navojit-auth 2.0.0 → 4.0.0

package/dist/index.d.mts

@@ -1,23 +1,5 @@
 import { FastifyInstance } from 'fastify';
 
-/**
- * 1. UNIVERSAL JWT TYPES
- */
-declare module "@fastify/jwt" {
-    interface FastifyJWT {
-        payload: {
-            sub: string;
-            email: string;
-            role: string;
-            orgId?: string;
-            sid?: string;
-            impersonatedBy?: string;
-        };
-    }
-}
-/**
- * 2. THE CONTRACTS (Interfaces)
- */
 interface AuthAdapter {
     createUser(data: any): Promise<any>;
     findUserByEmail(email: string): Promise<any>;
@@ -26,29 +8,37 @@ interface AuthAdapter {
 interface AuthConfig {
     adapter: AuthAdapter;
     secret: string;
-    redisClient?: any;
     prefix?: string;
+    accessExpiry?: string;
+    refreshExpiry?: string;
+}
+interface OmniTokens {
+    access_token: string;
+    refresh_token: string;
+    sid: string;
 }
-/**
- * 4. FRAMEWORK HANDLERS
- */
 declare class NavojitAuth {
-    private engine;
     private config;
     constructor(config: AuthConfig);
+    generateOmniTokens(user: any, options?: {
+        mfa_v?: boolean;
+        am?: string[];
+    }): OmniTokens;
+    verifyToken(token: string): any;
+    generatePasskeyOptions(userId: string, userEmail: string, rpID?: string): Promise<any>;
+    verifyPasskey(expectedChallenge: string, responseBody: any, origin: string, rpID?: string): Promise<any>;
+    hashPassword(password: string): Promise<string>;
+    verifyPassword(hash: string, password: string): Promise<boolean>;
+    verifyAndFetchUser(email: string, otp: string): Promise<any>;
     /**
-     * ✅ FASTIFY ATTACHMENT
+     * 🟢 FASTIFY CONNECTOR
      */
     attach(server: FastifyInstance): Promise<void>;
     /**
-     * ✅ EXPRESS MIDDLEWARE (The Universal Power)
-     * Iska use karke Express developers bhi aapka package use kar payenge.
+     * 🔵 EXPRESS CONNECTOR
      */
-    express(): (req: any, res: any, next: any) => void;
+    express(): any;
 }
-/**
- * 5. DATABASE ADAPTERS
- */
 declare class MongooseAdapter implements AuthAdapter {
     private model;
     constructor(model: any);
@@ -57,4 +47,4 @@ declare class MongooseAdapter implements AuthAdapter {
     createUser(data: any): Promise<any>;
 }
 
-export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth };
+export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type OmniTokens };

package/dist/index.d.ts

@@ -1,23 +1,5 @@
 import { FastifyInstance } from 'fastify';
 
-/**
- * 1. UNIVERSAL JWT TYPES
- */
-declare module "@fastify/jwt" {
-    interface FastifyJWT {
-        payload: {
-            sub: string;
-            email: string;
-            role: string;
-            orgId?: string;
-            sid?: string;
-            impersonatedBy?: string;
-        };
-    }
-}
-/**
- * 2. THE CONTRACTS (Interfaces)
- */
 interface AuthAdapter {
     createUser(data: any): Promise<any>;
     findUserByEmail(email: string): Promise<any>;
@@ -26,29 +8,37 @@ interface AuthAdapter {
 interface AuthConfig {
     adapter: AuthAdapter;
     secret: string;
-    redisClient?: any;
     prefix?: string;
+    accessExpiry?: string;
+    refreshExpiry?: string;
+}
+interface OmniTokens {
+    access_token: string;
+    refresh_token: string;
+    sid: string;
 }
-/**
- * 4. FRAMEWORK HANDLERS
- */
 declare class NavojitAuth {
-    private engine;
     private config;
     constructor(config: AuthConfig);
+    generateOmniTokens(user: any, options?: {
+        mfa_v?: boolean;
+        am?: string[];
+    }): OmniTokens;
+    verifyToken(token: string): any;
+    generatePasskeyOptions(userId: string, userEmail: string, rpID?: string): Promise<any>;
+    verifyPasskey(expectedChallenge: string, responseBody: any, origin: string, rpID?: string): Promise<any>;
+    hashPassword(password: string): Promise<string>;
+    verifyPassword(hash: string, password: string): Promise<boolean>;
+    verifyAndFetchUser(email: string, otp: string): Promise<any>;
     /**
-     * ✅ FASTIFY ATTACHMENT
+     * 🟢 FASTIFY CONNECTOR
      */
     attach(server: FastifyInstance): Promise<void>;
     /**
-     * ✅ EXPRESS MIDDLEWARE (The Universal Power)
-     * Iska use karke Express developers bhi aapka package use kar payenge.
+     * 🔵 EXPRESS CONNECTOR
      */
-    express(): (req: any, res: any, next: any) => void;
+    express(): any;
 }
-/**
- * 5. DATABASE ADAPTERS
- */
 declare class MongooseAdapter implements AuthAdapter {
     private model;
     constructor(model: any);
@@ -57,4 +47,4 @@ declare class MongooseAdapter implements AuthAdapter {
     createUser(data: any): Promise<any>;
 }
 
