navojit-auth 1.6.2 → 4.0.0

package/dist/index.d.mts

@@ -1,51 +1,44 @@
 import { FastifyInstance } from 'fastify';
 
-/**
- * 1. JWT TYPE AUGMENTATION
- * Isse sign() aur verify() karte waqt 'email' ya 'sid' ka error kabhi nahi aayega.
- * TypeScript ko ab pata hai ki Navojit Auth ke payload mein kya-kya hota hai.
- */
-declare module "@fastify/jwt" {
-    interface FastifyJWT {
-        payload: {
-            sub: string;
-            email: string;
-            role: string;
-            orgId?: string;
-            sid?: string;
-            impersonatedBy?: string;
-        };
-    }
-}
-/**
- * 2. THE CONTRACT (Interfaces)
- * Developers iska use karke Drizzle, Prisma ya SQL ka naya adapter bana sakte hain.
- */
 interface AuthAdapter {
     createUser(data: any): Promise<any>;
     findUserByEmail(email: string): Promise<any>;
     findUserById(id: string): Promise<any>;
 }
-interface User {
-    id: string;
-    email: string;
-    role: string;
-    orgId?: string;
-    passkeys?: any[];
-    [key: string]: any;
-}
 interface AuthConfig {
     adapter: AuthAdapter;
     secret: string;
-    redisClient?: any;
-    rpName?: string;
-    rpID?: string;
     prefix?: string;
+    accessExpiry?: string;
+    refreshExpiry?: string;
+}
+interface OmniTokens {
+    access_token: string;
+    refresh_token: string;
+    sid: string;
+}
+declare class NavojitAuth {
+    private config;
+    constructor(config: AuthConfig);
+    generateOmniTokens(user: any, options?: {
+        mfa_v?: boolean;
+        am?: string[];
+    }): OmniTokens;
+    verifyToken(token: string): any;
+    generatePasskeyOptions(userId: string, userEmail: string, rpID?: string): Promise<any>;
+    verifyPasskey(expectedChallenge: string, responseBody: any, origin: string, rpID?: string): Promise<any>;
+    hashPassword(password: string): Promise<string>;
+    verifyPassword(hash: string, password: string): Promise<boolean>;
+    verifyAndFetchUser(email: string, otp: string): Promise<any>;
+    /**
+     * 🟢 FASTIFY CONNECTOR
+     */
+    attach(server: FastifyInstance): Promise<void>;
+    /**
+     * 🔵 EXPRESS CONNECTOR
+     */
+    express(): any;
 }
-/**
- * 3. THE BRIDGE (Mongoose Adapter)
- * Built-in support for Mongoose users.
- */
 declare class MongooseAdapter implements AuthAdapter {
     private model;
     constructor(model: any);
@@ -53,13 +46,5 @@ declare class MongooseAdapter implements AuthAdapter {
     findUserById(id: string): Promise<any>;
     createUser(data: any): Promise<any>;
 }
-/**
- * 4. THE ENGINE (NavojitAuth)
- */
-declare class NavojitAuth {
-    private config;
-    constructor(config: AuthConfig);
-    attach(server: FastifyInstance): Promise<void>;
-}
 
-export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type User };
+export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type OmniTokens };

package/dist/index.d.ts

@@ -1,51 +1,44 @@
 import { FastifyInstance } from 'fastify';
 
