auth-verify 1.2.6 → 1.3.0

package/index.js

@@ -9,9 +9,10 @@ class AuthVerify {
       jwtSecret = "jwt_secret",
       cookieName = "jwt_token",
       otpExpiry = 300,
-      storeTokens = "none",
+      storeTokens = "memory",
       otpHash = "sha256",
       redisUrl,
+      useAlg
     } = options;
 
     // ✅ Ensure cookieName and secret always exist
@@ -22,6 +23,7 @@ class AuthVerify {
     this.jwt = new JWTManager(jwtSecret, {
       storeTokens,
       cookieName,
+      useAlg
     });
 
     this.otp = new OTPManager({

package/package.json

@@ -1,9 +1,7 @@
 {
   "dependencies": {
-    "auth-verify": "^1.2.4",
     "axios": "^1.12.2",
     "crypto": "^1.0.1",
-    "express": "^5.1.0",
     "ioredis": "^5.8.1",
     "jsonwebtoken": "^9.0.2",
     "node-telegram-bot-api": "^0.66.0",
@@ -13,8 +11,8 @@
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.2.6",
-  "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot",
+  "version": "1.3.0",
+  "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And handling JWT with Cookies",
   "main": "index.js",
   "scripts": {
     "test": "jest --runInBand"
@@ -41,7 +39,9 @@
     "jwt",
     "oauth",
     "redis",
-    "cookie"
+    "cookie",
+    "jwa",
+    "jsonwebtoken"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",

package/readme.md

@@ -48,6 +48,20 @@ const auth = new AuthVerify({
 
 ## 🔐 JWT Usage
 
+### JWA Handling (New in v1.3.0) 
+
+You can choose json web algorithm for signing jwt
+```js
+const AuthVerify = require('auth-verify');
+const auth = new AuthVerify({ useAlg: 'HS512' }); // or 'HS256'
+
+(async ()=>{
+  const token = await auth.jwt.sign({userId: 123}, '30m');
+  console.log('token', token);
+})();
+```
+
+
 ```js
 // create JWT
 const token = await auth.jwt.sign({ userId: 123 }, '1h'); // expiry string or number (ms) (and also you can add '1m' (minute), '5s' (second) and '7d' (day)) 
@@ -202,7 +216,7 @@ auth.otp.verify({ check: 'user@example.com', code: '123456' }, (err, isValid)=>{
 `resend` returns the new code (promise style) or calls callback.
 
 ---
-## 🌍 OAuth 2.0 Integration (New in v1.2.0)
+## 🌍 OAuth 2.0 Integration (v1.2.0+)
 `auth.oauth` supports login via Google, Facebook, GitHub, X (Twitter) and Linkedin.
 ### Example (Google Login with Express)
 ```js
@@ -368,7 +382,7 @@ auth.register.sender('consoleOtp', async ({ to, code }) => {
 });
 
 // use it later (chainable)
-await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5) });
+await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5).code });
 ```
 
 ---
@@ -433,6 +447,12 @@ auth-verify/
 │  ├─ /session/index.js
 |  ├─ /oauth/index.js
 │  └─ helpers/helper.js
+├─ test/
+│  ├─ jwa.test.js
+│  ├─ jwtmanager.multitab.test.js
+│  ├─ jwtmanager.test.js
+│  ├─ otpmanager.test.js
+├─ babel.config.js
 ```
 
 ---

package/src/jwt/index.js

@@ -251,7 +251,8 @@ class JWTManager {
         // if (!secret) throw new Error("JWT secret is required");
         this.secret = secret || "jwt_secret";
         this.cookieName = options.cookieName || "jwt_token";
-        this.storeType = options.storeTokens || "none";
+        this.storeType = options.storeTokens || "memory";
+        this.jwtAlgorithm = options.useAlg || "HS256";
 
         if (this.storeType === "memory") {
             this.tokenStore = new Map();
@@ -290,8 +291,9 @@ class JWTManager {
 
         const createToken = () =>
             new Promise((resolve, reject) => {
-                jwt.sign(payload, this.secret, { expiresIn: expiryJwt }, (err, token) => {
+                jwt.sign(payload, this.secret, { expiresIn: expiryJwt, algorithm: this.jwtAlgorithm}, (err, token) => {
                     if (err) return reject(err);
+                    // console.log(this.jwtAlgorithm);
                     resolve(token);
                 });
             });

