UNPKG

mbkauthe

Version:

MBKTech's reusable authentication system for Node.js applications.

github.com/MIbnEKhalid/mbkauthe

MIbnEKhalid/mbkauthe

181 lines (124 loc) โ€ข 6.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# MBKAuthe - Node.js Authentication System [![Version](https://img.shields.io/npm/v/mbkauthe.svg)](https://www.npmjs.com/package/mbkauthe) [![License](https://img.shields.io/badge/License-GPL--2.0-blue.svg)](LICENSE) [![Node.js](https://img.shields.io/badge/node-%3E%3D14.0.0-brightgreen.svg)](https://nodejs.org/) [![Publish](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/publish.yml/badge.svg?branch=main)](https://github.com/MIbnEKhalid/mbkauthe/actions/workflows/publish.yml) [![Downloads](https://img.shields.io/npm/dm/mbkauthe.svg)](https://www.npmjs.com/package/mbkauthe) <p align="center"> <img height="64px" src="./public/logo.png" alt="MBKAuthe" /> </p> **MBKAuthe** is an open source package focused on login, authentication, and validating sessions for your desired apps in Node.js with Express and PostgreSQL. It provides secure login, session validation, 2FA, role/app access checks, OAuth (GitHub & Google), multi-session support, and related authentication flows. > **Note:** MBKAuthe is intentionally limited to authentication and session validation. The full user/permission/dashboard management system is a separate product called **MBKCore**, developed by MBKTech and not currently open source. Access to MBKCore is currently available only to the MBKTech team, and we may refine it and consider open sourcing it in the future. ## Todo - Currently, for every request to a protected page, a database query is made to retrieve authentication information (allowed apps, username, session ID, role, etc.). We should implement a caching mechanism to reduce this overhead, but also find a way to allow administrators to log users out and update permissions in near real-time. ## โœจ Key Features - Secure password authentication (PBKDF2) - PostgreSQL session management - Multi-session support (configurable concurrent sessions per user) - Optional TOTP-based 2FA with trusted devices - Social login (GitHub App & Google OAuth) - Role-based access: SuperAdmin, NormalUser, Guest, member - CSRF protection & rate limiting - Easy Express.js integration - Customizable Handlebars templates - Session fixation prevention - Dynamic profile picture routing with session caching - Modern responsive UI with desktop two-column layout - Dev-only DB Query Monitor with callsite, timing, and request context ## ๐Ÿ“ฆ Installation ```bash npm install mbkauthe ``` ## ๐Ÿš€ Quick Start **1. Configure Environment** ```bash Copy-Item .env.example .env ``` See [docs/env.md](docs/env.md). **2. Set Up Database** Run [docs/db.sql](docs/db.sql) to create tables and a default SuperAdmin (`support` / `12345678`). Change the password immediately. See [docs/db.md](docs/db.md). **3. Integrate with Express** ```javascript import express from 'express'; import mbkauthe, { sessVal, roleChk } from 'mbkauthe'; import dotenv from 'dotenv'; dotenv.config(); const app = express(); app.use(mbkauthe); app.get('/dashboard', sessVal, (req, res) => res.send(`Welcome ${req.session.user.username}!