-
A lightweight Node.js authentication core for email + OTP login/registration, built with Express, Joi, JWT, MongoDB, and designed for plug-and-play usage in modern backend projects.
-
This package provides a ready-to-use authentication flow with minimal setup while keeping full control in your main backend.
-
Email-based OTP authentication
-
Auto user creation on first login
-
Secure OTP hashing & expiry
-
Login attempt tracking
-
User action logging
-
Clean DTO + Joi validation structure
-
JWT-based authentication
npm install @jehankandy/auth-core-db
- No additional OTP or email core packages are required.
- Create or update a .env file in your root backend folder:
PROJECT_NAME=MyProject
JWT_SECRET=your_jwt_secret
MONGO_URI=mongodb://localhost:27017/yourdb
EMAIL_USER=your-email@gmail.com
EMAIL_PASSWORD=your-app-password
PROJECT_NAME="your-project-name"
-
MongoDB must be connected before using this package
-
The package does not create models automatically
- Your backend must follow this structure:
root-backend/
βββ models/
β βββ role.model.js
β βββ user.model.js
β βββ userlog.model.js
β βββ userotp.model.js
β
βββ routes/
β βββ auth.route.js
β
βββ .env
βββ app.js / server.js
-
These models are NOT included in the npm package.
-
They must exist in your backend under
models/.
const mongoose = require("mongoose");
const roleSchema = new mongoose.Schema({
name: { type: String, required: true, unique: true },
permissions: [{ type: String }],
}, { timestamps: true });
module.exports = mongoose.model("Role", roleSchema);
- Your database must contain a role record with:
{
"name": "user"
}
Example valid roles:
-
admin -
developer -
userβ (required)
const mongoose = require('mongoose');
const UserSchema = new mongoose.Schema({
fullName: { type: String, trim: true },
username: { type: String, unique: true, lowercase: true },
email: { type: String, required: true, unique: true, lowercase: true },
role: { type: mongoose.Schema.Types.ObjectId, ref: "Role", required: true },
isActive: { type: Boolean, default: true },
login_attempt: { type: Number, default: 0 },
lastLoginAttemptAt: { type: Date },
lastLogin: Date,
});
module.exports = mongoose.model('User', UserSchema);const mongoose = require('mongoose');
const UserlogsSchema = new mongoose.Schema({
user: {
type: mongoose.Schema.Types.ObjectId,
ref: 'User',
required: true
},
action: {
type: String,
required: true,
default: 'other'
},
description: {
type: String,
trim: true
},
ipAddress: String,
userAgent: String,
metadata: {
type: Object,
default: {}
}
}, { timestamps: true });
module.exports = mongoose.model('Userlogs', UserlogsSchema);
const mongoose = require('mongoose');
const UserOTPSchema = new mongoose.Schema({
email: { type: String, required: true },
otp: { type: String, required: true },
createdAt: {
type: Date,
default: Date.now,
expires: 900
}
}, { timestamps: true });
module.exports = mongoose.model('UserOTP', UserOTPSchema);
- β±οΈ OTP records auto-expire after 15 minutes (900 seconds).
- Create or update
routes/auth.route.jsin your backend:
const express = require("express");
const router = express.Router();
const { AuthController } = require("@jehankandy/auth-core-db");
router.post("/create-auth", AuthController.createAuth);
router.post("/verify-otp", AuthController.verifyOTP);
module.exports = router;
- Mount the route in your main app:
app.use("/auth", require("./routes/auth.route"));-
MongoDB must be running
-
All required models must exist
-
A user role record must exist
-
JWT secret must be set
-
Email credentials must be valid
-
OTP emails are sent automatically
- Jehan Weerasuriya Creator of JKCSS, CoconutDB, and enterprise backend frameworks
π License