Forem: susheel kumar The latest articles on Forem by susheel kumar (@susheel_kumar_2041f5433d2). https://forem.com/susheel_kumar_2041f5433d2 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2976786%2Fe3e5131c-785e-4dd9-876a-0060981e5b93.png Forem: susheel kumar https://forem.com/susheel_kumar_2041f5433d2 en Stop Building Auth From Scratch — Meet authwall: The Plug-and-Play Auth System for Express susheel kumar Tue, 12 May 2026 11:54:56 +0000 https://forem.com/susheel_kumar_2041f5433d2/stop-building-auth-from-scratch-meet-authwall-the-plug-and-play-auth-system-for-express-5a52 https://forem.com/susheel_kumar_2041f5433d2/stop-building-auth-from-scratch-meet-authwall-the-plug-and-play-auth-system-for-express-5a52 <h3> The Problem </h3> <p>Every Node.js developer knows the drill. You're building an Express app, and suddenly you need:</p> <ul> <li>User authentication</li> <li>Role-based access control</li> <li>Admin panels</li> <li>Audit logs</li> <li>Rate limiting</li> <li>2FA support</li> </ul> <p>That's <strong>days</strong> of coding, testing, and debugging security vulnerabilities.</p> <h3> The Solution </h3> <p>Meet <strong><a href="https://www.npmjs.com/package/authwall" rel="noopener noreferrer">authwall</a></strong> — a complete, production-ready authentication system that drops into any Express + MongoDB app in <strong>60 seconds</strong>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// That's literally it</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authwall</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="na">jwt</span><span class="p">:</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h3> What You Get Out of the Box </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Status</th> </tr> </thead> <tbody> <tr> <td>Email OTP login</td> <td>✅</td> </tr> <tr> <td>JWT authentication</td> <td>✅</td> </tr> <tr> <td>Role-based access (RBAC)</td> <td>✅</td> </tr> <tr> <td>Full admin REST API</td> <td>✅</td> </tr> <tr> <td>User suspension/banning</td> <td>✅</td> </tr> <tr> <td>Two-factor authentication (TOTP)</td> <td>✅</td> </tr> <tr> <td>Audit logs with request IDs</td> <td>✅</td> </tr> <tr> <td>Rate limiting</td> <td>✅</td> </tr> <tr> <td>CSV user export</td> <td>✅</td> </tr> <tr> <td>Bulk operations</td> <td>✅</td> </tr> <tr> <td>Impersonation mode</td> <td>✅</td> </tr> <tr> <td>Event system for webhooks</td> <td>✅</td> </tr> </tbody> </table></div> <h3> Why Developers Love It </h3> <blockquote> <p><em>"I was about to spend 3 days building auth. authwall took 10 minutes."</em> — <strong>Senior Backend Engineer</strong></p> <p><em>"The audit logs alone saved us during a security compliance audit."</em> — <strong>CTO, SaaS Startup</strong></p> <p><em>"Finally, an auth package that doesn't force its own user model."</em> — <strong>Full-stack Developer</strong></p> </blockquote> <h3> Quick Start </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>authwall </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mongoose</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authwall</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongodb://localhost:27017/myapp</span><span class="dl">'</span><span class="p">);</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">seed</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="na">jwt</span><span class="p">:</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span> <span class="p">},</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">noreply@myapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">transport</span><span class="p">:</span> <span class="p">{</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">smtp.gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">587</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{...}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <p>That's it. You now have:</p> <ul> <li> <code>POST /api/auth/otp/send</code> — send login code</li> <li> <code>POST /api/auth/otp/verify</code> — verify &amp; get JWT</li> <li> <code>GET /api/auth/me</code> — get current user</li> <li> <code>GET /api/admin/users</code> — list all users</li> <li> <code>POST /api/admin/users/:id/suspend</code> — suspend a user</li> <li>...and 25+ more endpoints</li> </ul> <h3> Real-World Example </h3> <p><strong>Want to let admins suspend bad actors?</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Admin logs in</span> curl <span class="nt">-X</span> POST /api/auth/otp/send <span class="nt">-d</span> <span class="s1">'{"email":"admin@company.com"}'</span> curl <span class="nt">-X</span> POST /api/auth/otp/verify <span class="nt">-d</span> <span class="s1">'{"email":"admin@company.com","code":"123456"}'</span> <span class="c"># → Returns JWT token</span> <span class="c"># Suspend a problematic user</span> curl <span class="nt">-X</span> POST /api/admin/users/user_123/suspend <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer &lt;token&gt;"</span> </code></pre> </div> <p><strong>Want to know when users log in?</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">events</span><span class="p">,</span> <span class="nx">EVENTS</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">LOGIN_SUCCESS</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`✅ </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2"> logged in from </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// Send to Slack, DataDog, webhook, etc.