UNPKG

@dax-crafta/auth

Version:

A powerful, flexible, and secure authentication plugin for the Crafta framework. Supports JWT, social login, 2FA, RBAC, audit logging, and enterprise-grade security features.

github.com/daxp472/crafta

daxp472/crafta

107 lines (96 loc) 2.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
export interface CraftaAuthRoutes { register?: string; login?: string; verify?: string; forgotPassword?: string; resetPassword?: string; refreshToken?: string; profile?: string; twoFactor?: string; roles?: string; permissions?: string; } export interface PasswordPolicyConfig { minLength?: number; requireUppercase?: boolean; requireLowercase?: boolean; requireNumbers?: boolean; requireSpecialChars?: boolean; expiryDays?: number; minStrength?: number; } export interface SmtpConfig { host: string; port: number; auth: { user: string; pass: string; }; from: string; } export interface SocialGoogleConfig { clientID: string; clientSecret: string; callbackURL: string; } export interface SocialConfig { google?: SocialGoogleConfig | null; facebook?: any; github?: any; } export interface EnvConfig { JWT_SECRET: string; [key: string]: any; } export interface AuthConfig { strategy?: 'jwt'; fields?: string[]; routes?: CraftaAuthRoutes; mongoUrl?: string; maxLoginAttempts?: number; emailVerification?: boolean; loginAlerts?: boolean; passwordPolicy?: PasswordPolicyConfig; smtp?: SmtpConfig | null; social?: SocialConfig; env?: EnvConfig; accessTokenExpiry?: string; refreshTokenDays?: number; enableCSRF?: boolean; limits?: { loginMax?: number; twoFAMax?: number; forgotPasswordMax?: number; refreshMax?: number; }; baseUrl?: string; emailTemplateDir?: string; features?: AuthFeaturesConfig; logging?: boolean; } export interface AuthFeaturesConfig { emailVerification?: boolean; loginAlerts?: boolean; securityAttempts?: boolean; rateLimit?: boolean; auditLogs?: boolean; twoFactor?: boolean; csrf?: boolean; } export class ApiError extends Error { status: number; constructor(message: string, status?: number); } export function auth(config?: AuthConfig): (app: any) => void; export interface AdaptiveTestCase { name: string; feature: string; run: (cfg: AuthConfig, log: any) => Promise<void>; } export function inferFeatureFlags(authConfig?: AuthConfig): Record<string, boolean>; export function runAdaptiveTests( authConfig?: AuthConfig, featureFlags?: Record<string, boolean>, opts?: { logging?: boolean } ): Promise<boolean>; export const testCatalog: AdaptiveTestCase[];