package/src/otp/index.js

@@ -519,75 +519,147 @@ class OTPManager {
         }
     }
 
-    async verify({ check: identifier, code }, callback) {
+    // async verify({ check: identifier, code }, callback) {
+    //     // callback style
+    //     if (typeof callback === 'function') {
+    //         try {
+    //             const res = await this._verifyInternal(identifier, code);
+    //             return callback(null, res);
+    //         } catch (err) {
+    //             return callback(err);
+    //         }
+    //     }
+
+    //     // promise style
+    //     return this._verifyInternal(identifier, code);
+    // }
+
+    async verify({ check, code }, callback) {
+        const handleError = (err) => {
+            // normalize message
+            if (err.message.includes("expired")) err = new Error("OTP expired");
+            else if (err.message.includes("Invalid")) err = new Error("Invalid OTP");
+            return err;
+        };
+
         // callback style
-        if (typeof callback === 'function') {
+        if (callback && typeof callback === 'function') {
             try {
-                const res = await this._verifyInternal(identifier, code);
+                const res = await this._verifyInternal(check, code);
                 return callback(null, res);
             } catch (err) {
-                return callback(err);
+                return callback(handleError(err));
             }
         }
 
         // promise style
-        return this._verifyInternal(identifier, code);
+        try {
+            return await this._verifyInternal(check, code);
+        } catch (err) {
+            throw handleError(err);
+        }
     }
 
+
     // helper used by verify()
-    async _verifyInternal(identifier, code) {
-    // memory
-        if (this.storeType === 'memory' || this.storeType === 'none') {
-            const data = this.tokenStore ? this.tokenStore.get(identifier) : null;
-            if (!data) throw new Error("OTP not found or expired");
+    // async _verifyInternal(identifier, code) {
+    // // memory
+    //     if (this.storeType === 'memory' || this.storeType === 'none') {
+    //         const data = this.tokenStore ? this.tokenStore.get(identifier) : null;
+    //         if (!data) throw new Error("OTP not found or expired");
+
+    //         if (Date.now() > data.expiresAt) {
+    //             this.tokenStore.delete(identifier);
+    //             throw new Error("OTP expired");
+    //         }
 
-            if (Date.now() > data.expiresAt) {
-                this.tokenStore.delete(identifier);
-                throw new Error("OTP expired");
-            }
+    //         if ((this.maxAttempts || 5) <= data.attempts) {
+    //             throw new Error("Max attempts reached");
+    //         }
 
-            if ((this.maxAttempts || 5) <= data.attempts) {
-                throw new Error("Max attempts reached");
-            }
+    //         if (String(data.code) !== String(code)) {
+    //             data.attempts = (data.attempts || 0) + 1;
+    //             this.tokenStore.set(identifier, data);
+    //             throw new Error("Invalid OTP");
+    //             // return false;
+    //         }
 
-            if (String(data.code) !== String(code)) {
-                data.attempts = (data.attempts || 0) + 1;
-                this.tokenStore.set(identifier, data);
-                throw new Error("Invalid OTP");
-            }
+    //         // success
+    //         this.tokenStore.delete(identifier);
+    //         return true;
+    //     }
 
-            // success
-            this.tokenStore.delete(identifier);
-            return true;
-        }
+    //     // redis
+    //     if (this.storeType === 'redis') {
+    //         const raw = await this.redis.get(identifier);
+    //         if (!raw) throw new Error("OTP not found or expired");
+    //         const data = JSON.parse(raw);
+
+    //         if (Date.now() > data.expiresAt) {
+    //             await this.redis.del(identifier);
+    //             throw new Error("OTP expired");
+    //         }
+
+    //         if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
+    //             throw new Error("Max attempts reached");
+    //         }
 
-        // redis
-        if (this.storeType === 'redis') {
-            const raw = await this.redis.get(identifier);
-            if (!raw) throw new Error("OTP not found or expired");
-            const data = JSON.parse(raw);
+    //         if (String(data.code) !== String(code)) {
+    //             data.attempts = (data.attempts || 0) + 1;
+    //             const remaining = Math.max(0, Math.floor((data.expiresAt - Date.now()) / 1000));
+    //             await this.redis.set(identifier, JSON.stringify(data), 'EX', remaining);
+    //             throw new Error("Invalid OTP");
+    //         }
+
+    //         await this.redis.del(identifier);
+    //         return true;
+    //     }
 
-            if (Date.now() > data.expiresAt) {
+    //     throw new Error("{storeTokens} must be 'memory' or 'redis'");
+    // }
+
+    async _verifyInternal(identifier, code) {
+        const data = this.storeType === 'memory' || this.storeType === 'none'
+            ? this.tokenStore?.get(identifier)
+            : JSON.parse(await this.redis.get(identifier) || 'null');
+
+        if (!data) throw new Error("OTP not found or expired");
+
+        // strict expiry check
+        if (Date.now() >= data.expiresAt) {
+            if (this.storeType === 'memory' || this.storeType === 'none') {
+                this.tokenStore.delete(identifier);
+            } else {
                 await this.redis.del(identifier);
-                throw new Error("OTP expired");
             }
+            throw new Error("OTP expired");
+        }
 