-/**
- * 1. JWT TYPE AUGMENTATION
- * Isse sign() aur verify() karte waqt 'email' ya 'sid' ka error kabhi nahi aayega.
- * TypeScript ko ab pata hai ki Navojit Auth ke payload mein kya-kya hota hai.
- */
-declare module "@fastify/jwt" {
-    interface FastifyJWT {
-        payload: {
-            sub: string;
-            email: string;
-            role: string;
-            orgId?: string;
-            sid?: string;
-            impersonatedBy?: string;
-        };
-    }
-}
-/**
- * 2. THE CONTRACT (Interfaces)
- * Developers iska use karke Drizzle, Prisma ya SQL ka naya adapter bana sakte hain.
- */
 interface AuthAdapter {
     createUser(data: any): Promise<any>;
     findUserByEmail(email: string): Promise<any>;
     findUserById(id: string): Promise<any>;
 }
-interface User {
-    id: string;
-    email: string;
-    role: string;
-    orgId?: string;
-    passkeys?: any[];
-    [key: string]: any;
-}
 interface AuthConfig {
     adapter: AuthAdapter;
     secret: string;
-    redisClient?: any;
-    rpName?: string;
-    rpID?: string;
     prefix?: string;
+    accessExpiry?: string;
+    refreshExpiry?: string;
+}
+interface OmniTokens {
+    access_token: string;
+    refresh_token: string;
+    sid: string;
+}
+declare class NavojitAuth {
+    private config;
+    constructor(config: AuthConfig);
+    generateOmniTokens(user: any, options?: {
+        mfa_v?: boolean;
+        am?: string[];
+    }): OmniTokens;
+    verifyToken(token: string): any;
+    generatePasskeyOptions(userId: string, userEmail: string, rpID?: string): Promise<any>;
+    verifyPasskey(expectedChallenge: string, responseBody: any, origin: string, rpID?: string): Promise<any>;
+    hashPassword(password: string): Promise<string>;
+    verifyPassword(hash: string, password: string): Promise<boolean>;
+    verifyAndFetchUser(email: string, otp: string): Promise<any>;
+    /**
+     * 🟢 FASTIFY CONNECTOR
+     */
+    attach(server: FastifyInstance): Promise<void>;
+    /**
+     * 🔵 EXPRESS CONNECTOR
+     */
+    express(): any;
 }
-/**
- * 3. THE BRIDGE (Mongoose Adapter)
- * Built-in support for Mongoose users.
- */
 declare class MongooseAdapter implements AuthAdapter {
     private model;
     constructor(model: any);
@@ -53,13 +46,5 @@ declare class MongooseAdapter implements AuthAdapter {
     findUserById(id: string): Promise<any>;
     createUser(data: any): Promise<any>;
 }
-/**
- * 4. THE ENGINE (NavojitAuth)
- */
-declare class NavojitAuth {
-    private config;
-    constructor(config: AuthConfig);
-    attach(server: FastifyInstance): Promise<void>;
-}
 
-export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type User };
+export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type OmniTokens };

