webortex-auth 1.0.0

package/.env.example

@@ -0,0 +1,15 @@
+# Example .env file for consuming application
+# Copy this to .env and update with your values
+
+# MongoDB Connection
+MONGO_URI=mongodb://localhost:27017/your-database-name
+
+# JWT Configuration (REQUIRED)
+JWT_SECRET=your-super-secret-jwt-key-change-this-to-something-secure
+
+# JWT Token Expiration (Optional, default: 24h)
+JWT_EXPIRES_IN=24h
+
+# Server Configuration
+PORT=3000
+NODE_ENV=development

package/PUBLISHING.md

@@ -0,0 +1,303 @@
+# Publishing webortex-auth to npm
+
+## Prerequisites
+
+Before publishing, ensure you have:
+- ✅ An npm account (create one at https://www.npmjs.com/signup)
+- ✅ Node.js and npm installed
+- ✅ Package is ready and tested
+
+## Step-by-Step Publishing Guide
+
+### 1. Create npm Account (if you don't have one)
+
+Visit https://www.npmjs.com/signup and create an account.
+
+---
+
+### 2. Login to npm
+
+Open your terminal in the package directory and login:
+
+```bash
+npm login
+```
+
+You'll be prompted for:
+- Username
+- Password
+- Email (this will be public)
+- One-time password (if 2FA is enabled)
+
+**Verify login:**
+```bash
+npm whoami
+```
+
+---
+
+### 3. Check Package Name Availability
+
+Before publishing, verify the package name is available:
+
+```bash
+npm search webortex-auth
+```
+
+If the name is taken, you'll need to:
+- Choose a different name, OR
+- Use a scoped package: `@your-username/webortex-auth`
+
+**To use a scoped package**, update `package.json`:
+```json
+{
+  "name": "@your-username/webortex-auth",
+  ...
+}
+```
+
+---
+
+### 4. Verify Package Contents
+
+Check what files will be published:
+
+```bash
+npm pack --dry-run
+```
+
+This shows you exactly what will be included in the package. Verify:
+- ✅ `src/` directory is included
+- ✅ `README.md` is included
+- ✅ `package.json` is included
+- ❌ `node_modules/` is NOT included
+- ❌ `.env` files are NOT included
+
+---
+
+### 5. Test Package Locally (Recommended)
+
+Before publishing, test the package locally:
+
+```bash
+# In webortex-auth directory
+npm pack
+```
+
+This creates a `.tgz` file (e.g., `webortex-auth-1.0.0.tgz`).
+
+**Test in another project:**
+```bash
+# Create test project
+mkdir test-webortex-auth
+cd test-webortex-auth
+npm init -y
+
+# Install the local package
+npm install ../webortex-auth/webortex-auth-1.0.0.tgz
+
+# Test it works
+```
+
+---
+
+### 6. Update Package Version (for future releases)
+
+For the first publish, version `1.0.0` is fine. For future updates:
+
+```bash
+# Patch release (1.0.0 -> 1.0.1) - bug fixes
+npm version patch
+
+# Minor release (1.0.0 -> 1.1.0) - new features
+npm version minor
+
+# Major release (1.0.0 -> 2.0.0) - breaking changes
+npm version major
+```
+
+---
+
+### 7. Publish to npm
+
+**For public package (free):**
+```bash
+npm publish
+```
+
+**For scoped package (public):**
+```bash
+npm publish --access public
+```
+
+**For private package (requires paid account):**
+```bash
+npm publish --access restricted
+```
+
+---
+
+### 8. Verify Publication
