npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mbkauthe

v5.0.4

Published

MBKTech's reusable authentication system for Node.js applications.

Downloads

2,246

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ibnekhalidibnekhalid

Keywords

loginauthenticationnodejsexpresssessionsecurityoauth2facsrf

Readme

MBKAuthe - Node.js Authentication System

Version License Node.js Publish Downloads

MBKAuthe is an open source authentication package for Node.js, Express, and PostgreSQL. It handles login, session validation, role/app access checks, optional TOTP 2FA, OAuth login, API token authentication, and multi-session management.

Note: MBKAuthe is intentionally focused on authentication and session validation. The broader user, permission, and dashboard management system is a separate MBKTech product named MBKCore(closed source for now).

Features

  • Express middleware for session validation and role checks
  • PostgreSQL-backed user, session, 2FA, trusted-device, and API-token storage
  • Secure password authentication with PBKDF2
  • Optional TOTP 2FA with trusted devices
  • GitHub App and Google OAuth login flows
  • API token authentication with read-only/write scopes
  • Configurable multi-session support per user
  • CSRF protection, rate limiting, secure cookies, and session fixation prevention
  • Customizable Handlebars views
  • Vercel/serverless-friendly deployment support
  • Dev-only DB Query Monitor with callsite, timing, request context, and pool stats

Installation

npm install mbkauthe

Quick Start

  1. Copy the environment template.
Copy-Item .env.example .env
  1. Configure environment values.

See the configuration guide for mbkautheVar, mbkauthShared, OAuth settings, session settings, and deployment flags.

  1. Create database tables.

Run docs/schema/db.sql against PostgreSQL, or use the package script:

npm run create-tables

The schema includes a default SuperAdmin user (support / 12345678). Change that password immediately. See the database guide.

  1. Mount MBKAuthe in Express.
import express from "express";
import dotenv from "dotenv";
import mbkauthe, { sessVal, roleChk, sessRole } from "mbkauthe";

dotenv.config();

const app = express();

app.use(mbkauthe);

app.get("/dashboard", sessVal, (req, res) => {
  res.send(`Welcome ${req.session.user.username}!`);
});

app.get("/admin", sessVal, roleChk("SuperAdmin"), (req, res) => {
  res.send("Admin Panel");
});

// Or combine session and role checks into one middleware:
app.get("/admin", sessRole("SuperAdmin"), (req, res) => {
  res.send("Admin Panel");
});

app.listen(3000);

Common Exports

  • sessVal / validateSession - require a valid session or API token.
  • roleChk / checkRolePermission - require a role after session validation.
  • sessRole / validateSessionAndRole - combine session and role checks.
  • strictValidateSession - require cookie session authentication only.
  • strictValidateSessionAndRole - strict cookie session plus role check.
  • authenticate(token) - protect server-to-server routes with a static bearer token.
  • dblogin - access the configured PostgreSQL pool.

See the API reference for endpoints, middleware, examples, security notes, and rate limits.

JSON Error Responses

Browser page routes usually render HTML errors, while API/AJAX-style requests receive JSON. MBKAuthe treats a request as JSON when any of these are true:

  • The path starts with /mbkauthe/api/ or /api/
  • X-Requested-With: XMLHttpRequest
  • Accept prefers JSON and does not explicitly prefer text/html
  • User-Agent looks like a non-browser client such as curl, wget, or Postman
  • User-Agent: json
curl -i -H "User-Agent: json" http://localhost:3000/mbkauthe/test

Development

npm test
npm run test:watch
npm run dev

Development-only diagnostics are mounted when process.env.env === "dev":

  • /mbkauthe/db - DB Query Monitor UI
  • /mbkauthe/db.json - DB Query Monitor JSON
  • /mbkauthe/db/reset - reset diagnostic query logs
  • /mbkauthe/validate-superadmin - SuperAdmin validation check

Documentation

Deployment Checklist

  • Set IS_DEPLOYED=true
  • Use strong SESSION_SECRET_KEY and Main_SECRET_TOKEN values
  • Enable HTTPS
  • Set the correct DOMAIN
  • Set an appropriate COOKIE_EXPIRE_TIME
  • Store secrets in environment variables
  • Configure OAuth credentials only when the matching provider is enabled

Vercel deployments can use shared OAuth credentials through mbkauthShared.

License

LGPL v3.0 - see LICENSE.

Author

Muhammad Bin Khalid
[email protected] | [email protected]
GitHub @MIbnEKhalid

Links

Made with love by MBKTech.org.