package/dist/index.js

@@ -34,127 +34,190 @@ __export(index_exports, {
   NavojitAuth: () => NavojitAuth
 });
 module.exports = __toCommonJS(index_exports);
-var import_jwt = __toESM(require("@fastify/jwt"));
-var import_argon2 = __toESM(require("argon2"));
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var import_uuid = require("uuid");
-var MongooseAdapter = class {
-  constructor(model) {
-    this.model = model;
-  }
-  model;
-  async findUserByEmail(email) {
-    return await this.model.findOne({ email });
-  }
-  async findUserById(id) {
-    return await this.model.findById(id);
-  }
-  async createUser(data) {
-    const user = new this.model(data);
-    await user.save();
-    return user;
-  }
-};
+var import_server = require("@simplewebauthn/server");
+var argon2 = __toESM(require("argon2"));
 var NavojitAuth = class {
   config;
   constructor(config) {
     this.config = {
-      rpName: "Navojit Auth",
-      rpID: "localhost",
       prefix: "/auth",
+      accessExpiry: "15m",
+      refreshExpiry: "30d",
       ...config
     };
   }
-  async attach(server) {
-    const { prefix, secret, adapter, redisClient } = this.config;
-    if (!server.hasDecorator("jwt")) {
-      server.register(import_jwt.default, { secret });
-    }
-    const trackSession = async (userId, sessionId) => {
-      if (redisClient) {
-        await redisClient.sadd(`user_sessions:${userId}`, sessionId);
+  // --------------------------------------------------
+  // 🚀 CORE 1: UNIVERSAL TOKENS (Syncs with Py/Rust)
+  // --------------------------------------------------
+  generateOmniTokens(user, options = {}) {
+    const sid = (0, import_uuid.v4)();
+    const userId = user.id || user._id.toString();
+    const access_token = import_jsonwebtoken.default.sign(
+      {
+        sub: userId,
+        email: user.email,
+        role: user.role || "member",
+        sid,
+        mfa_v: options.mfa_v || false,
+        am: options.am || ["pwd"],
+        typ: "access"
+      },
+      this.config.secret,
+      { expiresIn: this.config.accessExpiry }
+    );
+    const refresh_token = import_jsonwebtoken.default.sign(
+      {
+        sub: userId,
+        sid,
+        typ: "refresh"
+      },
+      this.config.secret,
+      { expiresIn: this.config.refreshExpiry }
+    );
+    return { access_token, refresh_token, sid };
+  }
+  verifyToken(token) {
+    try {
+      return import_jsonwebtoken.default.verify(token, this.config.secret);
+    } catch (error) {
+      if (error.name === "TokenExpiredError") {
+        return { error: "expired", message: "Token has expired" };
       }
-    };
-    server.get(`${prefix}/profile`, async (request, reply) => {
-      try {
-        const decoded = await request.jwtVerify();
-        const user = await adapter.findUserById(decoded.sub);
-        if (!user) return reply.code(404).send({ error: "User not found" });
-        return {
-          success: true,
-          user: {
-            id: user.id,
-            email: user.email,
-            role: user.role,
-            orgId: user.orgId
-          }
-        };
-      } catch (err) {
-        return reply.code(401).send({ error: "Unauthorized" });
+      return { error: "invalid", message: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 👁️ CORE 2: BIOMETRICS & PASSKEYS (World-Class Security)
+  // --------------------------------------------------
+  async generatePasskeyOptions(userId, userEmail, rpID = "navojit.com") {
+    return (0, import_server.generateRegistrationOptions)({
+      rpName: "Navojit Ecosystem",
+      rpID,
+      userID: Buffer.from(userId),
+      userName: userEmail,
+      attestationType: "none",
+      authenticatorSelection: {
+        residentKey: "required",
+        userVerification: "preferred"
       }
     });
-    server.post(`${prefix}/otp/send`, async (request) => {
-      const { email } = request.body;
-      const otp = Math.floor(1e5 + Math.random() * 9e5).toString();
-      console.log(`
-==============================================`);
-      console.log(`\u{1F514} [NAVOJIT AUTH] OTP FOR ${email}: ${otp}`);
-      console.log(`==============================================
-`);
-      return { success: true, message: "OTP sent successfully" };
-    });
-    server.post(`${prefix}/otp/verify`, async (request, reply) => {
-      const { email, otp } = request.body;
-      if (!otp) return reply.code(400).send({ error: "OTP is required" });
-      let user = await adapter.findUserByEmail(email);
-      if (!user) {
-        user = await adapter.createUser({
-          email,
-          password: "OTP_MAGIC_USER_NO_PASSWORD",
-          role: "member"
