UNPKG

codalware-auth

Version:

Complete authentication system with enterprise security, attack protection, team workspaces, waitlist, billing, UI components, 2FA, and account recovery - production-ready in 5 minutes. Enhanced CLI with verification, rollback, and App Router scaffolding.

authcore-liard.vercel.app

127 lines (105 loc) 5.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
import { env } from './config/env'; export const config = { // Multi-tenancy ENABLE_MULTI_TENANCY: env.ENABLE_MULTI_TENANCY === 'true', DEFAULT_TENANT_DOMAIN: env.DEFAULT_TENANT_DOMAIN || 'localhost', // Features ENABLE_2FA: true, ENABLE_SOCIAL_LOGIN: env.ENABLE_SOCIAL_LOGIN === 'true', ENABLE_ACCOUNT_APPROVAL: env.ENABLE_ACCOUNT_APPROVAL === 'true', REQUIRE_TENANT_APPROVAL: env.REQUIRE_TENANT_APPROVAL === 'true', FORCE_2FA_ON_REGISTRATION: env.FORCE_2FA_ON_REGISTRATION === 'true', ALLOW_EMAIL_OTP_DEFAULT: env.ALLOW_EMAIL_OTP_DEFAULT !== 'false', ALLOW_AUTHENTICATOR_DEFAULT: env.ALLOW_AUTHENTICATOR_DEFAULT !== 'false', ENABLE_MAGIC_LINK_LOGIN_DEFAULT: env.ENABLE_MAGIC_LINK_LOGIN_DEFAULT === 'true', SUGGEST_MAGIC_LINK_LOGIN_DEFAULT: env.SUGGEST_MAGIC_LINK_LOGIN_DEFAULT === 'true', ENABLE_SUSPICIOUS_LOGIN_ALERTS_DEFAULT: env.ENABLE_SUSPICIOUS_LOGIN_ALERTS_DEFAULT === 'true', // UI Features ENABLE_MODAL_AUTH: env.ENABLE_MODAL_AUTH === 'true', SHOW_SOCIAL_PROVIDERS: env.SHOW_SOCIAL_PROVIDERS === 'true', // Security & Password Policy PASSWORD_MIN_LENGTH: parseInt(env.PASSWORD_MIN_LENGTH || '8'), PASSWORD_MAX_LENGTH: parseInt(env.PASSWORD_MAX_LENGTH || '128'), PASSWORD_REQUIRE_UPPERCASE: env.PASSWORD_REQUIRE_UPPERCASE !== 'false', PASSWORD_REQUIRE_LOWERCASE: env.PASSWORD_REQUIRE_LOWERCASE !== 'false', PASSWORD_REQUIRE_NUMBERS: env.PASSWORD_REQUIRE_NUMBERS !== 'false', PASSWORD_REQUIRE_SYMBOLS: env.PASSWORD_REQUIRE_SYMBOLS === 'true', PASSWORD_MIN_SCORE: parseInt(env.PASSWORD_MIN_SCORE || '3'), // zxcvbn score 0-4 // 2FA Settings SUGGEST_2FA_AFTER_DAYS: parseInt(env.SUGGEST_2FA_AFTER_DAYS || '7'), FORCE_2FA_FOR_ADMINS: env.FORCE_2FA_FOR_ADMINS === 'true', // Sessions SESSION_MAX_AGE: 30 * 24 * 60 * 60, // 30 days JWT_MAX_AGE: 24 * 60 * 60, // 24 hours // Email Verification // Make email verification toggleable via .env for local/demo use // Default to enabled in non-production/demo environments when not explicitly set ENABLE_EMAIL_VERIFICATION: typeof env.ENABLE_EMAIL_VERIFICATION === 'string' ? env.ENABLE_EMAIL_VERIFICATION === 'true' : (process.env.NODE_ENV !