@bernierllc/auth-suite
Advanced tools
Complete authentication suite with multi-provider support, session management, role-based access control, and MFA
Complete authentication suite with multi-provider support, session management, role-based access control, and multi-factor authentication.
npm install @bernierllc/auth-suite
import { AuthSuite } from '@bernierllc/auth-suite';
// Initialize with enhanced features
const authSuite = new AuthSuite({
// Core auth configuration
jwt: {
secret: process.env.JWT_SECRET,
expiresIn: '15m',
refreshExpiresIn: '7d'
},
// Enhanced session management
sessions: {
enabled: true,
storage: 'memory', // or 'redis', 'database'
cleanup: {
enabled: true,
intervalMs: 60000, // 1 minute
maxIdleMs: 24 * 60 * 60 * 1000 // 24 hours
}
},
// Role-based access control
rbac: {
enabled: true,
hierarchical: true,
roles: [
{
name: 'admin',
description: 'System administrator',
permissions: ['*:*'] // All permissions
},
{
name: 'user',
description: 'Regular user',
permissions: ['profile:read', 'profile:update']
}
],
permissions: [
{
name: 'profile:read',
description: 'Read user profile',
resource: 'profile',
actions: ['read']
}
]
},
// Multi-factor authentication
mfaEnhanced: {
enabled: true,
providers: [
{
type: 'totp',
name: 'Google Authenticator',
enabled: true,
config: {}
}
],
requirements: [
{
trigger: 'login',
providers: ['totp'],
conditions: {}
}
]
},
// Audit logging
auditing: {
enabled: true,
events: ['login', 'logout', 'register', 'permission_change'],
storage: 'file',
retention: {
days: 90,
maxSize: '100MB'
}
}
});
// Register user with enhanced features
const registerResult = await authSuite.register({
username: 'johndoe',
email: 'john@example.com',
password: 'SecurePass123!',
firstName: 'John',
lastName: 'Doe',
acceptTerms: true
});
if (registerResult.success) {
console.log('User registered with session:', registerResult.session);
console.log('Assigned permissions:', registerResult.permissions);
}
// Login with potential MFA
const loginResult = await authSuite.login({
email: 'john@example.com',
password: 'SecurePass123!'
});
if (loginResult.mfaRequired) {
console.log('MFA required, challenge:', loginResult.mfaChallenge);
// Complete MFA verification
const mfaResult = await authSuite.completeMfaLogin(
loginResult.mfaChallenge.challengeId,
'123456' // TOTP code from authenticator app
);
if (mfaResult.success) {
console.log('Login complete with MFA');
}
}
// Session automatically created on login/register
const result = await authSuite.login(credentials);
if (result.success && result.session) {
console.log('Session ID:', result.session.sessionId);
console.log('Expires at:', result.session.expiresAt);
}
// Manual session management
const session = await authSuite.sessionManager.create('user-id', {
customData: 'value'
});
// Cleanup expired sessions
const cleaned = await authSuite.cleanup();
console.log(`Cleaned up ${cleaned.sessions} expired sessions`);
// Check permissions
const permissionResult = await authSuite.checkPermission({
userId: 'user-123',
resource: 'documents',
action: 'delete',
context: { ownerId: 'user-123' }
});
if (permissionResult.allowed) {
console.log('User can delete documents');
} else {
console.log('Access denied:', permissionResult.reason);
}
// Assign roles
await authSuite.rbacManager.assignRole('user-123', 'admin');
// Get user permissions
const permissions = await authSuite.getUserPermissions('user-123');
console.log('User permissions:', permissions);
// Setup MFA for user
const mfaSetup = await authSuite.setupMfa('user-123', 'totp');
console.log('Show QR code to user:', mfaSetup.qrCode);
// Verify setup
const setupVerified = await authSuite.mfaManager.verifySetup('user-123', '123456');
// Generate backup codes
const backupCodes = await authSuite.mfaManager.regenerateBackupCodes('user-123');
console.log('Backup codes:', backupCodes);
// Verify backup code
const backupValid = await authSuite.mfaManager.verifyBackupCode('user-123', 'backup-code');
// Logs are automatically generated for auth events
// Query audit logs
const auditLogs = await authSuite.getAuditLogs({
userId: 'user-123',
event: 'login',
startDate: new Date('2025-01-01'),
limit: 50
});
// Get audit statistics
const stats = await authSuite.auditManager.getLogStats();
console.log('Audit stats:', stats);
// Search logs