+  }
+  async verifyPasskey(expectedChallenge, responseBody, origin, rpID = "navojit.com") {
+    try {
+      const verification = await (0, import_server.verifyRegistrationResponse)({
+        response: responseBody,
+        expectedChallenge,
+        expectedOrigin: origin,
+        expectedRPID: rpID
+      });
+      return verification;
+    } catch (error) {
+      return { verified: false, error: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 🔐 CORE 3: ARGON2 & OTP LOGIC
+  // --------------------------------------------------
+  async hashPassword(password) {
+    return await argon2.hash(password);
+  }
+  async verifyPassword(hash2, password) {
+    return await argon2.verify(hash2, password);
+  }
+  async verifyAndFetchUser(email, otp) {
+    if (!otp || otp.length < 4) throw new Error("Invalid OTP");
+    let user = await this.config.adapter.findUserByEmail(email);
+    if (!user) {
+      user = await this.config.adapter.createUser({
+        email,
+        password: await this.hashPassword("NAV_SECURE_" + (0, import_uuid.v4)()),
+        role: "member",
+        isVerified: true
+      });
+    }
+    return user;
+  }
+  // ==========================================
+  // 3. THE CONNECTORS (Purane Features Wapas!)
+  // ==========================================
+  /**
+   * 🟢 FASTIFY CONNECTOR
+   */
+  async attach(server) {
+    const { prefix, adapter } = this.config;
+    server.post(`${prefix}/otp/verify`, async (req, reply) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
         });
+        return { success: true, ...tokens, gateway: "navojit-v4-fastify" };
+      } catch (e) {
+        return reply.code(400).send({ error: e.message });
       }
-      const sessionId = (0, import_uuid.v4)();
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        orgId: user.orgId,
-        sid: sessionId
-      });
-      await trackSession(user.id, sessionId);
-      return { success: true, token, message: "Welcome to Navojit Ecosystem!" };
     });
-    server.post(`${prefix}/login`, async (request, reply) => {
-      const { email, password } = request.body;
-      const user = await adapter.findUserByEmail(email);
-      if (!user || !await import_argon2.default.verify(user.password, password)) {
-        return reply.code(401).send({ error: "Invalid credentials" });
+    server.addHook("preHandler", async (req, reply) => {
+      if (req.routerPath.startsWith(`${prefix}/profile`)) {
+        const token = req.headers.authorization?.split(" ")[1];
+        if (!token) return reply.code(401).send({ error: "Missing Token" });
+        const decoded = this.verifyToken(token);
+        if (decoded.error)
+          return reply.code(401).send({ error: decoded.error });
+        req.user = decoded;
       }
-      const sessionId = (0, import_uuid.v4)();
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        orgId: user.orgId,
-        sid: sessionId
-      });
-      await trackSession(user.id, sessionId);
-      return { success: true, token };
     });
-    server.post(`${prefix}/impersonate`, async (request, reply) => {
-      const admin = await request.jwtVerify();
-      if (admin.role !== "admin")
-        return reply.code(403).send({ error: "Forbidden" });
-      const { userId } = request.body;
-      const user = await adapter.findUserById(userId);
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        impersonatedBy: admin.sub
-      });
-      return { success: true, token, message: `Now acting as ${user.email}` };
+    server.get(`${prefix}/profile`, async (req, reply) => {
+      const user = await adapter.findUserById(req.user.sub);
+      return {
+        success: true,
+        user: { id: user.id, email: user.email, role: user.role }
+      };
+    });
+  }
+  /**
+   * 🔵 EXPRESS CONNECTOR
+   */
+  express() {
+    const express = require("express");
+    const router = express.Router();
+    const { prefix, adapter } = this.config;
+    router.post(`${prefix}/otp/verify`, async (req, res) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        res.json({ success: true, ...tokens, gateway: "navojit-v4-express" });
+      } catch (e) {
+        res.status(400).json({ error: e.message });
+      }
     });
+    return router;
+  }
+};
+var MongooseAdapter = class {
+  constructor(model) {
+    this.model = model;
+  }
+  model;
+  async findUserByEmail(email) {
+    return await this.model.findOne({ email });
+  }
+  async findUserById(id) {
+    return await this.model.findById(id);
+  }
+  async createUser(data) {
+    return await new this.model(data).save();
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/index.mjs