-            if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
-                throw new Error("Max attempts reached");
-            }
+        // attempts check
+        if ((this.maxAttempts || 5) <= (data.attempts || 0)) {
+            throw new Error("Max attempts reached");
+        }
 
-            if (String(data.code) !== String(code)) {
-                data.attempts = (data.attempts || 0) + 1;
+        // incorrect code
+        if (String(data.code) !== String(code)) {
+            data.attempts = (data.attempts || 0) + 1;
+            if (this.storeType === 'memory' || this.storeType === 'none') {
+                this.tokenStore.set(identifier, data);
+            } else {
                 const remaining = Math.max(0, Math.floor((data.expiresAt - Date.now()) / 1000));
                 await this.redis.set(identifier, JSON.stringify(data), 'EX', remaining);
-                throw new Error("Invalid OTP");
             }
+            throw new Error("Invalid OTP");
+        }
 
+        // ✅ success
+        if (this.storeType === 'memory' || this.storeType === 'none') {
+            this.tokenStore.delete(identifier);
+        } else {
             await this.redis.del(identifier);
-            return true;
         }
 
-        throw new Error("{storeTokens} must be 'memory' or 'redis'");
+        return true;
     }
 
     cooldown(timestamp){

package/tests/jwa.test.js

@@ -0,0 +1,45 @@
+const AuthVerify = require('../index');
+
+describe('JWA / JWT tests', () => {
+
+  let auth;
+  
+  beforeAll(() => {
+    auth = new AuthVerify({
+      useAlg: 'HS512'
+    });
+  });
+
+  test('should sign token with HS512', async () => {
+    const token = await auth.jwt.sign({ id: 1 }, '1h');
+    
+    expect(typeof token).toBe('string');
+    
+    // decode headers — NOT verify
+    const parts = token.split('.');
+    const header = JSON.parse(Buffer.from(parts[0], 'base64url').toString());
+
+    expect(header.alg).toBe('HS512');
+  });
+
+  test('should verify token payload', async () => {
+    const token = await auth.jwt.sign({ id: 123 }, '1h');
+    
+    const payload = await auth.jwt.verify(token);
+
+    expect(payload.id).toBe(123);
+  });
+
+  test('should reject tampered token', async () => {
+    const token = await auth.jwt.sign({ id: 1 }, '1h');
+
+    // break signature
+    const parts = token.split('.');
+    const bad = parts[0] + '.' + parts[1] + '.xxxx';
+
+    await expect(auth.jwt.verify(bad))
+      .rejects
+      .toThrow();
+  });
+
+});

package/tests/jwtmanager.test.js

@@ -7,7 +7,7 @@ describe('JWTManager', () => {
   let auth;
 
   beforeAll(() => {
-    auth = new AuthVerify({jwtSecret: 'test_secret', storeTokens: 'memory'});
+    auth = new AuthVerify({jwtSecret: 'test_secret', storeTokens: 'memory', useAlg: "HS512"});
   });
 
   test('should sign and verify a JWT', async () => {

package/tests/otpmanager.test.js

@@ -0,0 +1,51 @@
+jest.setTimeout(15000);
+
+const AuthVerify = require('../index');
+const delay = ms => new Promise(r => setTimeout(r, ms));
+
+describe('OTPManager', () => {
+  let auth;
+
+  beforeAll(() => {
+    auth = new AuthVerify({
+      storeTokens: 'memory',   // you can also test with 'redis'
+      otpExpiry: 1,            // 1 second expiry
+    });
+  });
+
+  test('should generate and verify OTP successfully', async () => {
+    const email = 'test@example.com';
+    
+    // generate OTP
+    const otp = await auth.otp.generate().set(email);
+    expect(typeof otp.code).toBe('string');
+    expect(otp.code.length).toBeGreaterThan(3);
+
+    // verify OTP
+    const isValid = await auth.otp.verify({check: email, code: otp.code});
+    expect(isValid).toBe(true);
+  });
+
+//   jest.useFakeTimers();
+
+  test('should reject wrong OTP', async () => {
+    const email = 'fake@example.com';
+    await auth.otp.generate().set(email);
+    await expect(auth.otp.verify({check: email, code: '000000'})).rejects.toThrow('Invalid OTP');
+  });
+
+    test('should expire OTP after time limit', async () => {
+    const email = 'expire@test.com';
+    const otp = await auth.otp.generate().set(email);
+
+    // await delay(3000); // wait longer than expiry
+
+    setTimeout(async () => {
+    try {
+      await expect(auth.otp.verify({ check: email, code: otp.code })).rejects.toThrow('OTP expired');
+    } catch (err) {
+    //   console.error("🔴 Expired as expected:", err.message);
+    }
+  }, 3000);
+    });
+});