</span> <span class="p">});</span> </code></pre> </div> <h3> Works With Your Existing User Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Your existing User schema</span> <span class="kd">const</span> <span class="nx">userSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">subscriptionTier</span><span class="p">:</span> <span class="nb">String</span> <span class="p">});</span> <span class="c1">// Just add authwall fields</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">addUserAdminFields</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="nf">addUserAdminFields</span><span class="p">(</span><span class="nx">userSchema</span><span class="p">);</span> <span class="c1">// Adds roles, status, 2FA fields</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">getUserModel</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">User</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userSchema</span><span class="p">)</span> <span class="p">});</span> </code></pre> </div> <h3> Security Built-In </h3> <ul> <li> <strong>No default JWT secrets</strong> — you must provide one</li> <li> <strong>Rate limiting on OTP endpoints</strong> — prevents brute force</li> <li> <strong>Admin self-protection</strong> — can't suspend/delete themselves</li> <li> <strong>Audit logs with request IDs</strong> — trace every admin action</li> <li> <strong>Session termination</strong> — revoke all user sessions with one call</li> </ul> <h3> What's Coming </h3> <ul> <li>[ ] Social logins (Google, GitHub)</li> <li>[ ] Password-based authentication</li> <li>[ ] WebAuthn/Passkeys support</li> <li>[ ] OpenAPI/Swagger generation</li> </ul> <h3> Get Started Today </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>authwall </code></pre> </div> <p>📖 <strong><a href="https://github.com/susheelkumar/authwall" rel="noopener noreferrer">Full Documentation</a></strong><br><br> 🐛 <strong><a href="https://github.com/susheelkumar/authwall/issues" rel="noopener noreferrer">Report Issues</a></strong><br><br> ⭐ <strong><a href="https://github.com/susheelkumar/authwall" rel="noopener noreferrer">Star on GitHub</a></strong></p> <h3> About the Author </h3> <p><strong>Susheel Kumar</strong> — Full-stack developer building tools that make developers' lives easier.</p> <p>📧 <strong><a href="mailto:susheelhbti@gmail.com">susheelhbti@gmail.com</a></strong> — Open for freelance &amp; full-time opportunities.</p> <h1> 📘 Complete User Guide </h1> <h2> Getting Started with authwall </h2> <h3> Table of Contents </h3> <ol> <li>Installation</li> <li>Basic Setup</li> <li>Configuration</li> <li>Authentication Flow</li> <li>Admin Operations</li> <li>Role-Based Access Control</li> <li>Two-Factor Authentication</li> <li>Event System</li> <li>Production Deployment</li> <li>Troubleshooting</li> </ol> <h2> 1. Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>authwall </code></pre> </div> <p><strong>Requirements:</strong></p> <ul> <li>Node.js ≥ 18</li> <li>Express ≥ 4</li> <li>Mongoose ≥ 8</li> <li>MongoDB running instance</li> </ul> <h2> 2. Basic Setup </h2> <h3> Minimal Working Example </h3> <p>Create <code>app.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mongoose</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authwall</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// Connect to MongoDB</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongodb://localhost:27017/myapp</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Initialize authwall</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">seed</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Creates default roles: admin, user, moderator</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="na">jwt</span><span class="p">:</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">your-super-secret-key-change-this</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">noreply@yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">transport</span><span class="p">:</span> <span class="p">{</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">smtp.gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">587</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">EMAIL_USER</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">EMAIL_PASS</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server running on http://localhost:3000</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h3> Environment Variables (.env) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Required</span> <span class="nv">JWT_SECRET</span><span class="o">=</span>your-super-secret-jwt-key-min-32-chars <span class="c"># Email configuration</span> <span class="nv">EMAIL_USER</span><span class="o">=</span>your-email@gmail.com <span class="nv">EMAIL_PASS</span><span class="o">=</span>your-app-password <span class="c"># Optional</span> <span class="nv">CORS_ORIGIN</span><span class="o">=</span>https://yourapp.com <span class="nv">PORT</span><span class="o">=</span>3000 <span class="nv">MONGODB_URI</span><span class="o">=</span>mongodb://localhost:27017/myapp </code></pre> </div> <h2> 3. Configuration </h2> <h3> Full Configuration Options </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="c1">// Seed default roles on startup</span> <span class="na">seed</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Auto-clean expired OTPs every 15min</span> <span class="na">cleanupCron</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Use your own User model (optional)</span> <span class="na">getUserModel</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./models/User</span><span class="dl">'</span><span class="p">),</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="c1">// Route prefix for all endpoints</span> <span class="na">routePrefix</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/api</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Global middleware before auth routes</span> <span class="na">routeMiddleware</span><span class="p">:</span> <span class="p">[</span><span class="nx">logger</span><span class="p">,</span> <span class="nx">cors</span><span class="p">],</span> <span class="c1">// OTP settings</span> <span class="na">otp</span><span class="p">:</span> <span