npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@mattplaygamez/auth

v3.6.1

Published

A full fledged authentication system, you can initialize it with your own data. Supports password hashing and token generation, auto user locking, DB/file integration + more

Downloads

907

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mattplaygamezmattplaygamez

Keywords

Readme

@mattplaygamez/auth

A versatile and secure authentication module for Node.js applications.

Features

  • Support for multiple storage methods: MongoDB, encrypted file, or in-memory
  • User registration and login
  • Password hashing with bcrypt
  • JWT token verification
  • Two-factor authentication (2FA) with QR codes
  • Login attempt limiting and user locking
  • Password reset and 2FA management

Installation

Install the module via npm:

npm install @mattplaygamez/auth

Usage

Import the desired version of the authenticator:

// For MongoDB support
const Authenticator = require('@mattplaygamez/auth/mongodb');
// For encrypted file storage
const Authenticator = require('@mattplaygamez/auth/file');
// For in-memory storage
const Authenticator = require('@mattplaygamez/auth/memory');

If you use MongoDB, you NEED to make a schema with these values as a minimum. You can add as many fields as you need. (e.g., phone number, address)

const DB_SCHEMA = {
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
    loginAttempts: { type: Number, default: 0 },
    locked: { type: Boolean, default: false },
    emailCode: { type: String, default: "", required: false, unique: true },
    wants2FA: { type: Boolean, default: false },
    secret2FA: String
}

Initialize the authenticator with the required parameters:

const auth = new Authenticator(
QR_LABEL,
SALT,
JWT_SECRET_KEY,
JWT_OPTIONS,
MAX_LOGIN_ATTEMPTS,
USER_OBJECT // Only for memory authentication
DB_CONNECTION_STRING, //for MONGODB or DB_FILE_PATH for file storage
DB_SCHEMA, // for MONGODB schema  
DB_PASSWORD // only for file storage
);

API

register(userObject)

Registers a new user.

login(email, password, twoFactorCode || null)

Logs in a user.

getInfoFromUser(userId)

Retrieves user information.

verifyToken(token)

Verifies a JWT token.

verify2FA(userId, twoFactorCode)

Verifies a 2FA code. Useful for reverifying user identity when accessing sensitive functions

resetPassword(userId, newPassword)

Resets a user's password.

changeLoginAttempts(userId, attempts)

Changes the number of login attempts for a user.

lockUser(userId)

Locks a user account.

unlockUser(userId)

Unlocks a user account.

remove2FA(userId)

Removes 2FA for a user.

add2FA(userId)

Adds 2FA for a user.

registerEmailSignin(email)

Generates a OTP so the user can use passwordless login, using their email

verifyEmailSignin(emailCode)

Verifies the OTP from the user and responds with a valid jwt_token

revokeUserTokens(userId)

Revokes all existing JWT token for that user

removeUser(userId)

Removes a user.

Example

Encrypted File

import Authenticator from '@mattplaygamez/auth/file.js';
const auth = new Authenticator(
    'MyApp',
    12,
    'my_secret_key',
    { expiresIn: '1h' },
    5,
    './users.db',
    'db_password'
);

Memory storage (ephemeral)

import Authenticator from '@mattplaygamez/auth/memory'
let USERS = [] // If you want to have existing users, add here
const auth = new Authenticator(
    'MyApp',
    12,
    'your_jwt_secret',
    { expiresIn: '1h' },
    5,
    USERS
);
const Authenticator = require('@mattplaygamez/auth/file');
const auth = new Authenticator(
'MyApp',
12,
'your_jwt_secret',
{ expiresIn: '1h' },
5,
'./users.db',
'db_password'
);
// Register a new user
const registerResult = await auth.register({
    email: '[email protected]',
    password: 'secure_password',
    wants2FA: true
});
console.log(registerResult);

const loginResult = await auth.login('[email protected]', 'secure_password', '123456');
console.log(loginResult);
// OR   
const emailCode = await auth.registerEmailSignin('[email protected]'); // Sent code to users email or phone number

token = await auth.verifyEmailSignin(emailCode) // emailCode is that code that the user sends back, can be because a link he clicked or just when he filled the code in
console.log(token.jwt_token); // It responds with a JSON WEB TOKEN

await auth.revokeUserTokens(userId)
import Authenticator from "../mongodb.js";

let DB_SCHEMA = {
    email: { type: String, required: true, unique: true },
    password: { type: String, required: true },
    loginAttempts: { type: Number, default: 0 },
    locked: { type: Boolean, default: false },
    wants2FA: { type: Boolean, default: false },
    secret2FA: String
}


let connectionString = "CONNECTIONSTRING" // The connection string for MongoDB
const auth = new Authenticator('MyApp', 12, 'your_jwt_secret', { expiresIn: '1 ' }, 5, connectionString, DB_SCHEMA);

License

Mozilla Public License, v. 2.0

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

Support

For questions or support, please open an issue on the GitHub repository.