+
+After publishing, verify your package:
+
+1. **Visit npm website:**
+   ```
+   https://www.npmjs.com/package/webortex-auth
+   ```
+
+2. **Install from npm:**
+   ```bash
+   npm install webortex-auth
+   ```
+
+3. **Check package info:**
+   ```bash
+   npm info webortex-auth
+   ```
+
+---
+
+## Common Issues & Solutions
+
+### Issue: Package name already exists
+
+**Solution:** Use a scoped package name:
+```json
+{
+  "name": "@your-username/webortex-auth"
+}
+```
+
+### Issue: "You do not have permission to publish"
+
+**Solutions:**
+- Verify you're logged in: `npm whoami`
+- Use scoped package with `--access public`
+- Check if package name is already taken
+
+### Issue: "npm ERR! 402 Payment Required"
+
+**Solution:** You're trying to publish a private scoped package. Either:
+- Publish as public: `npm publish --access public`
+- Upgrade to npm Pro for private packages
+
+### Issue: Files missing in published package
+
+**Solution:** Check your `.npmignore` and ensure important files aren't excluded.
+
+---
+
+## Post-Publication Checklist
+
+After successful publication:
+
+- [ ] Verify package appears on npm website
+- [ ] Test installation: `npm install webortex-auth`
+- [ ] Check README renders correctly on npm
+- [ ] Add repository URL to package.json (if using GitHub)
+- [ ] Add badges to README (version, downloads, license)
+- [ ] Share with the community!
+
+---
+
+## Updating Your Package
+
+When you make changes and want to publish an update:
+
+1. **Make your changes**
+2. **Update version:**
+   ```bash
+   npm version patch  # or minor/major
+   ```
+3. **Publish:**
+   ```bash
+   npm publish
+   ```
+
+---
+
+## Unpublishing (Use with Caution)
+
+You can unpublish within 72 hours:
+
+```bash
+# Unpublish specific version
+npm unpublish webortex-auth@1.0.0
+
+# Unpublish entire package (only within 72 hours)
+npm unpublish webortex-auth --force
+```
+
+⚠️ **Warning:** Unpublishing is discouraged as it breaks dependencies for others.
+
+---
+
+## Optional: Add to package.json
+
+Consider adding these fields before publishing:
+
+```json
+{
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-username/webortex-auth.git"
+  },
+  "bugs": {
+    "url": "https://github.com/your-username/webortex-auth/issues"
+  },
+  "homepage": "https://github.com/your-username/webortex-auth#readme"
+}
+```
+
+---
+
+## Quick Command Reference
+
+```bash
+# Login
+npm login
+
+# Check login
+npm whoami
+
+# Preview package contents
+npm pack --dry-run
+
+# Test package locally
+npm pack
+
+# Publish
+npm publish
+
+# Publish scoped package as public
+npm publish --access public
+
+# Update version
+npm version patch|minor|major
+
+# View package info
+npm info webortex-auth
+```
+
+---
+
+## 🎉 Ready to Publish?
+
+Run these commands in order:
+
+```bash
+# 1. Navigate to package directory
+cd "d:\Prem Secure Solutions\webortex-auth"
+
+# 2. Login to npm
+npm login
+
+# 3. Preview what will be published
+npm pack --dry-run
+
+# 4. Publish!
+npm publish
+```
+
+Good luck! 🚀

