3.7.6 • Published 10 months ago

@mattplaygamez/auth v3.7.6

Weekly downloads
-
License
-
Repository
github
Last release
10 months ago

@MattPlayGamez/Auth

A versatile and secure authentication module for Node.js applications.

DEPRECATED

Warning TO GET UPDATES AND FUTURE PROOFING, please use seamless-auth package

Features

  • Support for multiple storage methods: MongoDB, encrypted file, or in-memory
  • User registration and login
  • Password hashing with bcrypt
  • JWT token verification
  • Two-factor authentication (2FA) with QR codes
  • Login attempt limiting and user locking
  • Password reset and 2FA management

Installation

Install the module via npm:

npm install seamless-auth

Usage

Import the desired version of the authenticator:

// For MongoDB support
const Authenticator = require('seamless-auth/mongodb');
// For encrypted file storage
const Authenticator = require('seamless-auth/file');
// For in-memory storage
const Authenticator = require('seamless-auth/memory');

If you use MongoDB, you NEED to make a schema with these values as a minimum. You can add as many fields as you need. (e.g., phone number, address)

const DB_SCHEMA = {
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
    loginAttempts: { type: Number, default: 0 },
    locked: { type: Boolean, default: false },
    emailCode: { type: String, default: "", required: false, unique: true },
    wants2FA: { type: Boolean, default: false },
    secret2FA: String
}

Initialize the authenticator with the required parameters:

const auth = new Authenticator(
QR_LABEL,
SALT,
JWT_SECRET_KEY,
JWT_OPTIONS,
MAX_LOGIN_ATTEMPTS,
USER_OBJECT // Only for memory authentication
DB_CONNECTION_STRING, //for MONGODB or DB_FILE_PATH for file storage
DB_SCHEMA, // for MONGODB schema  
DB_PASSWORD // only for file storage
);

API

register(userObject)

Registers a new user.

login(email, password, twoFactorCode || null)

Logs in a user.

getInfoFromUser(userId)

Retrieves user information.

verifyToken(token)

Verifies a JWT token.

verify2FA(userId, twoFactorCode)

Verifies a 2FA code. Useful for reverifying user identity when accessing sensitive functions

resetPassword(userId, newPassword)

Resets a user's password.

changeLoginAttempts(userId, attempts)

Changes the number of login attempts for a user.

lockUser(userId)

Locks a user account.

unlockUser(userId)

Unlocks a user account.

remove2FA(userId)

Removes 2FA for a user.

add2FA(userId)

Adds 2FA for a user.

registerEmailSignin(email)

Generates a OTP so the user can use passwordless login, using their email

verifyEmailSignin(emailCode)

Verifies the OTP from the user and responds with a valid jwt_token

revokeUserTokens(userId)

Revokes all existing JWT token for that user

removeUser(userId)

Removes a user.

Example

Encrypted File

import Authenticator from 'seamless-auth/file.js';
const auth = new Authenticator(
    'MyApp',
    12,
    'my_secret_key',
    { expiresIn: '1h' },
    5,
    './users.db',
    'db_password'
);

Memory storage (ephemeral)

import Authenticator from 'seamless-auth/memory'
let USERS = [] // If you want to have existing users, add here
const auth = new Authenticator(
    'MyApp',
    12,
    'your_jwt_secret',
    { expiresIn: '1h' },
    5,
    USERS
);
const Authenticator = require('seamless-auth/file');
const auth = new Authenticator(
'MyApp',
12,
'your_jwt_secret',
{ expiresIn: '1h' },
5,
'./users.db',
'db_password'
);
// Register a new user
const registerResult = await auth.register({
    email: 'user@example.com',
    password: 'secure_password',
    wants2FA: true
});
console.log(registerResult);

const loginResult = await auth.login('user@example.com', 'secure_password', '123456');
console.log(loginResult);
// OR   
const emailCode = await auth.registerEmailSignin('user@example.com'); // Sent code to users email or phone number

token = await auth.verifyEmailSignin(emailCode) // emailCode is that code that the user sends back, can be because a link he clicked or just when he filled the code in
console.log(token.jwt_token); // It responds with a JSON WEB TOKEN

await auth.revokeUserTokens(userId)
import Authenticator from "../mongodb.js";

let DB_SCHEMA = {
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
    loginAttempts: { type: Number, default: 0 },
    locked: { type: Boolean, default: false },
    wants2FA: { type: Boolean, default: false },
    secret2FA: String
}


let connectionString = "CONNECTIONSTRING" // The connection string for MongoDB
const auth = new Authenticator('MyApp', 12, 'your_jwt_secret', { expiresIn: '1 ' }, 5, connectionString, DB_SCHEMA);

License

Mozilla Public License, v. 2.0

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

Support

For questions or support, please open an issue on the GitHub repository.

bcryptdotenvjestjsonwebtokenmongooseqrcodespeakeasyuniqiduuid
3.7.5

10 months ago

3.7.4

10 months ago

3.7.3

10 months ago

3.7.2

10 months ago

3.7.6

10 months ago

3.7.1

10 months ago

3.7.0

10 months ago

3.0.2

10 months ago

3.0.1

10 months ago

3.6.1

10 months ago

3.5.2

10 months ago

3.6.0

10 months ago

3.5.1

10 months ago

3.5.0

10 months ago

3.0.0

10 months ago

2.0.3

10 months ago

2.5.0

10 months ago

2.5.2

10 months ago

2.5.1

10 months ago

2.0.2

10 months ago

2.0.1

10 months ago

2.0.0

10 months ago

1.0.0

4 years ago