npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

penlify-server

v1.0.0

Published

Backend API server for Penlify note-taking application using Fastify, PostgreSQL, and secure-node-auth.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

himasrafeekhimasrafeek

Keywords

Readme

Penlify Server

Backend API server for Penlify note-taking application using Fastify, PostgreSQL, and secure-node-auth.

Features

  • ✅ Fastify web framework (high performance)
  • ✅ PostgreSQL database
  • ✅ JWT authentication with refresh tokens
  • ✅ Email verification (6-digit codes)
  • ✅ Password reset (6-digit codes)
  • ✅ Rate limiting
  • ✅ CORS enabled
  • ✅ Auto-creates database tables
  • ✅ Production-ready security

Quick Start

1. Install Dependencies

npm install

2. Configure Environment

Create .env file (already exists with your config):

DB_HOST=95.111.234.0
DB_USER=postgres
DB_PASSWORD=your_password
DB_NAME=postgres
DB_PORT=5432

JWT_ACCESS_SECRET=your_secret_here
JWT_REFRESH_SECRET=your_refresh_secret_here

3. Run Server

# Development (with auto-reload)
npm run dev

# Production
npm start

API Endpoints

Public Endpoints

Health Check

GET /

Authentication

POST /auth/register
POST /auth/login
POST /auth/refresh
POST /auth/logout

Email Verification

POST /auth/send-verification-code
POST /auth/verify-code

Password Reset

POST /auth/send-password-reset-code
POST /auth/reset-password-with-code

Protected Endpoints (Require Bearer Token)

User Profile

GET    /auth/me
PATCH  /auth/me
POST   /auth/change-password

API Routes

GET    /api/test

Example Usage

Register User

curl -X POST http://localhost:3000/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!",
    "firstName": "John",
    "lastName": "Doe"
  }'

Login

curl -X POST http://localhost:3000/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!"
  }'

Get Profile (Protected)

curl -X GET http://localhost:3000/auth/me \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Send Verification Code

curl -X POST http://localhost:3000/auth/send-verification-code \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Verify Email

curl -X POST http://localhost:3000/auth/verify-code \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "code": "123456"
  }'

Database Tables

The following tables are automatically created:

  • secure_auth_users - User accounts
  • secure_auth_refresh_tokens - JWT refresh tokens
  • secure_auth_login_attempts - Login attempt tracking
  • secure_auth_verification_tokens - Email verification codes

Security Features

  • ✅ Bcrypt password hashing (10 rounds)
  • ✅ JWT access tokens (15 min expiry)
  • ✅ JWT refresh tokens (7 days expiry)
  • ✅ Rate limiting (100 req/15min)
  • ✅ Account lockout after 5 failed attempts
  • ✅ SQL injection protection
  • ✅ CORS protection
  • ✅ Token blacklisting on logout

Environment Variables

| Variable | Description | Default | | ------------------------ | ----------------------------- | --------- | | DB_HOST | PostgreSQL host | localhost | | DB_PORT | PostgreSQL port | 5432 | | DB_USER | Database user | postgres | | DB_PASSWORD | Database password | - | | DB_NAME | Database name | postgres | | JWT_ACCESS_SECRET | JWT access token secret | - | | JWT_REFRESH_SECRET | JWT refresh token secret | - | | JWT_ACCESS_EXPIRES_IN | Access token expiry | 15m | | JWT_REFRESH_EXPIRES_IN | Refresh token expiry | 7d | | BCRYPT_ROUNDS | Bcrypt hash rounds | 10 | | MAX_LOGIN_ATTEMPTS | Max failed login attempts | 5 | | LOCKOUT_TIME | Account lockout duration (ms) | 900000 | | PORT | Server port | 3000 |

Development

# Install dependencies
npm install

# Run in development mode (auto-reload)
npm run dev

# Run in production mode
npm start

Troubleshooting

Cannot connect to database

  • Verify PostgreSQL is running
  • Check credentials in .env
  • Ensure database exists

Invalid token errors

  • Access tokens expire in 15 minutes
  • Use refresh token endpoint to get new access token

Account locked

  • Wait 15 minutes after 5 failed login attempts
  • Or adjust LOCKOUT_TIME in .env

Next Steps

  1. ✅ Server is ready to run
  2. Start server: npm run dev
  3. Test endpoints with curl or Postman
  4. Connect your frontend Auth component
  5. Add your application's API routes in /api section

Documentation