secure-auth-kit 1.0.4 → 1.0.5

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Swapnil Sahare
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,5 +1,8 @@
 # Secure Auth Kit
 
+![npm](https://img.shields.io/npm/v/secure-auth-kit)
+![license](https://img.shields.io/npm/l/secure-auth-kit)
+
 Authentication toolkit for Express.js and MongoDB.
 
 ---
@@ -38,11 +41,12 @@ app.listen(3000);
 
 This registers the following routes under `/auth` (configurable via `routePrefix`):
 
-| Method | Route          | Auth required |
-| ------ | -------------- | ------------- |
-| POST   | /auth/register | No            |
-| POST   | /auth/login    | No            |
-| GET    | /auth/me       | Yes           |
+| Method | Route               | Auth required |
+| ------ | ------------------- | ------------- |
+| POST   | /auth/register      | No            |
+| POST   | /auth/login         | No            |
+| POST   | /auth/refresh-token | No            |
+| GET    | /auth/me            | Yes           |
 
 ---
 
@@ -93,7 +97,7 @@ secureAuth(app, {
 
 ## `authenticate` Middleware
 
-Protect any route by importing `authenticate`:,
+Protect any route by importing `authenticate`:
 
 ```ts
 import { authenticate } from 'secure-auth-kit';
@@ -118,7 +122,24 @@ app.get('/protected', authenticate, (req, res) => {
 }
 ```
 
-Returns `{ user, tokens: { accessToken, refreshToken }}`
+Returns:
+
+```json
+{
+    "success": true,
+    "data": {
+        "user": {
+            ...
+            ...
+        },
+        "tokens": {
+            "accessToken": "access_token",
+            "refreshToken": "refresh_token"
+        }
+    },
+    "message": "Registration successful"
+}
+```
 