@@ -1,125 +1,198 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
 // src/index.ts
-import jwt from "@fastify/jwt";
-import argon2 from "argon2";
+import jwt from "jsonwebtoken";
 import { v4 as uuidv4 } from "uuid";
-var MongooseAdapter = class {
-  constructor(model) {
-    this.model = model;
-  }
-  model;
-  async findUserByEmail(email) {
-    return await this.model.findOne({ email });
-  }
-  async findUserById(id) {
-    return await this.model.findById(id);
-  }
-  async createUser(data) {
-    const user = new this.model(data);
-    await user.save();
-    return user;
-  }
-};
+import {
+  generateRegistrationOptions,
+  verifyRegistrationResponse
+} from "@simplewebauthn/server";
+import * as argon2 from "argon2";
 var NavojitAuth = class {
   config;
   constructor(config) {
     this.config = {
-      rpName: "Navojit Auth",
-      rpID: "localhost",
       prefix: "/auth",
+      accessExpiry: "15m",
+      refreshExpiry: "30d",
       ...config
     };
   }
-  async attach(server) {
-    const { prefix, secret, adapter, redisClient } = this.config;
-    if (!server.hasDecorator("jwt")) {
-      server.register(jwt, { secret });
-    }
-    const trackSession = async (userId, sessionId) => {
-      if (redisClient) {
-        await redisClient.sadd(`user_sessions:${userId}`, sessionId);
+  // --------------------------------------------------
+  // 🚀 CORE 1: UNIVERSAL TOKENS (Syncs with Py/Rust)
+  // --------------------------------------------------
+  generateOmniTokens(user, options = {}) {
+    const sid = uuidv4();
+    const userId = user.id || user._id.toString();
+    const access_token = jwt.sign(
+      {
+        sub: userId,
+        email: user.email,
+        role: user.role || "member",
+        sid,
+        mfa_v: options.mfa_v || false,
+        am: options.am || ["pwd"],
+        typ: "access"
+      },
+      this.config.secret,
+      { expiresIn: this.config.accessExpiry }
+    );
+    const refresh_token = jwt.sign(
+      {
+        sub: userId,
+        sid,
+        typ: "refresh"
+      },
+      this.config.secret,
+      { expiresIn: this.config.refreshExpiry }
+    );
+    return { access_token, refresh_token, sid };
+  }
+  verifyToken(token) {
+    try {
+      return jwt.verify(token, this.config.secret);
+    } catch (error) {
+      if (error.name === "TokenExpiredError") {
+        return { error: "expired", message: "Token has expired" };
       }
-    };
-    server.get(`${prefix}/profile`, async (request, reply) => {
-      try {
-        const decoded = await request.jwtVerify();
-        const user = await adapter.findUserById(decoded.sub);
-        if (!user) return reply.code(404).send({ error: "User not found" });
-        return {
-          success: true,
-          user: {
-            id: user.id,
-            email: user.email,
-            role: user.role,
-            orgId: user.orgId
-          }
-        };
-      } catch (err) {
-        return reply.code(401).send({ error: "Unauthorized" });
+      return { error: "invalid", message: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 👁️ CORE 2: BIOMETRICS & PASSKEYS (World-Class Security)
+  // --------------------------------------------------
+  async generatePasskeyOptions(userId, userEmail, rpID = "navojit.com") {
+    return generateRegistrationOptions({
+      rpName: "Navojit Ecosystem",
+      rpID,
+      userID: Buffer.from(userId),
+      userName: userEmail,
+      attestationType: "none",
+      authenticatorSelection: {
+        residentKey: "required",
+        userVerification: "preferred"
       }
     });
-    server.post(`${prefix}/otp/send`, async (request) => {
-      const { email } = request.body;
-      const otp = Math.floor(1e5 + Math.random() * 9e5).toString();
-      console.log(`
-==============================================`);
-      console.log(`\u{1F514} [NAVOJIT AUTH] OTP FOR ${email}: ${otp}`);
-      console.log(`==============================================
-`);
-      return { success: true, message: "OTP sent successfully" };
-    });
-    server.post(`${prefix}/otp/verify`, async (request, reply) => {
-      const { email, otp } = request.body;
-      if (!otp) return reply.code(400).send({ error: "OTP is required" });
-      let user = await adapter.findUserByEmail(email);
-      if (!user) {
-        user = await adapter.createUser({
-          email,
-          password: "OTP_MAGIC_USER_NO_PASSWORD",
-          role: "member"
+  }
+  async verifyPasskey(expectedChallenge, responseBody, origin, rpID = "navojit.com") {
+    try {
+      const verification = await verifyRegistrationResponse({
+        response: responseBody,
+        expectedChallenge,
+        expectedOrigin: origin,
+        expectedRPID: rpID
+      });
+      return verification;
+    } catch (error) {
+      return { verified: false, error: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 🔐 CORE 3: ARGON2 & OTP LOGIC
+  // --------------------------------------------------
+  async hashPassword(password) {
+    return await argon2.hash(password);
+  }
+  async verifyPassword(hash2, password) {
+    return await argon2.verify(hash2, password);
+  }
+  async verifyAndFetchUser(email, otp) {
