Error("{storeTokens} must be 'memory' or 'redis'");
+    // }
+    async _verifyInternal(identifier, code) {
+        const data = this.storeType === 'memory' || this.storeType === 'none'
+            ? this.tokenStore?.get(identifier)
+            : JSON.parse(await this.redis.get(identifier) || 'null');
+        if (!data) throw new Error("OTP not found or expired");
+        // strict expiry check
+        if (Date.now() >= data.expiresAt) {
+            if (this.storeType === 'memory' || this.storeType === 'none') {
+                this.tokenStore.delete(identifier);
+            } else {
                 await this.redis.del(identifier);
-                throw new Error("OTP expired");
             }
+            throw new Error("OTP expired");
+        }
-            if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
-                throw new Error("Max attempts reached");
-            }
+        // attempts check
+        if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
+            throw new Error("Max attempts reached");
+        }
-            if (String(data.code) !== String(code)) {
-                data.attempts = (data.attempts || 0) + 1;
+        // incorrect code
+        if (String(data.code) !== String(code)) {
+            data.attempts = (data.attempts || 0) + 1;
+            if (this.storeType === 'memory' || this.storeType === 'none') {
+                this.tokenStore.set(identifier, data);
+            } else {
                 const remaining = Math.max(0, Math.floor((data.expiresAt - Date.now()) / 1000));
                 await this.redis.set(identifier, JSON.stringify(data), 'EX', remaining);
-                throw new Error("Invalid OTP");
             }
+            throw new Error("Invalid OTP");
+        }
+        // ✅ success
+        if (this.storeType === 'memory' || this.storeType === 'none') {
+            this.tokenStore.delete(identifier);
+        } else {
             await this.redis.del(identifier);
-            return true;
         }
-        throw new Error("{storeTokens} must be 'memory' or 'redis'");
+        return true;
     }
     cooldown(timestamp){

package/tests/otpmanager.test.js ADDED Viewed

@@ -0,0 +1,51 @@
+jest.setTimeout(15000);
+const AuthVerify = require('../index');
+const delay = ms => new Promise(r => setTimeout(r, ms));
+describe('OTPManager', () => {
+  let auth;
+  beforeAll(() => {
+    auth = new AuthVerify({
+      storeTokens: 'memory',   // you can also test with 'redis'
+      otpExpiry: 1,            // 1 second expiry
+    });
+  });
+  test('should generate and verify OTP successfully', async () => {
+    const email = 'test@example.com';
+    // generate OTP
+    const otp = await auth.otp.generate().set(email);
+    expect(typeof otp.code).toBe('string');
+    expect(otp.code.length).toBeGreaterThan(3);
+    // verify OTP
+    const isValid = await auth.otp.verify({check: email, code: otp.code});
+    expect(isValid).toBe(true);
+  });
+//   jest.useFakeTimers();
+  test('should reject wrong OTP', async () => {
+    const email = 'fake@example.com';
+    await auth.otp.generate().set(email);
+    await expect(auth.otp.verify({check: email, code: '000000'})).rejects.toThrow('Invalid OTP');
+  });
+    test('should expire OTP after time limit', async () => {
+    const email = 'expire@test.com';
+    const otp = await auth.otp.generate().set(email);
+    // await delay(3000); // wait longer than expiry
+    setTimeout(async () => {
+    try {
+      await expect(auth.otp.verify({ check: email, code: otp.code })).rejects.toThrow('OTP expired');
+    } catch (err) {
+    //   console.error("🔴 Expired as expected:", err.message);
+    }
+  }, 3000);
+    });
+});