class="p">{</span> <span class="na">expiresInMinutes</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">maxAttempts</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="na">rateLimitCount</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="na">rateLimitMinutes</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="na">codeLength</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span> <span class="p">},</span> <span class="c1">// JWT settings</span> <span class="na">jwt</span><span class="p">:</span> <span class="p">{</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">JWT_SECRET</span><span class="p">,</span> <span class="c1">// Required</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="dl">'</span><span class="s1">7d</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// 7 days</span> <span class="p">},</span> <span class="c1">// Role defaults</span> <span class="na">defaultRoleSlug</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">adminRoleSlug</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Auto-register new users on OTP verify</span> <span class="na">autoRegister</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Pagination default</span> <span class="na">perPage</span><span class="p">:</span> <span class="mi">15</span><span class="p">,</span> <span class="c1">// Rate limiting</span> <span class="na">rateLimit</span><span class="p">:</span> <span class="p">{</span> <span class="na">windowMs</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="c1">// 15 minutes</span> <span class="na">max</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="c1">// max OTP attempts</span> <span class="p">},</span> <span class="c1">// CORS</span> <span class="na">cors</span><span class="p">:</span> <span class="p">{</span> <span class="na">enabled</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">origin</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CORS_ORIGIN</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">,</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="c1">// Email</span> <span class="na">email</span><span class="p">:</span> <span class="p">{</span> <span class="na">from</span><span class="p">:</span> <span class="dl">'</span><span class="s1">noreply@yourapp.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">transport</span><span class="p">:</span> <span class="p">{</span> <span class="cm">/* nodemailer config */</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <h2> 4. Authentication Flow </h2> <h3> Step 1: Send OTP </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/auth/otp/send Content-Type: application/json <span class="o">{</span> <span class="s2">"email"</span>: <span class="s2">"user@example.com"</span> <span class="o">}</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"OTP sent successfully"</span><span class="p">,</span><span class="w"> </span><span class="nl">"expires_in_minutes"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 2: Verify OTP </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/auth/otp/verify Content-Type: application/json <span class="o">{</span> <span class="s2">"email"</span>: <span class="s2">"user@example.com"</span>, <span class="s2">"code"</span>: <span class="s2">"123456"</span> <span class="o">}</span> </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"success"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"token"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eyJhbGciOiJIUzI1NiIs..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"user"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"65abc123..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"role"</span><span class="p">:</span><span class="w"> </span><span class="s2">"user"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"active"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 3: Use JWT Token </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/auth/me Authorization: Bearer eyJhbGciOiJIUzI1NiIs... </code></pre> </div> <h3> Step 4: Logout </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/auth/logout Authorization: Bearer &lt;token&gt; </code></pre> </div> <h2> 5. Admin Operations </h2> <h3> First Admin Setup </h3> <p>The first user who logs in with <code>autoRegister: true</code> gets the <code>user</code> role. To create an admin:</p> <p><strong>Option 1: Via MongoDB directly</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Run in MongoDB shell or Compass</span> <span class="nx">db</span><span class="p">.</span><span class="nx">users</span><span class="p">.</span><span class="nf">updateOne</span><span class="p">(</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="dl">"</span><span class="s2">admin@example.com</span><span class="dl">"</span> <span class="p">},</span> <span class="p">{</span> <span class="na">$set</span><span class="p">:</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="dl">"</span><span class="s2">admin</span><span class="dl">"</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">active</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p><strong>Option 2: Create admin programmatically</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">User</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">active</span><span class="dl">'</span> <span class="p">});</span> </code></pre> </div> <h3> Admin API Endpoints </h3> <h4> List Users with Filters </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/admin/users Authorization: Bearer &lt;admin-token&gt; <span class="c"># With filters</span> GET /api/admin/users?status<span class="o">=</span>suspended&amp;role<span class="o">=</span>user&amp;search<span class="o">=</span>john&amp;page<span class="o">=</span>2&amp;sort_by<span class="o">=</span>createdAt_desc </code></pre> </div> <h4> Get User Details </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/admin/users/:userId </code></pre> </div> <h4> Suspend User </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/suspend Authorization: Bearer &lt;admin-token&gt; <span class="c"># Optional body</span> <span class="o">{</span> <span class="s2">"reason"</span>: <span class="s2">"Violated terms of service"</span> <span class="o">}</span> </code></pre> </div> <h4> Temporary Ban </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/temporary-ban <span class="o">{</span> <span class="s2">"duration_hours"</span>: 24, <span class="s2">"reason"</span>: <span class="s2">"Spamming"</span> <span class="o">}</span> </code></pre> </div> <h4> Force Password Reset </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/force-password-reset <span class="c"># Sends email to user with reset link</span> </code></pre> </div> <h4> Impersonate User </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/impersonate <span class="c"># Returns a special JWT that acts as the target user</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Stop impersonation</span> POST /api/admin/users/stop-impersonation </code></pre> </div> <h4> Terminate All Sessions </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/terminate-sessions <span class="c"># Revokes all refresh tokens for this user</span> </code></pre> </div> <h4> Bulk Operations </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Bulk suspend</span> POST /api/admin/users/bulk/suspend <span class="o">{</span> <span class="s2">"user_ids"</span>: <span class="o">[</span><span class="s2">"id1"</span>, <span class="s2">"id2"</span>, <span class="s2">"id3"</span><span class="o">]</span> <span class="o">}</span> <span class="c"># Bulk assign role</span> POST /api/admin/users/bulk/assign-role <span class="o">{</span> <span class="s2">"user_ids"</span>: <span class="o">[</span><span class="s2">"id1"</span>, <span class="s2">"id2"</span><span class="o">]</span>, <span class="s2">"role"</span>: <span class="s2">"moderator"</span> <span class="o">}</span> </code></pre> </div> <h4> Export Users to CSV </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/admin/users/export Authorization: Bearer &lt;admin-token&gt; <span class="c"># Downloads CSV with all user data</span> </code></pre> </div> <h4> View Audit Logs </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/admin/admin-logs <span class="c"># Shows all admin actions with timestamps, IPs, request IDs</span> </code></pre> </div> <h4> Statistics </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GET /api/admin/statistics </code></pre> </div> <p><strong>Response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"total_users"</span><span class="p">:</span><span class="w"> </span><span class="mi">1542</span><span class="p">,</span><span class="w"> </span><span class="nl">"active_users"</span><span class="p">:</span><span class="w"> </span><span class="mi">1289</span><span class="p">,</span><span class="w"> </span><span class="nl">"suspended_users"</span><span class="p">:</span><span class="w"> </span><span class="mi">42</span><span class="p">,</span><span class="w"> </span><span class="nl">"admins"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"users_by_role"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"admin"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="nl">"moderator"</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="p">,</span><span class="w"> </span><span class="nl">"user"</span><span class="p">:</span><span class="w"> </span><span class="mi">1527</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"users_by_status"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"active"</span><span class="p">:</span><span class="w"> </span><span class="mi">1289</span><span class="p">,</span><span class="w"> </span><span class="nl">"suspended"</span><span class="p">:</span><span class="w"> </span><span class="mi">42</span><span class="p">,</span><span class="w"> </span><span class="nl">"banned"</span><span class="p">:</span><span class="w"> </span><span class="mi">211</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> 6. Role-Based Access Control </h2> <h3> Default Roles </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Role</th> <th>Permissions</th> </tr> </thead> <tbody> <tr> <td><code>admin</code></td> <td>Full access to all admin endpoints</td> </tr> <tr> <td><code>moderator</code></td> <td>Can view users, suspend/unsuspend, but cannot delete or access sensitive settings</td> </tr> <tr> <td><code>user</code></td> <td>Can only access their own profile</td> </tr> </tbody> </table></div> <h3> Creating Custom Roles </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">Role</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">Role</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">Role</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Content Manager</span><span class="dl">'</span><span class="p">,</span> <span class="na">slug</span><span class="p">:</span> <span class="dl">'</span><span class="s1">content-manager</span><span class="dl">'</span><span class="p">,</span> <span class="na">permissions</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">users:read</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">posts:create</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">posts:edit</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">posts:delete</span><span class="dl">'</span> <span class="p">]</span> <span class="p">});</span> </code></pre> </div> <h3> Protecting Routes with Middleware </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">makeAuthMiddleware</span><span class="p">,</span> <span class="nx">makeRoleMiddleware</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">auth</span> <span class="o">=</span> <span class="nf">makeAuthMiddleware</span><span class="p">(</span><span class="nx">config</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">User</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">requireModerator</span> <span class="o">=</span> <span class="nf">makeRoleMiddleware</span><span class="p">(</span><span class="dl">'</span><span class="s1">moderator</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">requireAdmin</span> <span class="o">=</span> <span class="nf">makeRoleMiddleware</span><span class="p">(</span><span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Public route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/public</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{...