auth-verify 1.9.0 → 1.11.0

package/auth-verify.client.js

@@ -0,0 +1,102 @@
+window.AuthVerify = class AuthVerify {
+    constructor(options = {}){
+        this.apiBase = options.apiBase || 'http://localhost:3000';
+        this.qrContainer = options.qrEl || null;
+    }
+
+    // Fetch QR code from backend and display
+    post(url){
+        this.fetchPostUrl = url;
+        return this;
+    }
+
+    get(url){
+        this.fetchGetUrl = url;
+        return this;
+    }
+
+    async qr() {
+        if (!this.qrContainer) return;
+        try {
+        const res = await fetch(`${this.apiBase}${this.fetchGetUrl}`);
+        const data = await res.json();
+        if (data.qr) {
+            this.qrContainer.src = data.qr;
+        } else {
+            this.showResponse('No QR received');
+        }
+        } catch (err) {
+        console.error(err);
+        this.showResponse('Error fetching QR');
+        }
+    }
+
+    showResponse(msg){
+        console.log("[AuthVerify]", msg);
+    }
+
+    async data(payload){
+        try {
+            const res = await fetch(`${this.apiBase}${this.fetchPostUrl}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(payload)
+            });
+
+            const data = await res.json();
+
+            // if backend returned jwt we store it but still return whole data
+            if (data.token) {
+            this.jwt = data.token;
+            }
+
+            return data;
+
+        } catch(err){
+            console.error(err);
+            return { error: true, message: err.message };
+        }
+    }
+
+    header(){
+        if(!this.jwt) return {};
+        return {
+            Authorization: `Bearer ${this.jwt}`
+        };
+    }
+
+    async verify(code){
+        return this.data({code});
+    }
+
+      // -----------------------------
+  // Helper: decode Base64URL to Uint8Array
+  // -----------------------------
+  base64urlToUint8Array(base64url) {
+    if (!base64url) throw new Error("Missing Base64URL data");
+    let base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');
+    while (base64.length % 4) base64 += '=';
+    const str = atob(base64);
+    return new Uint8Array([...str].map(c => c.charCodeAt(0)));
+  }
+
+  async issue(publicKey){
+    publicKey.challenge = this.base64urlToUint8Array(publicKey.challenge);
+    publicKey.user.id = this.base64urlToUint8Array(publicKey.user.id);
+    
+    const credential = await navigator.credentials.create({ publicKey });
+
+    const data = {
+      id: credential.id,
+      rawId: btoa(String.fromCharCode(...new Uint8Array(credential.rawId))),
+      type: credential.type,
+      response: {
+        clientDataJSON: btoa(String.fromCharCode(...new Uint8Array(credential.response.clientDataJSON))),
+        attestationObject: btoa(String.fromCharCode(...new Uint8Array(credential.response.attestationObject))),
+      },
+    };
+
+    return data;
+  }
+
+}

package/index.js

@@ -5,6 +5,7 @@ const OAuthManager = require("./src/oauth");
 const TOTPManager = require("./src/totp");
 const PasskeyManager = require("./src/passkey");
 const MagicLinkManager = require("./src/magiclink");
+const CryptoManager = require("./src/crypto");
 
 class AuthVerify {
   constructor(options = {}) {
@@ -26,7 +27,10 @@ class AuthVerify {
       passExp = "2m",
       mlSecret = "ml_secret",
       mlExpiry = "5m",
-      appUrl = "https://yourapp.com"
+      appUrl = "https://yourapp.com",
+      hashAlg = "pbkdf2",
+      iterations = 100000,
+      keyLen = 64
     } = options;
 
     // ✅ Ensure cookieName and secret always exist
@@ -54,7 +58,8 @@ class AuthVerify {
     this.senders = new Map();
 
     this.passkey = new PasskeyManager({rpName, storeTokens, saveBy, passExp});
-    this.magic = new MagicLinkManager({mlSecret, mlExpiry, appUrl, storeTokens})
+    this.magic = new MagicLinkManager({mlSecret, mlExpiry, appUrl, storeTokens});
+    this.crypto = new CryptoManager({hashAlg, iterations, keyLen});
   }
 
   // --- Session helpers ---

package/package.json

@@ -3,20 +3,24 @@
     "axios": "^1.12.2",
     "base64url": "^3.0.1",
     "cbor": "^10.0.11",
+    "cors": "^2.8.5",
     "crypto": "^1.0.1",
+    "express": "^5.1.0",
     "ioredis": "^5.8.1",
     "jsonwebtoken": "^9.0.2",
     "node-telegram-bot-api": "^0.66.0",
     "nodemailer": "^7.0.6",
+    "path": "^0.12.7",
     "qrcode": "^1.5.4",
     "uuid": "^9.0.1"
   },
   "name": "auth-verify",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "description": "A simple Node.js library for sending and verifying OTP via email, SMS and Telegram bot. And generating TOTP codes and QR codes. And handling JWT with Cookies. And also handling passwordless logins with passkeys/webauth. And handling magiclink passwordless logins",
   "main": "index.js",
   "scripts": {
-    "test": "jest --runInBand"
+    "test": "jest --runInBand",
+    "start:api": "node rest-api/index.js"
   },
   "repository": {
     "type": "git",
@@ -49,7 +53,11 @@
     "webauthn",
     "passkey",
     "passwordless",
-    "magiclink"
+    "magiclink",
+    "hash",
+    "password_hashing",
+    "api",
+    "rest-api"
   ],
   "author": "Jahongir Sobirov",
   "license": "MIT",