-export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth };
+export { type AuthAdapter, type AuthConfig, MongooseAdapter, NavojitAuth, type OmniTokens };

package/dist/index.js

@@ -34,91 +34,175 @@ __export(index_exports, {
   NavojitAuth: () => NavojitAuth
 });
 module.exports = __toCommonJS(index_exports);
-var import_jwt = __toESM(require("@fastify/jwt"));
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var import_uuid = require("uuid");
-var NavojitEngine = class {
+var import_server = require("@simplewebauthn/server");
+var argon2 = __toESM(require("argon2"));
+var NavojitAuth = class {
+  config;
   constructor(config) {
-    this.config = config;
+    this.config = {
+      prefix: "/auth",
+      accessExpiry: "15m",
+      refreshExpiry: "30d",
+      ...config
+    };
   }
-  config;
-  async generateToken(server, user, sid) {
-    return server.jwt.sign({
-      sub: user.id || user._id,
-      email: user.email,
-      role: user.role,
-      orgId: user.orgId,
-      sid: sid || (0, import_uuid.v4)()
+  // --------------------------------------------------
+  // 🚀 CORE 1: UNIVERSAL TOKENS (Syncs with Py/Rust)
+  // --------------------------------------------------
+  generateOmniTokens(user, options = {}) {
+    const sid = (0, import_uuid.v4)();
+    const userId = user.id || user._id.toString();
+    const access_token = import_jsonwebtoken.default.sign(
+      {
+        sub: userId,
+        email: user.email,
+        role: user.role || "member",
+        sid,
+        mfa_v: options.mfa_v || false,
+        am: options.am || ["pwd"],
+        typ: "access"
+      },
+      this.config.secret,
+      { expiresIn: this.config.accessExpiry }
+    );
+    const refresh_token = import_jsonwebtoken.default.sign(
+      {
+        sub: userId,
+        sid,
+        typ: "refresh"
+      },
+      this.config.secret,
+      { expiresIn: this.config.refreshExpiry }
+    );
+    return { access_token, refresh_token, sid };
+  }
+  verifyToken(token) {
+    try {
+      return import_jsonwebtoken.default.verify(token, this.config.secret);
+    } catch (error) {
+      if (error.name === "TokenExpiredError") {
+        return { error: "expired", message: "Token has expired" };
+      }
+      return { error: "invalid", message: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 👁️ CORE 2: BIOMETRICS & PASSKEYS (World-Class Security)
+  // --------------------------------------------------
+  async generatePasskeyOptions(userId, userEmail, rpID = "navojit.com") {
+    return (0, import_server.generateRegistrationOptions)({
+      rpName: "Navojit Ecosystem",
+      rpID,
+      userID: Buffer.from(userId),
+      userName: userEmail,
+      attestationType: "none",
+      authenticatorSelection: {
+        residentKey: "required",
+        userVerification: "preferred"
+      }
     });
   }
-  async verifyOtpFlow(email, otp) {
-    if (!otp) throw new Error("OTP is required");
+  async verifyPasskey(expectedChallenge, responseBody, origin, rpID = "navojit.com") {
+    try {
+      const verification = await (0, import_server.verifyRegistrationResponse)({
+        response: responseBody,
+        expectedChallenge,
+        expectedOrigin: origin,
+        expectedRPID: rpID
+      });
+      return verification;
+    } catch (error) {
+      return { verified: false, error: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 🔐 CORE 3: ARGON2 & OTP LOGIC
+  // --------------------------------------------------
+  async hashPassword(password) {
+    return await argon2.hash(password);
+  }
+  async verifyPassword(hash2, password) {
+    return await argon2.verify(hash2, password);
+  }
+  async verifyAndFetchUser(email, otp) {
+    if (!otp || otp.length < 4) throw new Error("Invalid OTP");
     let user = await this.config.adapter.findUserByEmail(email);
     if (!user) {
       user = await this.config.adapter.createUser({
         email,
-        password: "OTP_MAGIC_USER",