`)); app.get('/admin', sessVal, roleChk(['SuperAdmin']), (req, res) => res.send('Admin Panel')); app.listen(3000); ``` ## ๐Ÿงช Testing ```bash npm test npm run test:watch npm run dev ``` ## ๐Ÿ”ง Core API - **Session Validation:** `validateSession` - **Role Check:** `checkRolePermission(['Role'])`/`roleChk(['Role'])` - **Combined:** `validateSessionAndRole(['SuperAdmin', 'NormalUser'])`/`sessRole(['SuperAdmin', 'NormalUser'])` - **API Token Auth:** `authenticate(process.env.API_TOKEN)` ## ๐Ÿงพ JSON Responses (HTML vs JSON) Most browser page routes render HTML on auth errors, while API/AJAX-style requests receive JSON error responses. MBKAuthe treats a request as **JSON** (and returns JSON errors) when any of the following apply: - URL/path starts with `/mbkauthe/api/` or `/api/` - `X-Requested-With: XMLHttpRequest` - `Accept` indicates JSON (e.g., `application/json`) and does not explicitly prefer `text/html` - `User-Agent` looks like a non-browser client (e.g., `curl`, `wget`, `Postman`) - `User-Agent: json` (explicitly forces JSON responses) **Example (force JSON errors):** ```bash curl -i -H "User-Agent: json" http://localhost:3000/mbkauthe/test ``` ## ๐Ÿงฐ Diagnostics (dev only) These are only mounted when `process.env.env === "dev"`: - **DB Query Monitor (HTML):** `/mbkauthe/db` - **DB Query Monitor (JSON):** `/mbkauthe/db.json` - **SuperAdmin check:** `/mbkauthe/validate-superadmin` ## ๐Ÿ” Security - Rate limiting, CSRF protection, secure cookies - Password hashing (PBKDF2, 100k iterations) - PostgreSQL-backed sessions with automatic cleanup - OAuth with state validation and secure callbacks ## ๐Ÿ“ฑ Two-Factor Authentication Enable via `MBKAUTH_TWO_FA_ENABLE=true`. Trusted devices can skip 2FA for a set duration. ## ๐Ÿ”„ Social Login Integration **GitHub App / Google OAuth:** Configure credentials via `.env` or `mbkautheVar`. Users must link accounts before login. ## ๐ŸŽจ Customization - **Redirect URL:** `mbkautheVar={"loginRedirectURL":"/dashboard"}` - **Custom Views:** `views/loginmbkauthe.handlebars`, `2fa.handlebars`, `Error/dError.handlebars` - **Database Access:** `import { dblogin } from 'mbkauthe'; const result = await dblogin.query('SELECT * FROM "Users"');` ## ๐Ÿ“„ API Reference - Full endpoint list and details: [docs/api.md](docs/api.md) ## ๐Ÿงฐ Diagnostics (dev only) - **DB Query Monitor (HTML):** `/mbkauthe/db` - **DB Query Monitor (JSON):** `/mbkauthe/db.json` - **SuperAdmin check:** `/mbkauthe/debug/validate-superadmin` These routes are only mounted when `process.env.env === "dev"`. They expose query timing, status/error, pool stats, request context, and callsite data for troubleshooting. ## ๐Ÿšข Deployment Checklist for production: - `IS_DEPLOYED=true` - Strong secrets for SESSION_SECRET_KEY & Main_SECRET_TOKEN - HTTPS enabled - Correct DOMAIN & COOKIE_EXPIRE_TIME - Use environment variables for all secrets **Vercel:** Supports shared OAuth credentials via `mbkauthShared`. ## ๐Ÿ“š Documentation - [API Reference](docs/api.md) - [Database Schema](docs/db.md) - [Environment Config](docs/env.md) - [Error Codes](docs/error-messages.md) ## ๐Ÿ“ License GPL v2.0 โ€” see [LICENSE](LICENSE) ## ๐Ÿ‘จโ€๐Ÿ’ป Author **Muhammad Bin Khalid** ๐Ÿ“ง [support@mbktech.org](mailto:support@mbktech.org) | [chmuhammadbinkhalid28@gmail.com](mailto:chmuhammadbinkhalid28@gmail.com) ๐Ÿ”— [GitHub @MIbnEKhalid](https://github.com/MIbnEKhalid) ## ๐Ÿ”— Links - [npm](https://www.npmjs.com/package/mbkauthe) - [GitHub](https://github.com/MIbnEKhalid/mbkauthe) - [Support](https://github.com/MIbnEKhalid/mbkauthe/issues) --- Made with โค๏ธ by [MBKTech.org](https://mbktech.org)