UNPKG

@dax-crafta/auth

Version:

A powerful, flexible, and secure authentication plugin for the Crafta framework. Supports JWT, social login, 2FA, RBAC, audit logging, and enterprise-grade security features.

github.com/daxp472/crafta

daxp472/crafta

59 lines (54 loc) 1.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
const mongoose = require('mongoose'); const bcrypt = require('bcryptjs'); const userSchema = new mongoose.Schema({ email: { type: String, required: true, unique: true, lowercase: true }, password: { type: String, required: true }, role: { type: String, enum: ['user', 'admin', 'moderator'], default: 'user' }, isVerified: { type: Boolean, default: false }, verificationToken: String, passwordResetToken: String, passwordResetExpires: Date, loginAttempts: { type: Number, default: 0 }, lockUntil: Date, twoFactorSecret: String, twoFactorEnabled: { type: Boolean, default: false }, refreshTokens: [{ token: String, expires: Date }], customFields: mongoose.Schema.Types.Mixed }, { timestamps: true }); userSchema.pre('save', async function(next) { if (this.isModified('password')) { this.password = await bcrypt.hash(this.password, 10); } next(); }); userSchema.methods.comparePassword = async function(password) { return bcrypt.compare(password, this.password); }; userSchema.methods.isLocked = function() { return this.lockUntil && this.lockUntil > Date.now(); }; module.exports = mongoose.model('User', userSchema);