package/README.md

@@ -0,0 +1,391 @@
+# webortex-auth
+
+A production-ready, reusable authentication package for Node.js applications using Express and MongoDB (Mongoose) with dependency injection pattern.
+
+## ✨ Features
+
+- 🔐 **Secure Authentication** - JWT-based signup and login
+- 💉 **Dependency Injection** - No internal MongoDB connections
+- 🚀 **Zero Configuration** - Works out of the box
+- 🔒 **Password Hashing** - Automatic bcrypt hashing
+- ⚡ **ES Modules** - Modern JavaScript support
+- 🎯 **Type Safe** - Clean API with factory functions
+- 🔄 **Reusable** - Use across multiple projects
+- 🛡️ **Production Ready** - Comprehensive error handling
+
+## 📦 Installation
+
+```bash
+npm install webortex-auth
+```
+
+## 🚀 Quick Start
+
+```javascript
+import express from 'express';
+import mongoose from 'mongoose';
+import { authRoutes } from 'webortex-auth';
+
+const app = express();
+app.use(express.json());
+
+// 1. Connect to MongoDB FIRST
+await mongoose.connect(process.env.MONGO_URI);
+
+// 2. Pass connected mongoose instance to the package
+app.use('/api/auth', authRoutes(mongoose));
+
+app.listen(3000, () => {
+  console.log('Server running on port 3000');
+});
+```
+
+## 🔧 Environment Variables
+
+Create a `.env` file in your project root:
+
+```env
+MONGO_URI=mongodb://localhost:27017/your-database
+JWT_SECRET=your-super-secret-jwt-key-change-this
+JWT_EXPIRES_IN=24h
+NODE_ENV=development
+```
+
+**Required:**
+- `JWT_SECRET` - Secret key for JWT token generation
+
+**Optional:**
+- `JWT_EXPIRES_IN` - Token expiration time (default: `24h`)
+- `NODE_ENV` - Environment mode (shows detailed errors in `development`)
+
+## 📡 API Endpoints
+
+### POST `/signup`
+
+Register a new user.
+
+**Request Body:**
+```json
+{
+  "name": "John Doe",
+  "email": "john@example.com",
+  "password": "securePassword123"
+}
+```
+
+**Success Response (201):**
+```json
+{
+  "success": true,
+  "message": "User registered successfully",
+  "data": {
+    "user": {
+      "id": "507f1f77bcf86cd799439011",
+      "name": "John Doe",
+      "email": "john@example.com",
+      "createdAt": "2025-12-28T08:30:00.000Z"
+    }
+  }
+}
+```
+
+**Error Response (409 - Duplicate Email):**
+```json
+{
+  "success": false,
+  "message": "User with this email already exists"
+}
+```
+
+---
+
+### POST `/login`
+
+Authenticate a user and receive JWT token.
+
+**Request Body:**
+```json
+{
+  "email": "john@example.com",
+  "password": "securePassword123"
+}
+```
+
+**Success Response (200):**
+```json
+{
+  "success": true,
+  "message": "Login successful",
+  "data": {
+    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
+    "user": {
+      "id": "507f1f77bcf86cd799439011",
+      "name": "John Doe",
+      "email": "john@example.com"
+    }
+  }
+}
+```
+
+**Error Response (401 - Invalid Credentials):**
+```json
+{
+  "success": false,
+  "message": "Invalid email or password"
+}
+```
+
+## 💡 Usage Examples
+
+### Complete Express App
+
+```javascript
+import express from 'express';
+import mongoose from 'mongoose';
+import dotenv from 'dotenv';
+import { authRoutes } from 'webortex-auth';
+
+dotenv.config();
+
+const app = express();
+app.use(express.json());
+
+// Connect to MongoDB
+const connectDB = async () => {
+  try {
+    await mongoose.connect(process.env.MONGO_URI);
+    console.log('MongoDB connected successfully');
+  } catch (error) {
+    console.error('MongoDB connection error:', error);
+    process.exit(1);
+  }
+};
+
+await connectDB();
+
+// Use auth routes
+app.use('/api/auth', authRoutes(mongoose));
+
+// Health check
+app.get('/health', (req, res) => {
+  res.json({ status: 'ok' });
+});
+
+const PORT = process.env.PORT || 3000;
+app.listen(PORT, () => {
+  console.log(`Server running on port ${PORT}`);
+});
+```
+
+### Using with Custom Routes
+
+```javascript
+import { authRoutes } from 'webortex-auth';
+
+// Mount on different path
+app.use('/auth', authRoutes(mongoose));
+
+// Or with route prefix
+app.use('/v1/authentication', authRoutes(mongoose));
+```
+
+### Testing with cURL
+
+**Signup:**
+```bash
+curl -X POST http://localhost:3000/api/auth/signup \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "John Doe",
+    "email": "john@example.com",
+    "password": "securePassword123"
+  }'
+```
+
+**Login:**
+```bash
+curl -X POST http://localhost:3000/api/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{
