npm - auth-verify - Versions diffs - 1.8.0 → 1.10.0 - Mend

auth-verify 1.8.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/auth-verify.client.js +193 -0
package/index.js +7 -2
package/package.json +5 -2
package/readme.md +1212 -793
package/src/crypto/index.js +64 -0
package/src/jwt/index.js +16 -0
package/src/oauth/index.js +204 -0
package/src/otp/index.js +84 -54
package/tests/cryptomanager.test.js +77 -0
package/tests/jwtmanager.test.js +29 -2
package/authverify.client.js +0 -174

package/auth-verify.client.js ADDED Viewed

@@ -0,0 +1,193 @@
+window.AuthVerify = class AuthVerify {
+    constructor(options = {}){
+        this.apiBase = options.apiBase || 'http://localhost:3000';
+        this.qrContainer = options.qrEl || null;
+    }
+    // Fetch QR code from backend and display
+    post(url){
+        this.fetchPostUrl = url;
+        return this;
+    }
+    get(url){
+        this.fetchGetUrl = url;
+        return this;
+    }
+    async qr() {
+        if (!this.qrContainer) return;
+        try {
+        const res = await fetch(`${this.apiBase}${this.fetchGetUrl}`);
+        const data = await res.json();
+        if (data.qr) {
+            this.qrContainer.src = data.qr;
+        } else {
+            this.showResponse('No QR received');
+        }
+        } catch (err) {
+        console.error(err);
+        this.showResponse('Error fetching QR');
+        }
+    }
+    showResponse(msg){
+        console.log("[AuthVerify]", msg);
+    }
+    async data(payload){
+        try {
+            const res = await fetch(`${this.apiBase}${this.fetchPostUrl}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(payload)
+            });
+            const data = await res.json();
+            // if backend returned jwt we store it but still return whole data
+            if (data.token) {
+            this.jwt = data.token;
+            }
+            return data;
+        } catch(err){
+            console.error(err);
+            return { error: true, message: err.message };
+        }
+    }
+    header(){
+        if(!this.jwt) return {};
+        return {
+            Authorization: `Bearer ${this.jwt}`
+        };
+    }
+    async verify(code){
+        return this.data({code});
+    }
+      // -----------------------------
+  // Helper: decode Base64URL to Uint8Array
+  // -----------------------------
+  base64urlToUint8Array(base64url) {
+    if (!base64url) throw new Error("Missing Base64URL data");
+    let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
+    while (base64.length % 4) base64 += '=';
+    const str = atob(base64);
+    return new Uint8Array([...str].map(c => c.charCodeAt(0)));
+  }
+  // start(route){
+  //   this.startRegisterApi = route;
+  //   return this;
+  // }
+  // finish(route){
+  //   this.finishRegisterApi = route;
+  //   return this;
+  // }
+//   // -----------------------------
+//   // REGISTER PASSKEY (full flow)
+//   // -----------------------------
+//   async registerPasskey(user) {
+//     try {
+//       // 1️⃣ Get registration options from backend
+//       const publicKey = await this.post(`${this.startRegisterApi}`).data({user});
+//       // 2️⃣ Decode challenge & user.id automatically
+//       publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
+//       publicKey.user.id = this.base64urlToUint8Array(publicKey.user.id);
+//       // 3️⃣ Ask browser to create credential
+//       const credential = await navigator.credentials.create({ publicKey });
+//       // 4️⃣ Convert ArrayBuffers to base64
+//       const data = {
+//         id: credential.id,
+//         rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+//         type: credential.type,
+//         response: {
+//           clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
+//           attestationObject: btoa(String.fromCharCode(...new Uint8Array(credential.response.attestationObject))),
+//         },
+//       };
+//       // 5️⃣ Send credential to backend to finish registration
+//       const result = await this.post(`${this.finishRegisterApi}`).data(data);
+//       return result;
+//     } catch (err) {
+//       console.error("[AuthVerify registerPasskey]", err);
+//       return { error: true, message: err.message };
+//     }
+//   }
+//   // -----------------------------
+// // LOGIN / AUTHENTICATE PASSKEY
+// // -----------------------------
+// async loginPasskey(user) {
+//         try {
+//             // 1️⃣ Get assertion options (challenge) from backend
+//             const publicKey = await this.post(`${this.startRegisterApi}`).data({ user, login: true });
+//             // 2️⃣ Decode Base64URL fields
+//             publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
+//             publicKey.allowCredentials = publicKey.allowCredentials.map(cred => ({
+//             ...cred,
+//             id: this.base64urlToUint8Array(cred.id)
+//             }));
+//             // 3️⃣ Ask browser to get credential
+//             const credential = await navigator.credentials.get({ publicKey });
+//             // 4️⃣ Convert ArrayBuffers to Base64
+//             const data = {
+//             id: credential.id,
+//             rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+//             type: credential.type,
+//             response: {
+//                 clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
+//                 authenticatorData: btoa(String.fromCharCode(...new Uint8Array(credential.response.authenticatorData))),
+//                 signature: btoa(String.fromCharCode(...new Uint8Array(credential.response.signature))),
+//                 userHandle: credential.response.userHandle
+//                 ? btoa(String.fromCharCode(...new Uint8Array(credential.response.userHandle)))
+//                 : null,
+//             },
+//             };
+//             // 5️⃣ Send assertion to backend for verification
+//             const result = await this.post(`${this.finishRegisterApi}`).data(data);
+//             return result;
+//         } catch (err) {
+//             console.error("[AuthVerify loginPasskey]", err);
+//             return { error: true, message: err.message };
+//         }
+//   }
+  async issue(publicKey){
+    publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
+    publicKey.user.id = this.base64urlToUint8Array(publicKey.user.id);
+    const credential = await navigator.credentials.create({ publicKey });
+    const data = {
+      id: credential.id,
+      rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+      type: credential.type,
+      response: {
+        clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
+        attestationObject: btoa(String.fromCharCode(...new Uint8Array(credential.response.attestationObject))),
+      },
+    };
+    return data;
+  }
+}