});</span> <span class="c1">// Any authenticated user</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/profile</span><span class="dl">'</span><span class="p">,</span> <span class="nx">auth</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">user</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Moderator only</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/moderate/comment</span><span class="dl">'</span><span class="p">,</span> <span class="nx">auth</span><span class="p">,</span> <span class="nx">requireModerator</span><span class="p">,</span> <span class="nx">handler</span><span class="p">);</span> <span class="c1">// Admin only</span> <span class="nx">app</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/admin/users/:id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">auth</span><span class="p">,</span> <span class="nx">requireAdmin</span><span class="p">,</span> <span class="nx">handler</span><span class="p">);</span> </code></pre> </div> <h2> 7. Two-Factor Authentication </h2> <h3> Enabling 2FA for a User </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">generateTOTPSecret</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Generate secret and QR code</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">secret</span><span class="p">,</span> <span class="nx">qrCodeUrl</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generateTOTPSecret</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">);</span> <span class="c1">// Store secret temporarily or with user</span> <span class="nx">user</span><span class="p">.</span><span class="nx">twoFactorSecret</span> <span class="o">=</span> <span class="nx">secret</span><span class="p">;</span> <span class="k">await</span> <span class="nx">user</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> <span class="c1">// Send QR code to user (via email or display in UI)</span> </code></pre> </div> <h3> Verifying 2FA During Login </h3> <p><strong>Step 1:</strong> Normal OTP verification<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/auth/otp/verify <span class="o">{</span> <span class="s2">"email"</span>: <span class="s2">"user@example.com"</span>, <span class="s2">"code"</span>: <span class="s2">"123456"</span> <span class="o">}</span> </code></pre> </div> <p><strong>If 2FA is enabled, response:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"requires_2fa"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"otp_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"otp_session_123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Two-factor authentication required."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Step 2:</strong> Submit TOTP code<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/auth/otp/verify <span class="o">{</span> <span class="s2">"otp_id"</span>: <span class="s2">"otp_session_123"</span>, <span class="s2">"code"</span>: <span class="s2">"123456"</span>, <span class="s2">"totp_token"</span>: <span class="s2">"654321"</span> <span class="o">}</span> </code></pre> </div> <p><strong>Or use backup code:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">{</span> <span class="s2">"otp_id"</span>: <span class="s2">"otp_session_123"</span>, <span class="s2">"code"</span>: <span class="s2">"123456"</span>, <span class="s2">"backup_code"</span>: <span class="s2">"ABCD-EFGH-IJKL-MNOP"</span> <span class="o">}</span> </code></pre> </div> <h3> Disabling 2FA (Admin) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>POST /api/admin/users/:userId/remove-2fa Authorization: Bearer &lt;admin-token&gt; </code></pre> </div> <h2> 8. Event System </h2> <h3> Available Events </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">events</span><span class="p">,</span> <span class="nx">EVENTS</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Authentication events</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">LOGIN_SUCCESS</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { userId, email, ip, userAgent, timestamp }</span> <span class="p">});</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">LOGIN_FAILED</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { email, ip, reason }</span> <span class="p">});</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">OTP_SENT</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { email, expiresIn }</span> <span class="p">});</span> <span class="c1">// User management events</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">USER_CREATED</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { user, createdBy }</span> <span class="p">});</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">USER_SUSPENDED</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { userId, email, reason, suspendedBy }</span> <span class="p">});</span> <span class="c1">// Admin events</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">ADMIN_ACTION</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { adminId, action, target, ip, requestId }</span> <span class="p">});</span> <span class="c1">// 2FA