-        role: "member"
+        password: await this.hashPassword("NAV_SECURE_" + (0, import_uuid.v4)()),
+        role: "member",
+        isVerified: true
       });
     }
     return user;
   }
-};
-var NavojitAuth = class {
-  engine;
-  config;
-  constructor(config) {
-    this.config = { prefix: "/auth", ...config };
-    this.engine = new NavojitEngine(this.config);
-  }
+  // ==========================================
+  // 3. THE CONNECTORS (Purane Features Wapas!)
+  // ==========================================
   /**
-   * ✅ FASTIFY ATTACHMENT
+   * 🟢 FASTIFY CONNECTOR
    */
   async attach(server) {
-    const { prefix, secret } = this.config;
-    if (!server.hasDecorator("jwt")) {
-      server.register(import_jwt.default, { secret });
-    }
-    server.get(`${prefix}/profile`, async (request, reply) => {
-      try {
-        const decoded = await request.jwtVerify();
-        const user = await this.config.adapter.findUserById(decoded.sub);
-        return {
-          success: true,
-          user: { id: user.id, email: user.email, role: user.role }
-        };
-      } catch (e) {
-        return reply.code(401).send({ error: "Unauthorized" });
-      }
-    });
-    server.post(`${prefix}/otp/verify`, async (request, reply) => {
+    const { prefix, adapter } = this.config;
+    server.post(`${prefix}/otp/verify`, async (req, reply) => {
       try {
-        const user = await this.engine.verifyOtpFlow(
-          request.body.email,
-          request.body.otp
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
         );
-        const token = await this.engine.generateToken(server, user);
-        return { success: true, token };
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        return { success: true, ...tokens, gateway: "navojit-v4-fastify" };
       } catch (e) {
         return reply.code(400).send({ error: e.message });
       }
     });
-    server.post(`${prefix}/otp/send`, async (request) => {
-      const otp = Math.floor(1e5 + Math.random() * 9e5).toString();
-      console.log(`
-\u{1F680} [NAVOJIT v2] OTP FOR ${request.body.email}: ${otp}
-`);
-      return { success: true, message: "OTP sent" };
+    server.addHook("preHandler", async (req, reply) => {
+      if (req.routerPath.startsWith(`${prefix}/profile`)) {
+        const token = req.headers.authorization?.split(" ")[1];
+        if (!token) return reply.code(401).send({ error: "Missing Token" });
+        const decoded = this.verifyToken(token);
+        if (decoded.error)
+          return reply.code(401).send({ error: decoded.error });
+        req.user = decoded;
+      }
+    });
+    server.get(`${prefix}/profile`, async (req, reply) => {
+      const user = await adapter.findUserById(req.user.sub);
+      return {
+        success: true,
+        user: { id: user.id, email: user.email, role: user.role }
+      };
     });
   }
   /**
-   * ✅ EXPRESS MIDDLEWARE (The Universal Power)
-   * Iska use karke Express developers bhi aapka package use kar payenge.
+   * 🔵 EXPRESS CONNECTOR
    */
   express() {
-    return (req, res, next) => {
-      console.log("Navojit Auth Express Middleware Active");
-      next();
-    };
+    const express = require("express");
+    const router = express.Router();
+    const { prefix, adapter } = this.config;
+    router.post(`${prefix}/otp/verify`, async (req, res) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        res.json({ success: true, ...tokens, gateway: "navojit-v4-express" });
+      } catch (e) {
+        res.status(400).json({ error: e.message });
+      }
+    });
+    return router;
   }
 };
 var MongooseAdapter = class {
@@ -133,9 +217,7 @@ var MongooseAdapter = class {
     return await this.model.findById(id);
   }
   async createUser(data) {
-    const user = new this.model(data);
-    await user.save();
-    return user;
+    return await new this.model(data).save();
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/index.mjs