package/index.js CHANGED Viewed

@@ -5,6 +5,7 @@ const OAuthManager = require("./src/oauth");
 const TOTPManager = require("./src/totp");
 const PasskeyManager = require("./src/passkey");
 const MagicLinkManager = require("./src/magiclink");
+const CryptoManager = require("./src/crypto");
 class AuthVerify {
   constructor(options = {}) {
@@ -26,7 +27,10 @@ class AuthVerify {
       passExp = "2m",
       mlSecret = "ml_secret",
       mlExpiry = "5m",
-      appUrl = "https://yourapp.com"
+      appUrl = "https://yourapp.com",
+      hashAlg = "pbkdf2",
+      iterations = 100000,
+      keyLen = 64
     } = options;
     // ✅ Ensure cookieName and secret always exist
@@ -54,7 +58,8 @@ class AuthVerify {
     this.senders = new Map();
     this.passkey = new PasskeyManager({rpName, storeTokens, saveBy, passExp});
-    this.magic = new MagicLinkManager({mlSecret, mlExpiry, appUrl, storeTokens})
+    this.magic = new MagicLinkManager({mlSecret, mlExpiry, appUrl, storeTokens});
+    this.crypto = new CryptoManager({hashAlg, iterations, keyLen});
   }
   // --- Session helpers ---

package/package.json CHANGED Viewed

@@ -12,7 +12,7 @@
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.8.0",
+  "version": "1.10.0",
   "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And generating TOTP codes and QR codes. And handling JWT with Cookies. And also handling passwordless logins with passkeys/webauth. And handling magiclink passwordless logins",
   "main": "index.js",
   "scripts": {
@@ -48,7 +48,10 @@
     "signin",
     "webauthn",
     "passkey",
-    "passwordless"
+    "passwordless",
+    "magiclink",
+    "hash",
+    "password_hashing"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",