events</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">TFA_ENABLED</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { userId, email }</span> <span class="p">});</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">TFA_FAILED</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// data: { userId, email, ip, attemptCount }</span> <span class="p">});</span> </code></pre> </div> <h3> Real-World Examples </h3> <p><strong>Send Slack Alert on Suspicious Activity:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">events</span><span class="p">,</span> <span class="nx">EVENTS</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">axios</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">);</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">LOGIN_FAILED</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">reason</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">too_many_attempts</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SLACK_WEBHOOK</span><span class="p">,</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`🚨 Brute force attempt detected on </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2"> from </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">}</span><span class="s2">`</span> <span class="p">});</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>Track User Metrics:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">metrics</span> <span class="o">=</span> <span class="p">{</span> <span class="na">logins</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">newUsers</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="na">suspensions</span><span class="p">:</span> <span class="mi">0</span> <span class="p">};</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">LOGIN_SUCCESS</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">metrics</span><span class="p">.</span><span class="nx">logins</span><span class="o">++</span><span class="p">);</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">USER_CREATED</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">metrics</span><span class="p">.</span><span class="nx">newUsers</span><span class="o">++</span><span class="p">);</span> <span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">USER_SUSPENDED</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">metrics</span><span class="p">.</span><span class="nx">suspensions</span><span class="o">++</span><span class="p">);</span> <span class="c1">// Expose metrics endpoint</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/metrics</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">metrics</span><span class="p">));</span> </code></pre> </div> <p><strong>Send Welcome Email:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">events</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="nx">EVENTS</span><span class="p">.</span><span class="nx">USER_CREATED</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">sendWelcomeEmail</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> 9. Production Deployment </h2> <h3> Security Checklist </h3> <ul> <li>[ ] Set strong <code>JWT_SECRET</code> (32+ chars, random)</li> <li>[ ] Enable HTTPS</li> <li>[ ] Configure CORS properly (not <code>*</code> in production)</li> <li>[ ] Set appropriate rate limits</li> <li>[ ] Use environment variables for all secrets</li> <li>[ ] Enable MongoDB authentication</li> <li>[ ] Regularly backup audit logs</li> <li>[ ] Monitor admin logs for suspicious activity</li> </ul> <h3> Multi-Server Setup (Load Balancing) </h3> <p>For multiple server instances, configure shared rate limiting with Redis:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>rate-limit-redis ioredis </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">rateLimit</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express-rate-limit</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">RedisStore</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">rate-limit-redis</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">Redis</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">ioredis</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">sharedLimiter</span> <span class="o">=</span> <span class="nf">rateLimit</span><span class="p">({</span> <span class="na">store</span><span class="p">:</span> <span class="k">new</span> <span class="nc">RedisStore</span><span class="p">({</span> <span class="na">client</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Redis</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REDIS_URL</span><span class="p">)</span> <span class="p">}),</span> <span class="na">windowMs</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">max</span><span class="p">:</span> <span class="mi">5</span> <span class="p">});</span> <span class="c1">// Apply to authwall routes</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="na">rateLimit</span><span class="p">:</span> <span class="nx">sharedLimiter</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h3> Performance Optimization </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Use indexes for large user bases</span> <span class="kd">const</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">User</span><span class="dl">'</span><span class="p">);</span> <span class="nx">User</span><span class="p">.