@@ -1,89 +1,183 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
 // src/index.ts
-import jwt from "@fastify/jwt";
+import jwt from "jsonwebtoken";
 import { v4 as uuidv4 } from "uuid";
-var NavojitEngine = class {
+import {
+  generateRegistrationOptions,
+  verifyRegistrationResponse
+} from "@simplewebauthn/server";
+import * as argon2 from "argon2";
+var NavojitAuth = class {
+  config;
   constructor(config) {
-    this.config = config;
+    this.config = {
+      prefix: "/auth",
+      accessExpiry: "15m",
+      refreshExpiry: "30d",
+      ...config
+    };
   }
-  config;
-  async generateToken(server, user, sid) {
-    return server.jwt.sign({
-      sub: user.id || user._id,
-      email: user.email,
-      role: user.role,
-      orgId: user.orgId,
-      sid: sid || uuidv4()
+  // --------------------------------------------------
+  // 🚀 CORE 1: UNIVERSAL TOKENS (Syncs with Py/Rust)
+  // --------------------------------------------------
+  generateOmniTokens(user, options = {}) {
+    const sid = uuidv4();
+    const userId = user.id || user._id.toString();
+    const access_token = jwt.sign(
+      {
+        sub: userId,
+        email: user.email,
+        role: user.role || "member",
+        sid,
+        mfa_v: options.mfa_v || false,
+        am: options.am || ["pwd"],
+        typ: "access"
+      },
+      this.config.secret,
+      { expiresIn: this.config.accessExpiry }
+    );
+    const refresh_token = jwt.sign(
+      {
+        sub: userId,
+        sid,
+        typ: "refresh"
+      },
+      this.config.secret,
+      { expiresIn: this.config.refreshExpiry }
+    );
+    return { access_token, refresh_token, sid };
+  }
+  verifyToken(token) {
+    try {
+      return jwt.verify(token, this.config.secret);
+    } catch (error) {
+      if (error.name === "TokenExpiredError") {
+        return { error: "expired", message: "Token has expired" };
+      }
+      return { error: "invalid", message: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 👁️ CORE 2: BIOMETRICS & PASSKEYS (World-Class Security)
+  // --------------------------------------------------
+  async generatePasskeyOptions(userId, userEmail, rpID = "navojit.com") {
+    return generateRegistrationOptions({
+      rpName: "Navojit Ecosystem",
+      rpID,
+      userID: Buffer.from(userId),
+      userName: userEmail,
+      attestationType: "none",
+      authenticatorSelection: {
+        residentKey: "required",
+        userVerification: "preferred"
+      }
     });
   }
-  async verifyOtpFlow(email, otp) {
-    if (!otp) throw new Error("OTP is required");
+  async verifyPasskey(expectedChallenge, responseBody, origin, rpID = "navojit.com") {
+    try {
+      const verification = await verifyRegistrationResponse({
+        response: responseBody,
+        expectedChallenge,
+        expectedOrigin: origin,
+        expectedRPID: rpID
+      });
+      return verification;
+    } catch (error) {
+      return { verified: false, error: error.message };
+    }
+  }
+  // --------------------------------------------------
+  // 🔐 CORE 3: ARGON2 & OTP LOGIC
+  // --------------------------------------------------
+  async hashPassword(password) {
+    return await argon2.hash(password);
+  }
+  async verifyPassword(hash2, password) {
+    return await argon2.verify(hash2, password);
+  }
+  async verifyAndFetchUser(email, otp) {
+    if (!otp || otp.length < 4) throw new Error("Invalid OTP");
     let user = await this.config.adapter.findUserByEmail(email);
     if (!user) {
       user = await this.config.adapter.createUser({
         email,
-        password: "OTP_MAGIC_USER",
-        role: "member"
+        password: await this.hashPassword("NAV_SECURE_" + uuidv4()),
+        role: "member",
+        isVerified: true
       });
     }
     return user;
   }
-};
-var NavojitAuth = class {
-  engine;
-  config;
-  constructor(config) {
-    this.config = { prefix: "/auth", ...config };
-    this.engine = new NavojitEngine(this.config);
-  }
+  // ==========================================
+  // 3. THE CONNECTORS (Purane Features Wapas!)
+  // ==========================================
   /**
-   * ✅ FASTIFY ATTACHMENT
+   * 🟢 FASTIFY CONNECTOR
    */
   async attach(server) {
-    const { prefix, secret } = this.config;
-    if (!server.hasDecorator("jwt")) {
-      server.register(jwt, { secret });
-    }
-    server.get(`${prefix}/profile`, async (request, reply) => {
-      try {
-        const decoded = await request.jwtVerify();