+    if (!otp || otp.length < 4) throw new Error("Invalid OTP");
+    let user = await this.config.adapter.findUserByEmail(email);
+    if (!user) {
+      user = await this.config.adapter.createUser({
+        email,
+        password: await this.hashPassword("NAV_SECURE_" + uuidv4()),
+        role: "member",
+        isVerified: true
+      });
+    }
+    return user;
+  }
+  // ==========================================
+  // 3. THE CONNECTORS (Purane Features Wapas!)
+  // ==========================================
+  /**
+   * 🟢 FASTIFY CONNECTOR
+   */
+  async attach(server) {
+    const { prefix, adapter } = this.config;
+    server.post(`${prefix}/otp/verify`, async (req, reply) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
         });
+        return { success: true, ...tokens, gateway: "navojit-v4-fastify" };
+      } catch (e) {
+        return reply.code(400).send({ error: e.message });
       }
-      const sessionId = uuidv4();
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        orgId: user.orgId,
-        sid: sessionId
-      });
-      await trackSession(user.id, sessionId);
-      return { success: true, token, message: "Welcome to Navojit Ecosystem!" };
     });
-    server.post(`${prefix}/login`, async (request, reply) => {
-      const { email, password } = request.body;
-      const user = await adapter.findUserByEmail(email);
-      if (!user || !await argon2.verify(user.password, password)) {
-        return reply.code(401).send({ error: "Invalid credentials" });
+    server.addHook("preHandler", async (req, reply) => {
+      if (req.routerPath.startsWith(`${prefix}/profile`)) {
+        const token = req.headers.authorization?.split(" ")[1];
+        if (!token) return reply.code(401).send({ error: "Missing Token" });
+        const decoded = this.verifyToken(token);
+        if (decoded.error)
+          return reply.code(401).send({ error: decoded.error });
+        req.user = decoded;
       }
-      const sessionId = uuidv4();
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        orgId: user.orgId,
-        sid: sessionId
-      });
-      await trackSession(user.id, sessionId);
-      return { success: true, token };
     });
-    server.post(`${prefix}/impersonate`, async (request, reply) => {
-      const admin = await request.jwtVerify();
-      if (admin.role !== "admin")
-        return reply.code(403).send({ error: "Forbidden" });
-      const { userId } = request.body;
-      const user = await adapter.findUserById(userId);
-      const token = server.jwt.sign({
-        sub: user.id,
-        email: user.email,
-        role: user.role,
-        impersonatedBy: admin.sub
-      });
-      return { success: true, token, message: `Now acting as ${user.email}` };
+    server.get(`${prefix}/profile`, async (req, reply) => {
+      const user = await adapter.findUserById(req.user.sub);
+      return {
+        success: true,
+        user: { id: user.id, email: user.email, role: user.role }
+      };
+    });
+  }
+  /**
+   * 🔵 EXPRESS CONNECTOR
+   */
+  express() {
+    const express = __require("express");
+    const router = express.Router();
+    const { prefix, adapter } = this.config;
+    router.post(`${prefix}/otp/verify`, async (req, res) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        res.json({ success: true, ...tokens, gateway: "navojit-v4-express" });
+      } catch (e) {
+        res.status(400).json({ error: e.message });
+      }
     });
+    return router;
+  }
+};
+var MongooseAdapter = class {
+  constructor(model) {
+    this.model = model;
+  }
+  model;
+  async findUserByEmail(email) {
+    return await this.model.findOne({ email });
+  }
+  async findUserById(id) {
+    return await this.model.findById(id);
+  }
+  async createUser(data) {
+    return await new this.model(data).save();
   }
 };
 export {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "navojit-auth",
-  "version": "1.6.2",
-  "description": "Ultimate Authentication Engine for Fastify and Mongoose, supporting OTP, Passkeys, and Multi-tenancy.",
+  "version": "4.0.0",
+  "description": "The World's Smartest Universal Auth Engine. Supports Passkeys, Fastify, Mongoose, Drizzle, and Cross-Language Sync.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
@@ -17,7 +17,7 @@
   ],
   "scripts": {
     "dev": "tsx watch src/index.ts",
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean --external express",
     "prepublishOnly": "npm run build",
     "lint": "tsc",
     "test": "vitest run",
@@ -30,7 +30,8 @@
     "mongoose",
     "mongodb",
     "multi-tenant",
-    "universal-auth"
+    "universal-auth",
+    "passkeys"
   ],
   "author": "Kashish Singh",
   "license": "MIT",
@@ -49,12 +50,15 @@
     "argon2": "^0.44.0",
     "dotenv": "^17.4.1",
     "google-auth-library": "^10.6.2",
+    "jsonwebtoken": "^9.0.2",
     "resend": "^6.10.0",
     "uuid": "^13.0.0",
     "zod": "^4.3.6"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^22.19.17",
+    "@types/uuid": "^10.0.0",
     "@vitest/coverage-v8": "^4.1.4",
     "drizzle-orm": "^0.30.0",
     "fastify": "^4.26.2",
@@ -64,4 +68,4 @@
     "typescript": "^5.7.0",
     "vitest": "^4.1.4"
   }
-}
+}