+    "email": "john@example.com",
+    "password": "securePassword123"
+  }'
+```
+
+## 🔍 Advanced Usage
+
+### Accessing User Model
+
+If you need direct access to the User model:
+
+```javascript
+import { createUserModel } from 'webortex-auth';
+
+const User = createUserModel(mongoose);
+
+// Now you can use the User model
+const users = await User.find();
+```
+
+### Custom Middleware
+
+Add middleware before auth routes:
+
+```javascript
+import rateLimit from 'express-rate-limit';
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 5 // limit each IP to 5 requests per windowMs
+});
+
+app.use('/api/auth/login', limiter);
+app.use('/api/auth', authRoutes(mongoose));
+```
+
+## ⚠️ Common Errors & Fixes
+
+### Error: `buffering timed out after 10000ms`
+
+**Cause:** Mongoose is not connected before using the package.
+
+**Fix:** Ensure you connect to MongoDB before using `authRoutes`:
+
+```javascript
+// ✅ Correct
+await mongoose.connect(process.env.MONGO_URI);
+app.use('/api/auth', authRoutes(mongoose));
+
+// ❌ Wrong
+app.use('/api/auth', authRoutes(mongoose));
+await mongoose.connect(process.env.MONGO_URI);
+```
+
+---
+
+### Error: `JWT_SECRET is not defined`
+
+**Cause:** Missing `JWT_SECRET` environment variable.
+
+**Fix:** Add to your `.env` file:
+
+```env
+JWT_SECRET=your-secret-key-here
+```
+
+---
+
+### Error: `E11000 duplicate key error`
+
+**Cause:** User with the email already exists.
+
+**Fix:** This is expected behavior. The API returns a 409 status code. Handle it in your client:
+
+```javascript
+const response = await fetch('/api/auth/signup', {
+  method: 'POST',
+  body: JSON.stringify(userData)
+});
+
+if (response.status === 409) {
+  console.log('Email already registered');
+}
+```
+
+---
+
+### Error: `Cannot find module 'mongoose'`
+
+**Cause:** Mongoose is a peer dependency and must be installed separately.
+
+**Fix:**
+
+```bash
+npm install mongoose
+```
+
+## 🏗️ Package Structure
+
+```
+webortex-auth/
+├── src/
+│   ├── controllers/
+│   │   └── auth.controller.js    # Signup & Login logic
+│   ├── models/
+│   │   └── User.model.js         # User schema with password hashing
+│   ├── routes/
+│   │   └── auth.routes.js        # Express routes
+│   └── index.js                  # Public API exports
+├── package.json
+├── README.md
+└── .npmignore
+```
+
+## 🛡️ Security Best Practices
+
+1. **Never commit `.env` files** - Add to `.gitignore`
+2. **Use strong JWT secrets** - Generate with: `node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"`
+3. **Enable HTTPS in production** - Use SSL/TLS certificates
+4. **Add rate limiting** - Prevent brute force attacks
+5. **Validate input** - Consider adding validation middleware
+6. **Use environment variables** - Never hardcode secrets
+
+## 📝 User Schema
+
+The package creates a User model with the following schema:
+
+```javascript
+{
+  name: String,        // Required, trimmed
+  email: String,       // Required, unique, lowercase, validated
+  password: String,    // Required, hashed with bcrypt, min 6 chars
+  createdAt: Date,     // Auto-generated
+  updatedAt: Date      // Auto-generated
+}
+```
+
+## 🔄 How It Works
+
+1. **Dependency Injection**: The package receives a connected mongoose instance from your app
+2. **Model Creation**: User model is created using the injected mongoose instance
+3. **No Internal Connections**: Package never calls `mongoose.connect()`
+4. **Factory Pattern**: All exports are factory functions that accept mongoose
+5. **Single Instance**: Prevents multiple mongoose instances and buffering issues
+
+## 🚀 Why Dependency Injection?
+
+**Traditional packages** create their own mongoose connection:
+```javascript
+// ❌ Creates separate connection
+import auth from 'some-auth-package';
+```
+
+**This package** uses your existing connection:
+```javascript
+// ✅ Uses your connection
+import { authRoutes } from 'webortex-auth';
+app.use('/api/auth', authRoutes(mongoose));
+```
+
+**Benefits:**
+- ✅ No buffering timeout errors
+- ✅ No multiple mongoose instances
+- ✅ No peerDependency conflicts
+- ✅ Works in monorepos
+- ✅ Full control over connection
+
+## 📄 License
+
+MIT
+
+## 🤝 Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.
+
+## 📧 Support
+
+For issues and questions, please open an issue on GitHub.
+
+---
+
+**Made with ❤️ by WebOrtex**

