UNPKG

mbkauthe

Version:

MBKTechStudio's reusable authentication system for Node.js applications.

github.com/MIbnEKhalid/mbkauthe

MIbnEKhalid/mbkauthe

198 lines (144 loc) 5.06 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# Environment Configuration Guide [← Back to README](README.md) This guide explains how to configure your MBKAuth application using environment variables. Create a `.env` file in your project root and set the following variables according to your deployment needs. --- ## 📱 Application Settings ### App Name Configuration ```env APP_NAME=mbkauthe ``` **Description:** Defines the application identifier used for user access control. - **Purpose:** Distinguishes this application from others in your ecosystem - **Security:** Users are restricted to apps they're authorized for via the `AllowedApp` column in the Users table - **Required:** Yes --- ## 🔐 Session Management ### Session Configuration ```env SESSION_SECRET_KEY=your-secure-random-key-here IS_DEPLOYED=false DOMAIN=localhost ``` #### SESSION_SECRET_KEY **Description:** Cryptographic key for session security. - **Security:** Use a strong, randomly generated key (minimum 32 characters) - **Generation:** Generate securely at [Generate Secret](https://generate-secret.vercel.app/32) - **Example:** `SESSION_SECRET_KEY=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6` - **Required:** Yes #### IS_DEPLOYED **Description:** Deployment environment flag that affects session behavior. **Values:** - `true` - Production/deployed environment - Sessions work across all subdomains of your specified domain - **Important:** Login will NOT work on `localhost` when set to `true` - `false` - Local development environment - Sessions work on localhost for development **Default:** `false` #### DOMAIN **Description:** Your application's domain name. **Configuration:** - **Production:** Set to your actual domain (e.g., `mbktechstudio.com`) - **Development:** Use `localhost` or set `IS_DEPLOYED=false` - **Subdomains:** When `IS_DEPLOYED=true`, sessions are shared across all subdomains **Examples:** ```env # Production DOMAIN=yourdomain.com IS_DEPLOYED=true # Development DOMAIN=localhost IS_DEPLOYED=false ``` --- ## 🗄️ Database Configuration ### PostgreSQL Connection ```env LOGIN_DB=postgresql://username:password@host:port/database_name ``` **Description:** PostgreSQL database connection string for user authentication. **Format:** `postgresql://[username]:[password]@[host]:[port]/[database]` **Examples:** ```env # Local database LOGIN_DB=postgresql://admin:password123@localhost:5432/mbkauth_db # Remote database LOGIN_DB=postgresql://user:pass@db.example.com:5432/production_db # With SSL (recommended for production) LOGIN_DB=postgresql://user:pass@host:5432/db?sslmode=require ``` **Required:** Yes --- ## 🔒 Two-Factor Authentication (2FA) ### 2FA Configuration ```env MBKAUTH_TWO_FA_ENABLE=false ``` **Description:** Enables or disables Two-Factor Authentication for enhanced security. **Values:** - `true` - Enable 2FA (recommended for production) - `false` - Disable 2FA (default) **Note:** When enabled, users will need to configure an authenticator app (Google Authenticator, Authy, etc.) for login. --- ## 🍪 Cookie Settings ### Cookie Expiration ```env COOKIE_EXPIRE_TIME=2 ``` **Description:** Sets how long authentication cookies remain valid. - **Unit:** Days - **Default:** `2` days - **Range:** 1-30 days (recommended) - **Security:** Shorter periods are more secure but require more frequent logins **Examples:** ```env COOKIE_EXPIRE_TIME=1 # 1 day (high security) COOKIE_EXPIRE_TIME=7 # 1 week (balanced) COOKIE_EXPIRE_TIME=30 # 1 month (convenience) ``` --- ## 🚀 Quick Setup Examples ### Development Environment ```env # .env file for local development APP_NAME=mbkauthe SESSION_SECRET_KEY=dev-secret-key-change-in-production IS_DEPLOYED=false DOMAIN=localhost LOGIN_DB=postgresql://admin:password@localhost:5432/mbkauth_dev MBKAUTH_TWO_FA_ENABLE=false COOKIE_EXPIRE_TIME=7 ``` ### Production Environment ```env # .env file for production deployment APP_NAME=mbkauthe SESSION_SECRET_KEY=your-super-secure-production-key-here IS_DEPLOYED=true DOMAIN=yourdomain.com LOGIN_DB=postgresql://dbuser:securepass@prod-db.example.com:5432/mbkauth_prod MBKAUTH_TWO_FA_ENABLE=true COOKIE_EXPIRE_TIME=2 ``` --- ## ⚠️ Important Security Notes 1. **Never commit your `.env` file** to version control 2. **Use strong, unique secrets** for production environments 3. **Enable HTTPS** when `IS_DEPLOYED=true` 4. **Regularly rotate** your `SESSION_SECRET_KEY` 5. **Use environment-specific databases** (separate dev/prod databases) 6. **Enable 2FA** for production environments --- ## 🔧 Troubleshooting ### Common Issues **Login not working on localhost:** - Ensure `IS_DEPLOYED=false` for local development - Check that `DOMAIN=localhost` **Session not persisting:** - Verify `SESSION_SECRET_KEY` is set and consistent - Check cookie settings in your browser **Database connection errors:** - Verify database credentials and connection string format - Ensure database server is running and accessible **2FA issues:** - Confirm authenticator app time is synchronized - Verify `MBKAUTH_TWO_FA_ENABLE` setting matches your setup