 **POST /auth/login**
 
@@ -129,11 +150,61 @@ Returns `{ user, tokens: { accessToken, refreshToken }}`
 }
 ```
 
-Returns `{ user, tokens: { accessToken, refreshToken }}`
+Returns:
+
+```json
+{
+    "success": true,
+    "data": {
+        "user":{
+            ...
+            ...
+        },
+        "tokens": {
+            "accessToken": "access_token",
+            "refreshToken": "refresh_token"
+        }
+    },
+    "message": "Login successful"
+}
+```
+
+**POST /auth/refresh-token**
+
+```json
+{
+    "refreshToken": "your_refresh_token"
+}
+```
+
+Returns:
+
+```json
+{
+    "success": true,
+    "data": {
+        "accessToken": "new_access_token",
+        "refreshToken": "new_refresh_token"
+    },
+    "message": "Tokens refreshed"
+}
+```
+
+Use this endpoint when the access token expires. Send a valid refresh token and the API will issue a new token pair.
 
 **GET /auth/me** _(requires Bearer token)_
-</br>
-Returns the current user (sanitized, no password).
+
+Returns:
+
+```json
+{
+    "success":true,
+    "data":{
+        ...
+        ...
+    }
+}
+```
 
 ---
 

package/dist/core/routes/auth.routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.routes.d.ts","sourceRoot":"","sources":["../../../src/core/routes/auth.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAMjC,eAAO,MAAM,gBAAgB,QAAO,MAWnC,CAAC"}
+{"version":3,"file":"auth.routes.d.ts","sourceRoot":"","sources":["../../../src/core/routes/auth.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAOjC,eAAO,MAAM,gBAAgB,QAAO,MAYnC,CAAC"}

package/dist/core/routes/auth.routes.js

@@ -1,6 +1,7 @@
 import { Router } from 'express';
 import { loginController } from '../../features/login/login.controller.js';
 import { meController } from '../../features/me/me.controller.js';
+import { refreshTokenController } from '../../features/refresh-token/refreshToken.controller.js';
 import { registerController } from '../../features/register/register.controller.js';
 import { authenticate } from '../../middleware/authenticate.middleware.js';
 export const createAuthRouter = () => {
@@ -8,6 +9,7 @@ export const createAuthRouter = () => {
     // Public routes
     router.post('/register', registerController);
     router.post('/login', loginController);
+    router.post('/refresh-token', refreshTokenController);
     // Protected routes
     router.get('/me', authenticate, meController);
     return router;

package/dist/core/routes/auth.routes.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.routes.js","sourceRoot":"","sources":["../../../src/core/routes/auth.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,6CAA6C,CAAC;AAE3E,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAW,EAAE;IACzC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,gBAAgB;IAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;IAC7C,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAEvC,mBAAmB;IACnB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAE9C,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC"}
+{"version":3,"file":"auth.routes.js","sourceRoot":"","sources":["../../../src/core/routes/auth.routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,oCAAoC,CAAC;AAClE,OAAO,EAAE,sBAAsB,EAAE,MAAM,yDAAyD,CAAC;AACjG,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,6CAA6C,CAAC;AAE3E,MAAM,CAAC,MAAM,gBAAgB,GAAG,GAAW,EAAE;IACzC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,gBAAgB;IAChB,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;IAC7C,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,sBAAsB,CAAC,CAAC;IAEtD,mBAAmB;IACnB,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;IAE9C,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC"}

package/dist/features/refresh-token/refreshToken.controller.d.ts

@@ -0,0 +1,3 @@
+import { NextFunction, Request, Response } from 'express';
+export declare const refreshTokenController: (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=refreshToken.controller.d.ts.map

package/dist/features/refresh-token/refreshToken.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.controller.d.ts","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAM1D,eAAO,MAAM,sBAAsB,GAC/B,KAAK,OAAO,EACZ,KAAK,QAAQ,EACb,MAAM,YAAY,KACnB,OAAO,CAAC,IAAI,CAUd,CAAC"}

package/dist/features/refresh-token/refreshToken.controller.js

@@ -0,0 +1,16 @@
+import { getConfig } from '../../core/stores/config.store.js';
+import { sendSuccess } from '../../utils/response.js';
+import { refreshTokens } from './refreshToken.service.js';
+import { validateRefreshTokenInput } from './refreshToken.validator.js';
+export const refreshTokenController = async (req, res, next) => {
+    try {
+        const { refreshToken } = validateRefreshTokenInput(req.body);
+        const config = getConfig();
+        const tokens = await refreshTokens(refreshToken, config);
+        sendSuccess(res, { tokens }, 'Tokens refreshed');
+    }
+    catch (err) {
+        next(err);
+    }
+};
+//# sourceMappingURL=refreshToken.controller.js.map

package/dist/features/refresh-token/refreshToken.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.controller.js","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.controller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,mCAAmC,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EACvC,GAAY,EACZ,GAAa,EACb,IAAkB,EACL,EAAE;IACf,IAAI,CAAC;QACD,MAAM,EAAE,YAAY,EAAE,GAAG,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAEzD,WAAW,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,CAAC;AACL,CAAC,CAAC"}

package/dist/features/refresh-token/refreshToken.service.d.ts