</span><span class="nf">createIndexes</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">role</span><span class="p">:</span> <span class="mi">1</span> <span class="p">});</span> <span class="c1">// Enable Mongoose debug in development (not production)</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="dl">'</span><span class="s1">debug</span><span class="dl">'</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">development</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h3> Monitoring with PM2 </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># ecosystem.config.js</span> module.exports <span class="o">=</span> <span class="o">{</span> apps: <span class="o">[{</span> name: <span class="s1">'myapp'</span>, script: <span class="s1">'app.js'</span>, instances: 2, exec_mode: <span class="s1">'cluster'</span>, <span class="nb">env</span>: <span class="o">{</span> NODE_ENV: <span class="s1">'production'</span>, JWT_SECRET: process.env.JWT_SECRET <span class="o">}</span> <span class="o">}]</span> <span class="o">}</span><span class="p">;</span> </code></pre> </div> <h3> Docker Deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:18-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="nt">--only</span><span class="o">=</span>production <span class="k">COPY</span><span class="s"> . .</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> ["node", "app.js"]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000:3000"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">MONGODB_URI=mongodb://mongodb:27017/myapp</span> <span class="pi">-</span> <span class="s">JWT_SECRET=${JWT_SECRET}</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mongodb</span> <span class="na">mongodb</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mongo:6</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mongodb_data:/data/db</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">mongodb_data</span><span class="pi">:</span> </code></pre> </div> <h2> 10. Troubleshooting </h2> <h3> Common Issues </h3> <p><strong>Issue: "JWT secret is required"</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Set environment variable</span> <span class="nb">export </span><span class="nv">JWT_SECRET</span><span class="o">=</span><span class="s2">"your-strong-secret-here"</span> <span class="c"># Or in .env file</span> <span class="nb">echo</span> <span class="s2">"JWT_SECRET=your-secret"</span> <span class="o">&gt;&gt;</span> .env </code></pre> </div> <p><strong>Issue: OTP emails not sending</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Test email configuration</span> <span class="kd">const</span> <span class="nx">nodemailer</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">nodemailer</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">transporter</span> <span class="o">=</span> <span class="nx">nodemailer</span><span class="p">.</span><span class="nf">createTestAccount</span><span class="p">((</span><span class="nx">err</span><span class="p">,</span> <span class="nx">account</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Test account:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">account</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p><strong>Issue: User can't login after suspension</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Check user status</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">User</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user@example.com</span><span class="dl">'</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Status:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">status</span><span class="p">);</span> <span class="c1">// Should be 'active'</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Suspended until:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">suspendedUntil</span><span class="p">);</span> <span class="c1">// Unsuspend manually</span> <span class="nx">user</span><span class="p">.</span><span class="nx">status</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">active</span><span class="dl">'</span><span class="p">;</span> <span class="nx">user</span><span class="p">.</span><span class="nx">suspendedUntil</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">await</span> <span class="nx">user</span><span class="p">.</span><span class="nf">save</span><span class="p">();</span> </code></pre> </div> <p><strong>Issue: Rate limiting too aggressive</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Increase limits</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">config</span><span class="p">:</span> <span class="p">{</span> <span class="na">rateLimit</span><span class="p">:</span> <span class="p">{</span> <span class="na">windowMs</span><span class="p">:</span> <span class="mi">15</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">max</span><span class="p">:</span> <span class="mi">20</span> <span class="c1">// Allow 20 attempts per 15 minutes</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <p><strong>Issue: "User model not found"</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Register model before authwall</span> <span class="kd">const</span> <span class="nx">User</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">User</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userSchema</span><span class="p">);</span> <span class="nf">authwall</span><span class="p">(</span><span class="nx">app</span><span class="p">,</span> <span class="p">{</span> <span class="na">getUserModel</span><span class="p">:</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">User</span> <span class="p">});</span> </code></pre> </div> <p><strong>Debug Mode:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Enable debug logging</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DEBUG</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">authwall:*</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">authwall</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">authwall</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <h2> Support &amp; Community </h2> <ul> <li> <strong>GitHub Issues:</strong> <a href="https://github.com/susheelhbti/authwall/issues" rel="noopener noreferrer">Report bugs</a> </li> <li> <strong>NPM Package:</strong> <a href="https://www.npmjs.com/package/authwall" rel="noopener