const searchResults = await authSuite.auditManager.searchLogs('failed login');
interface AuthSuiteConfig {
// Core auth service configuration
jwt: {
secret: string;
issuer?: string;
audience?: string;
expiresIn?: string | number;
refreshExpiresIn?: string | number;
algorithm?: JWTAlgorithm;
};
// Password policy
password: {
minLength: number;
requireUppercase: boolean;
requireLowercase: boolean;
requireNumbers: boolean;
requireSymbols: boolean;
preventReuse?: number;
maxAge?: number;
};
// Enhanced session management
sessions?: {
enabled?: boolean; // default: true
storage?: 'memory' | 'redis' | 'database'; // default: 'memory'
cleanup?: {
enabled: boolean; // default: true
intervalMs: number; // default: 60000 (1 minute)
maxIdleMs: number; // default: 24 hours
};
persistence?: {
enabled: boolean; // default: false
ttl: number; // default: 7 days
};
};
// Role-based access control
rbac?: {
enabled: boolean; // default: false
hierarchical: boolean; // default: false
roles: RoleDefinition[];
permissions: PermissionDefinition[];
};
// Multi-factor authentication
mfaEnhanced?: {
enabled: boolean; // default: false
providers: MfaProvider[];
requirements: MfaRequirement[];
backup: {
enabled: boolean; // default: true
codeCount: number; // default: 10
codeLength: number; // default: 8
};
};
// Audit logging
auditing?: {
enabled: boolean; // default: true
events: AuditEvent[];
storage: 'file' | 'database' | 'external'; // default: 'file'
retention: {
days: number; // default: 90
maxSize: string; // default: '100MB'
};
};
// Security settings
security: {
maxLoginAttempts: number;
lockoutDuration: number;
sessionTimeout: number;
requireEmailVerification: boolean;
allowMultipleSessions: boolean;
};
}
interface RoleDefinition {
name: string;
description: string;
permissions: string[]; // e.g., ['users:read', 'documents:*']
parent?: string; // for hierarchical roles
metadata?: Record<string, any>;
}
interface PermissionDefinition {
name: string; // e.g., 'documents:delete'
description: string;
resource: string; // e.g., 'documents'
actions: string[]; // e.g., ['delete']
conditions?: PermissionCondition[]; // conditional permissions
}
register(credentials: RegisterCredentials): Promise<AuthSuiteResult>login(credentials: LoginCredentials): Promise<AuthSuiteResult>verifyToken(token: string): Promise<User | null>logout(sessionId?: string): Promise<{success: boolean}>setupMfa(userId: string, type: string): Promise<{secret: string; qrCode?: string}>completeMfaLogin(challengeId: string, response: string): Promise<AuthSuiteResult>checkPermission(check: PermissionCheck): Promise<PermissionResult>getUserRoles(userId: string): Promise<string[]>getUserPermissions(userId: string): Promise<string[]>getAuditLogs(filters: AuditQueryFilters): Promise<AuditLog[]>cleanup(): Promise<{sessions: number; auditLogs: number}>For advanced usage, managers can be used directly:
import {
MemorySessionManager,
BasicRBACManager,
TOTPMfaManager,
FileAuditManager
} from '@bernierllc/auth-suite';
This suite leverages @bernierllc/crypto-utils for:
@bernierllc/auth-service - Core authentication service@bernierllc/crypto-utils - Cryptographic utilities@bernierllc/logger - Structured loggingbcrypt - Password hashinguuid - Unique ID generationFor production deployments:
const authSuite = new AuthSuite({
jwt: { secret: process.env.JWT_SECRET },
sessions: { enabled: true },
auditing: { enabled: true }
});
const authSuite = new AuthSuite({
jwt: {
secret: process.env.JWT_SECRET,
expiresIn: '15m',
refreshExpiresIn: '7d',
issuer: 'mycompany.com'
},
rbac: {
enabled: true,
hierarchical: true,
roles: enterpriseRoles,
permissions: enterprisePermissions
},
mfaEnhanced: {
enabled: true,
providers: [
{ type: 'totp', name: 'Authenticator', enabled: true, config: {} }
],
requirements: [
{ trigger: 'login', providers: ['totp'] }
]
},
sessions: {
storage: 'redis',
cleanup: { enabled: true, intervalMs: 30000 }
},
auditing: {
enabled: true,
storage: 'database',
retention: { days: 365, maxSize: '1GB' }
}
});
Copyright (c) 2025 Bernier LLC. All rights reserved.
FAQs
Complete authentication suite with multi-provider support, session management, role-based access control, and MFA
We found that @bernierllc/auth-suite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.
Security News
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.