== 'production'), EMAIL_VERIFICATION_TOKEN_EXPIRES: 24 * 60 * 60 * 1000, // 24 hours PASSWORD_RESET_TOKEN_EXPIRES: 1 * 60 * 60 * 1000, // 1 hour // Account deletion retention (days) - soft-deleted accounts are recoverable for this many days ACCOUNT_DELETION_RETENTION_DAYS: parseInt(env.ACCOUNT_DELETION_RETENTION_DAYS || '30'), // Rate Limiting LOGIN_ATTEMPTS_MAX: 5, LOGIN_ATTEMPTS_WINDOW: 15 * 60 * 1000, // 15 minutes // Security Settings - Comprehensive Configuration SECURITY: { // Sign-up Mode SIGN_UP_MODE: (env.SIGN_UP_MODE as 'PUBLIC' | 'RESTRICTED' | 'WAITLIST') || 'PUBLIC', // Authentication ENABLE_EMAIL_VERIFICATION_SECURITY: env.ENABLE_EMAIL_VERIFICATION_SECURITY === 'true', ENABLE_USER_ENUMERATION_PROTECTION: env.ENABLE_USER_ENUMERATION_PROTECTION !== 'false', ENABLE_BOT_PROTECTION: env.ENABLE_BOT_PROTECTION === 'true', // Email Restrictions BLOCK_DISPOSABLE_EMAILS: env.BLOCK_DISPOSABLE_EMAILS !== 'false', BLOCK_EMAIL_SUBADDRESSES: env.BLOCK_EMAIL_SUBADDRESSES === 'true', APPLY_TO_SIGN_IN: env.APPLY_TO_SIGN_IN === 'true', // Account Lockout ENABLE_LOCKOUT_POLICY: env.ENABLE_LOCKOUT_POLICY !== 'false', MAX_LOGIN_ATTEMPTS: parseInt(env.MAX_LOGIN_ATTEMPTS || '5'), LOCKOUT_DURATION: parseInt(env.LOCKOUT_DURATION || '900'), // 15 minutes in seconds RESET_AFTER: parseInt(env.RESET_AFTER || '3600'), // 1 hour in seconds // Password Policy PASSWORD_MIN_LENGTH: parseInt(env.PASSWORD_MIN_LENGTH || '8'), PASSWORD_REQUIRE_UPPERCASE: env.PASSWORD_REQUIRE_UPPERCASE !== 'false', PASSWORD_REQUIRE_LOWERCASE: env.PASSWORD_REQUIRE_LOWERCASE !== 'false', PASSWORD_REQUIRE_NUMBERS: env.PASSWORD_REQUIRE_NUMBERS !== 'false', PASSWORD_REQUIRE_SPECIAL_CHARS: env.PASSWORD_REQUIRE_SPECIAL_CHARS === 'true', PASSWORD_EXPIRY_DAYS: env.PASSWORD_EXPIRY_DAYS ? parseInt(env.PASSWORD_EXPIRY_DAYS) : null, // Session Security SESSION_TIMEOUT_MINUTES: parseInt(env.SESSION_TIMEOUT_MINUTES || '60'), MAX_CONCURRENT_SESSIONS: parseInt(env.MAX_CONCURRENT_SESSIONS || '3'), ENABLE_REMOTE_LOGOUT: env.ENABLE_REMOTE_LOGOUT !== 'false', // Advanced Security ENABLE_IP_WHITELIST: env.ENABLE_IP_WHITELIST === 'true', ENABLE_IP_BLACKLIST: env.ENABLE_IP_BLACKLIST === 'true', REQUIRE_MFA_FOR_ADMINS: env.REQUIRE_MFA_FOR_ADMINS === 'true', }, // Feature Management Configuration FEATURES: { ENABLE_FEATURE_MANAGEMENT: env.ENABLE_FEATURE_MANAGEMENT !== 'false', ALLOW_TENANT_OVERRIDES: env.ALLOW_TENANT_OVERRIDES !== 'false', ENABLE_USAGE_TRACKING: env.ENABLE_USAGE_TRACKING !== 'false', }, // Branding APP_NAME: env.APP_NAME || 'AuthCore', APP_URL: env.APP_URL || 'http://localhost:3000', // Email EMAIL_FROM: env.EMAIL_FROM || 'noreply@authcore.dev', // Checkout & billing CHECKOUT_WEBHOOK_SECRET: env.AUTHCORE_CHECKOUT_SECRET || env.CHECKOUT_WEBHOOK_SECRET || '', // Social Providers SOCIAL_PROVIDERS: { google: { enabled: !!env.GOOGLE_CLIENT_ID, clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET, }, github: { enabled: !!env.GITHUB_ID, clientId: env.GITHUB_ID, clientSecret: env.GITHUB_SECRET, }, }, } as const; export type Config = typeof config;