package/example-usage.js

@@ -0,0 +1,70 @@
+import express from 'express';
+import mongoose from 'mongoose';
+import dotenv from 'dotenv';
+import { authRoutes } from 'webortex-auth';
+
+// Load environment variables
+dotenv.config();
+
+const app = express();
+
+// Middleware
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+
+// Connect to MongoDB
+const connectDB = async () => {
+    try {
+        await mongoose.connect(process.env.MONGO_URI, {
+            useNewUrlParser: true,
+            useUnifiedTopology: true,
+        });
+        console.log('✅ MongoDB connected successfully');
+    } catch (error) {
+        console.error('❌ MongoDB connection error:', error.message);
+        process.exit(1);
+    }
+};
+
+// Initialize database connection
+await connectDB();
+
+// Health check endpoint
+app.get('/health', (req, res) => {
+    res.json({
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        database: mongoose.connection.readyState === 1 ? 'connected' : 'disconnected',
+    });
+});
+
+// Use webortex-auth routes
+// IMPORTANT: Pass the connected mongoose instance
+app.use('/api/auth', authRoutes(mongoose));
+
+// 404 handler
+app.use((req, res) => {
+    res.status(404).json({
+        success: false,
+        message: 'Route not found',
+    });
+});
+
+// Error handler
+app.use((err, req, res, next) => {
+    console.error('Error:', err);
+    res.status(500).json({
+        success: false,
+        message: 'Internal server error',
+        error: process.env.NODE_ENV === 'development' ? err.message : undefined,
+    });
+});
+
+// Start server
+const PORT = process.env.PORT || 3000;
+app.listen(PORT, () => {
+    console.log(`🚀 Server running on http://localhost:${PORT}`);
+    console.log(`📡 Auth endpoints available at http://localhost:${PORT}/api/auth`);
+    console.log(`   - POST /api/auth/signup`);
+    console.log(`   - POST /api/auth/login`);
+});

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "webortex-auth",
+  "version": "1.0.0",
+  "description": "Reusable authentication package for Express + MongoDB with dependency injection",
+  "type": "module",
+  "main": "./src/index.js",
+  "exports": {
+    ".": "./src/index.js"
+  },
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "authentication",
+    "express",
+    "mongoose",
+    "jwt",
+    "auth",
+    "login",
+    "signup",
+    "mongodb"
+  ],
+  "author": "WebOrtex",
+  "license": "MIT",
+  "peerDependencies": {
+    "express": "^4.18.0",
+    "mongoose": "^7.0.0 || ^8.0.0"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "jsonwebtoken": "^9.0.2"
+  },
+  "engines": {
+    "node": ">=16.0.0",
+    "npm": ">=9.0.0"
+  }
+}

package/src/controllers/auth.controller.js

@@ -0,0 +1,156 @@
+import jwt from 'jsonwebtoken';
+import { createUserModel } from '../models/User.model.js';
+
+/**
+ * Creates authentication controllers with injected mongoose instance
+ * @param {Object} mongoose - Connected mongoose instance from consuming app
+ * @returns {Object} Authentication controllers (signup, login)
+ */
+export const createAuthController = (mongoose) => {
+    const User = createUserModel(mongoose);
+
+    /**
+     * Signup Controller
+     * Creates a new user account
+     */
+    const signup = async (req, res) => {
+        try {
+            const { name, email, password } = req.body;
+
+            // Validate required fields
+            if (!name || !email || !password) {
+                return res.status(400).json({
+                    success: false,
+                    message: 'Please provide name, email, and password',
+                });
+            }
+
+            // Check if user already exists
+            const existingUser = await User.findOne({ email });
+            if (existingUser) {
+                return res.status(409).json({
+                    success: false,
+                    message: 'User with this email already exists',
+                });
+            }
+
+            // Create new user (password will be hashed by pre-save hook)
+            const user = await User.create({
+                name,
+                email,
+                password,
+            });
+
+            // Return success response without password
+            return res.status(201).json({
+                success: true,
+                message: 'User registered successfully',
+                data: {
+                    user: {
+                        id: user._id,
+                        name: user.name,
+                        email: user.email,
+                        createdAt: user.createdAt,
+                    },
+                },
+            });
+        } catch (error) {
+            // Handle duplicate key error (E11000)
+            if (error.code === 11000) {
+                return res.status(409).json({
+                    success: false,
+                    message: 'User with this email already exists',
+                });
+            }
+
+            // Handle validation errors
+            if (error.name === 'ValidationError') {
+                const messages = Object.values(error.errors).map((err) => err.message);
+                return res.status(400).json({
+                    success: false,
+                    message: messages.join(', '),
+                });
+            }
+
+            // Generic error
+            return res.status(500).json({
+                success: false,
+                message: 'Error creating user',
+                error: process.env.NODE_ENV === 'development' ? error.message : undefined,
+            });
+        }
+    };
+
+    /**
+     * Login Controller
+     * Authenticates user and returns JWT token
+     */
+    const login = async (req, res) => {
+        try {
+            const { email, password } = req.body;
+
+            // Validate required fields
+            if (!email || !password) {
+                return res.status(400).json({
+                    success: false,
+                    message: 'Please provide email and password',
+                });
+            }
+
+            // Find user and include password field
+            const user = await User.findOne({ email }).select('+password');
+            if (!user) {
+                return res.status(401).json({
+                    success: false,
+                    message: 'Invalid email or password',
+                });
+            }
+
+            // Compare passwords
+            const isPasswordValid = await user.comparePassword(password);
+            if (!isPasswordValid) {
+                return res.status(401).json({
+                    success: false,
+                    message: 'Invalid email or password',
+                });
+            }
+
+            // Check if JWT_SECRET is defined
+            if (!process.env.JWT_SECRET) {
+                throw new Error('JWT_SECRET is not defined in environment variables');
+            }
+
+            // Generate JWT token
+            const token = jwt.sign(
+                { userId: user._id, email: user.email },
+                process.env.JWT_SECRET,
+                { expiresIn: process.env.JWT_EXPIRES_IN || '24h' }
+            );
+
+            // Return success response with token
+            return res.status(200).json({
+                success: true,
+                message: 'Login successful',
+                data: {
+                    token,
+                    user: {
+                        id: user._id,
+                        name: user.name,
+                        email: user.email,
+                    },
+                },
+            });
+        } catch (error) {
+            return res.status(500).json({
+                success: false,
+                message: 'Error during login',
+                error: process.env.NODE_ENV === 'development' ? error.message : undefined,
+            });
+        }
+    };
+
+    return {
+        signup,
+        login,
+    };
+};

