npm - auth-verify - Versions diffs - 1.2.7 → 1.3.0 - Mend

auth-verify 1.2.7 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/index.js CHANGED Viewed

@@ -9,9 +9,10 @@ class AuthVerify {
       jwtSecret = "jwt_secret",
       cookieName = "jwt_token",
       otpExpiry = 300,
-      storeTokens = "none",
+      storeTokens = "memory",
       otpHash = "sha256",
       redisUrl,
+      useAlg
     } = options;
     // ✅ Ensure cookieName and secret always exist
@@ -22,6 +23,7 @@ class AuthVerify {
     this.jwt = new JWTManager(jwtSecret, {
       storeTokens,
       cookieName,
+      useAlg
     });
     this.otp = new OTPManager({

package/package.json CHANGED Viewed

@@ -11,8 +11,8 @@
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.2.7",
-  "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot",
+  "version": "1.3.0",
+  "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And handling JWT with Cookies",
   "main": "index.js",
   "scripts": {
     "test": "jest --runInBand"
@@ -39,7 +39,9 @@
     "jwt",
     "oauth",
     "redis",
-    "cookie"
+    "cookie",
+    "jwa",
+    "jsonwebtoken"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",

package/readme.md CHANGED Viewed

@@ -48,6 +48,20 @@ const auth = new AuthVerify({
 ## 🔐 JWT Usage
+### JWA Handling (New in v1.3.0)
+You can choose json web algorithm for signing jwt
+```js
+const AuthVerify = require('auth-verify');
+const auth = new AuthVerify({ useAlg: 'HS512' }); // or 'HS256'
+(async ()=>{
+  const token = await auth.jwt.sign({userId: 123}, '30m');
+  console.log('token', token);
+})();
+```
 ```js
 // create JWT
 const token = await auth.jwt.sign({ userId: 123 }, '1h'); // expiry string or number (ms) (and also you can add '1m' (minute), '5s' (second) and '7d' (day))
@@ -202,7 +216,7 @@ auth.otp.verify({ check: 'user@example.com', code: '123456' }, (err, isValid)=>{
 `resend` returns the new code (promise style) or calls callback.
 ---
-## 🌍 OAuth 2.0 Integration (New in v1.2.0)
+## 🌍 OAuth 2.0 Integration (v1.2.0+)
 `auth.oauth` supports login via Google, Facebook, GitHub, X (Twitter) and Linkedin.
 ### Example (Google Login with Express)
 ```js
@@ -368,7 +382,7 @@ auth.register.sender('consoleOtp', async ({ to, code }) => {
 });
 // use it later (chainable)
-await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5) });
+await auth.use('consoleOtp').send({ to: '+998901234567', code: await auth.otp.generate(5).code });
 ```
 ---
@@ -434,6 +448,7 @@ auth-verify/
 |  ├─ /oauth/index.js
 │  └─ helpers/helper.js
 ├─ test/
+│  ├─ jwa.test.js
 │  ├─ jwtmanager.multitab.test.js
 │  ├─ jwtmanager.test.js
 │  ├─ otpmanager.test.js

package/src/jwt/index.js CHANGED Viewed

@@ -251,7 +251,8 @@ class JWTManager {
         // if (!secret) throw new Error("JWT secret is required");
         this.secret = secret || "jwt_secret";
         this.cookieName = options.cookieName || "jwt_token";
-        this.storeType = options.storeTokens || "none";
+        this.storeType = options.storeTokens || "memory";
+        this.jwtAlgorithm = options.useAlg || "HS256";
         if (this.storeType === "memory") {
             this.tokenStore = new Map();
@@ -290,8 +291,9 @@ class JWTManager {
         const createToken = () =>
             new Promise((resolve, reject) => {
-                jwt.sign(payload, this.secret, { expiresIn: expiryJwt }, (err, token) => {
+                jwt.sign(payload, this.secret, { expiresIn: expiryJwt, algorithm: this.jwtAlgorithm}, (err, token) => {
                     if (err) return reject(err);
+                    // console.log(this.jwtAlgorithm);
                     resolve(token);
                 });
             });

package/tests/jwa.test.js ADDED Viewed

@@ -0,0 +1,45 @@
+const AuthVerify = require('../index');
+describe('JWA / JWT tests', () => {
+  let auth;
+  beforeAll(() => {
+    auth = new AuthVerify({
+      useAlg: 'HS512'
+    });
+  });
+  test('should sign token with HS512', async () => {
+    const token = await auth.jwt.sign({ id: 1 }, '1h');
+    expect(typeof token).toBe('string');
+    // decode headers — NOT verify
+    const parts = token.split('.');
+    const header = JSON.parse(Buffer.from(parts[0], 'base64url').toString());
+    expect(header.alg).toBe('HS512');
+  });
+  test('should verify token payload', async () => {
+    const token = await auth.jwt.sign({ id: 123 }, '1h');
+    const payload = await auth.jwt.verify(token);
+    expect(payload.id).toBe(123);
+  });
+  test('should reject tampered token', async () => {
+    const token = await auth.jwt.sign({ id: 1 }, '1h');
+    // break signature
+    const parts = token.split('.');
+    const bad = parts[0] + '.' + parts[1] + '.xxxx';
+    await expect(auth.jwt.verify(bad))
+      .rejects
+      .toThrow();
+  });
+});

package/tests/jwtmanager.test.js CHANGED Viewed

@@ -7,7 +7,7 @@ describe('JWTManager', () => {
   let auth;
   beforeAll(() => {
-    auth = new AuthVerify({jwtSecret: 'test_secret', storeTokens: 'memory'});
+    auth = new AuthVerify({jwtSecret: 'test_secret', storeTokens: 'memory', useAlg: "HS512"});
   });
   test('should sign and verify a JWT', async () => {