@putkoff/abstract-logins

v0.1.12

Published

19 days ago

Headless email/password auth for React & Next.js — provider, hooks, unstyled Login/Register/Logout/ChangePassword, and a pure-crypto server core. No MUI, redux, or router.

0High
0Medium
0Low

putkoff

@putkoff/abstract-logins

Headless email/password auth for React & Next.js. A tiny, dependency-light client for cookie-session /api/auth/* route handlers, plus a pure-crypto server core. No MUI, no Redux, no react-router — bring your own styling and routing.

Install

npm i @putkoff/abstract-logins

react / react-dom are peer dependencies.

Client

import { AuthProvider, useAuth, AuthBar, Login, Register, Logout, ChangePassword }
  from "@putkoff/abstract-logins";

// Drop-in header widget — carries its own provider, works in server components:
<AuthBar onAuthChange={() => router.refresh()} />

// Or compose manually:
<AuthProvider basePath="/api/auth">
  <Login onSuccess={...} />
</AuthProvider>

// Hook:
const { status, user, signIn, signUp, signOut, changePassword } = useAuth();

All components and the provider talk to (configurable, default /api/auth): POST /login, POST /register, POST /logout, POST /change-password, GET /me — email + password, HTTP-only cookie session, same-origin.

There are also bare fetch helpers if you don't want the components: loginWithAbstract, registerWithAbstract, logoutUser, changePassword, fetchMe — each takes an optional basePath and resolves to null on success or an error-message string.

Server core

Framework-agnostic primitives (pure node crypto) for your route handlers:

import {
  hashPassword, verifyPassword, makeToken, verifyToken, newUserId, SESSION_MAX_AGE,
} from "@putkoff/abstract-logins/server";

Wire makeToken(uid, SESSION_SECRET) onto a cookie, verify with verifyToken(token, SESSION_SECRET). See clownworld (src/server/auth.ts + src/app/api/auth/*) for a complete Next.js App Router reference.

Breaking change from 0.0.x

0.1.0 is a ground-up rewrite. The old MUI/Redux/react-router exports are gone: AuthCard, store, AbstractLogin, and the import.meta.env/VITE_* config. Login / Logout / ChangePassword / Register are now headless, and loginWithAbstract / changePassword / logoutUser are plain fetch helpers with new signatures. Consumers still on the old API (hugpy/ui, abstract-shares) must migrate before upgrading.

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

@putkoff/abstract-logins

Install

Client

Server core

Breaking change from 0.0.x