package/src/index.js

@@ -0,0 +1,9 @@
+/**
+ * webortex-auth - Reusable authentication package
+ * 
+ * Main entry point for the package
+ * Exports factory functions that accept injected mongoose instance
+ */
+
+export { createAuthRoutes as authRoutes } from './routes/auth.routes.js';
+export { createUserModel } from './models/User.model.js';

package/src/models/User.model.js

@@ -0,0 +1,70 @@
+import bcrypt from 'bcryptjs';
+
+/**
+ * Creates User model with injected mongoose instance
+ * @param {Object} mongoose - Connected mongoose instance from consuming app
+ * @returns {Model} User model
+ */
+export const createUserModel = (mongoose) => {
+  // Prevent model recompilation error
+  if (mongoose.models.User) {
+    return mongoose.models.User;
+  }
+
+  const userSchema = new mongoose.Schema(
+    {
+      name: {
+        type: String,
+        required: [true, 'Name is required'],
+        trim: true,
+      },
+      email: {
+        type: String,
+        required: [true, 'Email is required'],
+        unique: true,
+        lowercase: true,
+        trim: true,
+        match: [
+          /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/,
+          'Please provide a valid email',
+        ],
+      },
+      password: {
+        type: String,
+        required: [true, 'Password is required'],
+        minlength: [6, 'Password must be at least 6 characters'],
+        select: false, // Don't return password by default
+      },
+    },
+    {
+      timestamps: true,
+    }
+  );
+
+  // Hash password before saving
+  userSchema.pre('save', async function (next) {
+    // Only hash if password is modified
+    if (!this.isModified('password')) {
+      return next();
+    }
+
+    try {
+      const salt = await bcrypt.genSalt(10);
+      this.password = await bcrypt.hash(this.password, salt);
+      next();
+    } catch (error) {
+      next(error);
+    }
+  });
+
+  // Method to compare passwords
+  userSchema.methods.comparePassword = async function (candidatePassword) {
+    try {
+      return await bcrypt.compare(candidatePassword, this.password);
+    } catch (error) {
+      throw new Error('Password comparison failed');
+    }
+  };
+
+  return mongoose.model('User', userSchema);
+};

package/src/routes/auth.routes.js

@@ -0,0 +1,20 @@
+import express from 'express';
+import { createAuthController } from '../controllers/auth.controller.js';
+
+/**
+ * Creates authentication routes with injected mongoose instance
+ * @param {Object} mongoose - Connected mongoose instance from consuming app
+ * @returns {Router} Express router with auth routes
+ */
+export const createAuthRoutes = (mongoose) => {
+    const router = express.Router();
+    const { signup, login } = createAuthController(mongoose);
+
+    // POST /signup - Register new user
+    router.post('/signup', signup);
+
+    // POST /login - Authenticate user
+    router.post('/login', login);
+
+    return router;
+};