@@ -0,0 +1,4 @@
+import { AuthTokens } from '../../types/auth.types.js';
+import { SecureAuthConfig } from '../../types/config.types.js';
+export declare const refreshTokens: (token: string, config: SecureAuthConfig) => Promise<AuthTokens>;
+//# sourceMappingURL=refreshToken.service.d.ts.map

package/dist/features/refresh-token/refreshToken.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.service.d.ts","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAI/D,eAAO,MAAM,aAAa,GACtB,OAAO,MAAM,EACb,QAAQ,gBAAgB,KACzB,OAAO,CAAC,UAAU,CAmBpB,CAAC"}

package/dist/features/refresh-token/refreshToken.service.js

@@ -0,0 +1,18 @@
+import { AppError } from '../../utils/AppError.js';
+import { generateAccessToken, generateRefreshToken, verifyToken } from '../../utils/jwt.js';
+export const refreshTokens = async (token, config) => {
+    const { userModel, jwt: jwtConfig } = config;
+    const payload = verifyToken(token, jwtConfig);
+    if (payload.type !== 'refresh') {
+        throw AppError.unauthorized('Invalid token type', 'TOKEN_TYPE_MISMATCH');
+    }
+    const user = await userModel.findById(payload.userId);
+    if (!user) {
+        throw AppError.unauthorized('User no longer exists', 'USER_NOT_FOUND');
+    }
+    const tokenPayload = { userId: String(user._id), email: user.email };
+    const accessToken = generateAccessToken(tokenPayload, jwtConfig);
+    const refreshToken = generateRefreshToken(tokenPayload, jwtConfig);
+    return { accessToken, refreshToken };
+};
+//# sourceMappingURL=refreshToken.service.js.map

package/dist/features/refresh-token/refreshToken.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.service.js","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAE5F,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAC9B,KAAa,EACb,MAAwB,EACL,EAAE;IACrB,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;IAE7C,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAE9C,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,CAAC,YAAY,CAAC,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,MAAM,QAAQ,CAAC,YAAY,CAAC,uBAAuB,EAAE,gBAAgB,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,YAAY,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IACrE,MAAM,WAAW,GAAG,mBAAmB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,oBAAoB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAEnE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;AACzC,CAAC,CAAC"}

package/dist/features/refresh-token/refreshToken.validator.d.ts

@@ -0,0 +1,3 @@
+import { RefreshTokenInput } from '../../types/auth.types.js';
+export declare const validateRefreshTokenInput: (body: unknown) => RefreshTokenInput;
+//# sourceMappingURL=refreshToken.validator.d.ts.map

package/dist/features/refresh-token/refreshToken.validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.validator.d.ts","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAG9D,eAAO,MAAM,yBAAyB,GAAI,MAAM,OAAO,KAAG,iBAYzD,CAAC"}

package/dist/features/refresh-token/refreshToken.validator.js

@@ -0,0 +1,12 @@
+import { AppError } from '../../utils/AppError.js';
+export const validateRefreshTokenInput = (body) => {
+    if (typeof body !== 'object' || body === null) {
+        throw AppError.badRequest('Request body is required', 'INVALID_BODY');
+    }
+    const { refreshToken } = body;
+    if (typeof refreshToken !== 'string' || !refreshToken.trim()) {
+        throw AppError.badRequest('Refresh token is required', 'REFRESH_TOKEN_REQUIRED');
+    }
+    return { refreshToken };
+};
+//# sourceMappingURL=refreshToken.validator.js.map

package/dist/features/refresh-token/refreshToken.validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"refreshToken.validator.js","sourceRoot":"","sources":["../../../src/features/refresh-token/refreshToken.validator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAEnD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,IAAa,EAAqB,EAAE;IAC1E,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,QAAQ,CAAC,UAAU,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,GAAG,IAA+B,CAAC;IAEzD,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC;QAC3D,MAAM,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,wBAAwB,CAAC,CAAC;IACrF,CAAC;IAED,OAAO,EAAE,YAAY,EAAE,CAAC;AAC5B,CAAC,CAAC"}

package/dist/types/auth.types.d.ts

@@ -29,4 +29,7 @@ export interface LoginResult {
     user: SanitizedUser;
     tokens: AuthTokens;
 }
+export interface RefreshTokenInput {
+    refreshToken: string;
+}
 //# sourceMappingURL=auth.types.d.ts.map

package/dist/types/auth.types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.types.d.ts","sourceRoot":"","sources":["../../src/types/auth.types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;CACtB"}
+{"version":3,"file":"auth.types.d.ts","sourceRoot":"","sources":["../../src/types/auth.types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC3B,IAAI,EAAE,aAAa,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IACxB,IAAI,EAAE,aAAa,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAC9B,YAAY,EAAE,MAAM,CAAC;CACxB"}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "secure-auth-kit",
-    "version": "1.0.4",
+    "version": "1.0.5",
     "description": "Authentication toolkit for Express and MongoDB",
     "repository": {
         "type": "git",
@@ -28,6 +28,7 @@
         "build": "tsc"
     },
     "keywords": [
+        "secure auth kit",
         "authentication",
         "jwt",
         "express",
@@ -51,5 +52,6 @@
         "typescript": "^5.4.0",
         "express": "^5.2.1",
         "mongoose": "^8.24.0"
-    }
+    },
+    "license": "MIT"
 }