UNPKG

mbkauthe

Version:

MBKTech's reusable authentication system for Node.js applications.

github.com/MIbnEKhalid/mbkauthe

MIbnEKhalid/mbkauthe

140 lines (109 loc) 5.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# Environment Configuration Guide [← Back to README](README.md) This document describes the environment variables MBKAuth expects and keeps brief usage notes for each parameter. Validation and defaults are implemented in `lib/config/index.js` (it parses `mbkautheVar`, applies optional `mbkauthShared` fallbacks, normalizes values, and throws on validation failures). ## How configuration is provided - Primary payload: `mbkautheVar` — a JSON string with app-specific keys. - Optional shared defaults: `mbkauthShared` — a JSON string used only for missing or empty keys. - Example: `mbkautheVar={"APP_NAME":"mbkauthe", ...}` --- ## Parameters (short descriptions) - APP_NAME - Description: Application identifier used for access control. - Example: `"APP_NAME":"mbkauthe"` - Required: Yes - Main_SECRET_TOKEN - Description: Primary token used for internal auth and validations. - Example: `"Main_SECRET_TOKEN":"my-secret-token"` - Required: Yes - SESSION_SECRET_KEY - Description: Cryptographic key for sessions/cookies. Use a long random string. - Example: `"SESSION_SECRET_KEY":"<32+ random chars>"` - Required: Yes - IS_DEPLOYED - Description: Deployment mode flag; affects cookie domain and localhost behavior. - Values: `true` / `false` / `f` (normalized to strings) - Example: `"IS_DEPLOYED":"false"` - Required: Yes - DOMAIN - Description: App domain (e.g., `localhost` or `yourdomain.com`). Required when deployed. - Example: `"DOMAIN":"localhost"` - Required: Yes - LOGIN_DB - Description: PostgreSQL connection string for auth (must start with `postgresql://` or `postgres://`). - Example: `"LOGIN_DB":"postgresql://user:pass@localhost:5432/mbkauth"` - Required: Yes - Create free postgres db: https://neon.com/ - MBKAUTH_TWO_FA_ENABLE - Description: Enable Two-Factor Authentication. - Values: `true` / `false` / `f` - Example: `"MBKAUTH_TWO_FA_ENABLE":"true"` - Required: Yes - COOKIE_EXPIRE_TIME - Description: Session cookie lifetime (days). - Default: `2` - Example: `"COOKIE_EXPIRE_TIME":7` - Required: No - DEVICE_TRUST_DURATION_DAYS - Description: Days a device remains trusted (skips some auth steps). - Default: `7` - Example: `"DEVICE_TRUST_DURATION_DAYS":30` - Required: No - MAX_SESSIONS_PER_USER - Description: Maximum number of concurrent application sessions allowed per user. When creating a new session that would exceed this number, the oldest session(s) for that user are pruned to make room for the new session. - Default: `5` - Example: `"MAX_SESSIONS_PER_USER": 10` - Notes: Must be a positive integer. Validation is performed at startup by `lib/config/index.js`. - Required: No - loginRedirectURL - Description: Post-login redirect path. - Default: `/dashboard` - Example: `"loginRedirectURL":"/dashboard"` - Required: No - env - Description: Development flag to enable diagnostics (DB query monitor, debug endpoints). - Values: `dev` to enable; any other value disables. - Example: `env=dev` - Required: No - bucket - Description: Optional external storage bucket name or identifier used for static assets or third-party integrations. - Default: an empty string `""` (no bucket configured) - Example: `"bucket":"s3-bucket-name"` - Usage: Future use in mbkbucket - Required: No - GITHUB_LOGIN_ENABLED / GOOGLE_LOGIN_ENABLED - Description: Enable social login providers. - Default: `false` - If `GOOGLE_LOGIN_ENABLED=true`, `GOOGLE_CLIENT_ID` and `GOOGLE_CLIENT_SECRET` are required. - If `GITHUB_LOGIN_ENABLED=true`, GitHub App client credentials are required. - GITHUB_APP_SLUG - Description: GitHub App slug (optional for login flow in this package; useful for install/link flows handled elsewhere). - Required: No - Create GitHub App: https://github.com/settings/apps - GITHUB_APP_CLIENT_ID / GITHUB_APP_CLIENT_SECRET - Description: GitHub App OAuth credentials used for user sign-in. - Required when `GITHUB_LOGIN_ENABLED=true`. - GITHUB_CLIENT_ID / GITHUB_CLIENT_SECRET - Description: Legacy fallback keys if app-prefixed keys are not provided. - GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET - Description: Google OAuth credentials. - Required when `GOOGLE_LOGIN_ENABLED=true`. - Create Google OAuth: https://console.cloud.google.com/ --- ## Quick examples Development (.env): ```env mbkautheVar={"APP_NAME":"mbkauthe","Main_SECRET_TOKEN":"dev-token","SESSION_SECRET_KEY":"dev-secret","IS_DEPLOYED":"false","DOMAIN":"localhost","LOGIN_DB":"postgresql://user:pass@localhost:5432/mbkauth_dev","MBKAUTH_TWO_FA_ENABLE":"false"} mbkauthShared={"GITHUB_LOGIN_ENABLED":"false"} ``` Production (short): ```env mbkautheVar={"APP_NAME":"mbkauthe","Main_SECRET_TOKEN":"prod-token","SESSION_SECRET_KEY":"prod-secret","IS_DEPLOYED":"true","DOMAIN":"yourdomain.com","LOGIN_DB":"postgresql://dbuser:secure@db:5432/mbkauth_prod","MBKAUTH_TWO_FA_ENABLE":"true"} ``` --- ## Rules & best practices - Boolean-like fields: use `"true"`, `"false"`, or `"f"` (the parser accepts booleans too and normalizes to strings). - Numeric fields: must be positive numbers (e.g., `COOKIE_EXPIRE_TIME`, `DEVICE_TRUST_DURATION_DAYS`). - `LOGIN_DB` must start with `postgresql://` or `postgres://`. - Never commit `.env` to source control and use HTTPS in production (when `IS_DEPLOYED=true`). - Use a >=32-char `SESSION_SECRET_KEY` and rotate secrets regularly. For the exact validation messages and default application, consult `lib/config/index.js` (it will throw a comprehensive error if validation fails at startup).