-        const user = await this.config.adapter.findUserById(decoded.sub);
-        return {
-          success: true,
-          user: { id: user.id, email: user.email, role: user.role }
-        };
-      } catch (e) {
-        return reply.code(401).send({ error: "Unauthorized" });
-      }
-    });
-    server.post(`${prefix}/otp/verify`, async (request, reply) => {
+    const { prefix, adapter } = this.config;
+    server.post(`${prefix}/otp/verify`, async (req, reply) => {
       try {
-        const user = await this.engine.verifyOtpFlow(
-          request.body.email,
-          request.body.otp
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
         );
-        const token = await this.engine.generateToken(server, user);
-        return { success: true, token };
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        return { success: true, ...tokens, gateway: "navojit-v4-fastify" };
       } catch (e) {
         return reply.code(400).send({ error: e.message });
       }
     });
-    server.post(`${prefix}/otp/send`, async (request) => {
-      const otp = Math.floor(1e5 + Math.random() * 9e5).toString();
-      console.log(`
-\u{1F680} [NAVOJIT v2] OTP FOR ${request.body.email}: ${otp}
-`);
-      return { success: true, message: "OTP sent" };
+    server.addHook("preHandler", async (req, reply) => {
+      if (req.routerPath.startsWith(`${prefix}/profile`)) {
+        const token = req.headers.authorization?.split(" ")[1];
+        if (!token) return reply.code(401).send({ error: "Missing Token" });
+        const decoded = this.verifyToken(token);
+        if (decoded.error)
+          return reply.code(401).send({ error: decoded.error });
+        req.user = decoded;
+      }
+    });
+    server.get(`${prefix}/profile`, async (req, reply) => {
+      const user = await adapter.findUserById(req.user.sub);
+      return {
+        success: true,
+        user: { id: user.id, email: user.email, role: user.role }
+      };
     });
   }
   /**
-   * ✅ EXPRESS MIDDLEWARE (The Universal Power)
-   * Iska use karke Express developers bhi aapka package use kar payenge.
+   * 🔵 EXPRESS CONNECTOR
    */
   express() {
-    return (req, res, next) => {
-      console.log("Navojit Auth Express Middleware Active");
-      next();
-    };
+    const express = __require("express");
+    const router = express.Router();
+    const { prefix, adapter } = this.config;
+    router.post(`${prefix}/otp/verify`, async (req, res) => {
+      try {
+        const user = await this.verifyAndFetchUser(
+          req.body.email,
+          req.body.otp
+        );
+        const tokens = this.generateOmniTokens(user, {
+          mfa_v: true,
+          am: ["otp"]
+        });
+        res.json({ success: true, ...tokens, gateway: "navojit-v4-express" });
+      } catch (e) {
+        res.status(400).json({ error: e.message });
+      }
+    });
+    return router;
   }
 };
 var MongooseAdapter = class {
@@ -98,9 +192,7 @@ var MongooseAdapter = class {
     return await this.model.findById(id);
   }
   async createUser(data) {
-    const user = new this.model(data);
-    await user.save();
-    return user;
+    return await new this.model(data).save();
   }
 };
 export {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "navojit-auth",
-  "version": "2.0.0",
-  "description": "Ultimate Authentication Engine for Fastify and Mongoose, supporting OTP, Passkeys, and Multi-tenancy.",
+  "version": "4.0.0",
+  "description": "The World's Smartest Universal Auth Engine. Supports Passkeys, Fastify, Mongoose, Drizzle, and Cross-Language Sync.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
@@ -17,7 +17,7 @@
   ],
   "scripts": {
     "dev": "tsx watch src/index.ts",
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean --external express",
     "prepublishOnly": "npm run build",
     "lint": "tsc",
     "test": "vitest run",
@@ -30,7 +30,8 @@
     "mongoose",
     "mongodb",
     "multi-tenant",
-    "universal-auth"
+    "universal-auth",
+    "passkeys"
   ],
   "author": "Kashish Singh",
   "license": "MIT",
@@ -49,12 +50,15 @@
     "argon2": "^0.44.0",
     "dotenv": "^17.4.1",
     "google-auth-library": "^10.6.2",
+    "jsonwebtoken": "^9.0.2",
     "resend": "^6.10.0",
     "uuid": "^13.0.0",
     "zod": "^4.3.6"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "^22.19.17",
+    "@types/uuid": "^10.0.0",
     "@vitest/coverage-v8": "^4.1.4",
     "drizzle-orm": "^0.30.0",
     "fastify": "^4.26.2",
@@ -64,4 +68,4 @@
     "typescript": "^5.7.0",
     "vitest": "^4.1.4"
   }
-}
+}