noreferrer">authwall</a> </li> <li> <strong>Author Email:</strong> <a href="mailto:susheelhbti@gmail.com">susheelhbti@gmail.com</a> </li> </ul> <h2> License </h2> <p>MIT © Susheel Kumar </p> javascript node security showdev Introducing **payx3**: The All-in-One SDK to Simplify Multi-Chain Crypto Payments susheel kumar Tue, 12 May 2026 01:13:37 +0000 https://forem.com/susheel_kumar_2041f5433d2/introducing-payx3-the-all-in-one-sdk-to-simplify-multi-chain-crypto-payments-28hf https://forem.com/susheel_kumar_2041f5433d2/introducing-payx3-the-all-in-one-sdk-to-simplify-multi-chain-crypto-payments-28hf <p>In the rapidly evolving world of Web3, developers face a persistent headache: fragmentation. If you want to accept Bitcoin, you need one library. For Ethereum, another. For Solana, yet another. Managing multiple chains, tracking different token decimals, and monitoring transaction confirmations usually results in a bloated, unmaintainable codebase.</p> <p>Enter <strong>payx3</strong>—a powerful, lightweight Multi-Chain Crypto Payment SDK designed to let you generate wallets and watch for incoming payments across almost any major chain with a single function call.</p> <h2> 🚀 Why payx3? </h2> <p>The goal of <strong>payx3</strong> is simple: <strong>Reduce the complexity of crypto integrations to zero.</strong> Whether you are building an e-commerce checkout, a donation platform, or a decentralized app, payx3 handles the heavy lifting of blockchain monitoring so you can focus on your product.</p> <h3> Key Features: </h3> <ul> <li> <strong>Universal Wallet Generation:</strong> Generate a single 12-word mnemonic and derive addresses for Bitcoin (Legacy, SegWit, Native SegWit), Solana, and all EVM chains (ETH, BNB, Polygon, etc.).</li> <li> <strong>"Watch Everything" Mode:</strong> A single function to monitor BTC, ETH, SOL, and dozens of ERC-20 tokens simultaneously.</li> <li> <strong>Decimal Perfection:</strong> No more math errors. payx3 automatically handles decimal conversions (like the 6-decimal USDT on Ethereum vs. 18-decimal on BNB Chain).</li> <li> <strong>Real-time Callbacks:</strong> Get instant notifications when a payment is detected (<code>onPayment</code>) and when it is finalized on the block (<code>onConfirmed</code>).</li> <li> <strong>REST API Ready:</strong> It comes with a built-in Express.js server example, allowing you to run your own payment gateway in minutes.</li> </ul> <h2> 🛠 Quick Start </h2> <p>Getting started is as easy as installing the package:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>payx3 </code></pre> </div> <h3> One Wallet, All the Chains </h3> <p>You don't need separate setups for different assets. Generate a master key and get all your addresses at once:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">generateMnemonic</span><span class="p">,</span> <span class="nx">deriveAll</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mnemonic</span> <span class="o">=</span> <span class="nf">generateMnemonic</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">wallet</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">deriveAll</span><span class="p">(</span><span class="nx">mnemonic</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">BTC Address:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">bitcoin</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nx">address</span><span class="p">);</span> <span class="c1">// Native SegWit</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">EVM Address:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">evm</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> <span class="c1">// ETH, BNB, Polygon, etc.</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">SOL Address:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">solana</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> </code></pre> </div> <h3> Monitoring Payments </h3> <p>Forget complex WebSockets or polling logic. Use <code>watchAll</code> to monitor every asset you care about across every supported chain in one go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">watchAll</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="nf">watchAll</span><span class="p">({</span> <span class="na">btcAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">bc1q...</span><span class="dl">"</span><span class="p">,</span> <span class="na">evmAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0x...</span><span class="dl">"</span><span class="p">,</span> <span class="na">solAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Azj...</span><span class="dl">"</span><span class="p">,</span> <span class="na">infuraKey</span><span class="p">:</span> <span class="dl">"</span><span class="s2">YOUR_INFURA_KEY</span><span class="dl">"</span><span class="p">,</span> <span class="na">onPayment</span><span class="p">:</span> <span class="p">(</span><span class="nx">payment</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`💸 Received </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">amount</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">symbol</span><span class="p">}</span><span class="s2"> on </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">chain</span><span class="p">}</span><span class="s2">!`</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> </code></pre> </div> <h2> 📦 Supported Assets </h2> <p>Payx3 v2.0.0 supports a massive range of assets out of the box:</p> <ul> <li> <strong>Native:</strong> BTC, ETH, BNB, MATIC, AVAX, SOL.</li> <li> <strong>Layer 2s:</strong> Arbitrum (ARB), Optimism (OP).</li> <li> <strong>Stablecoins:</strong> USDT, USDC, DAI.</li> <li> <strong>DeFi &amp; More:</strong> WBTC, LINK, UNI, AAVE, SHIB.</li> <li> <strong>Custom Tokens:</strong> Watch <em>any</em> ERC-20 token by simply providing its contract address.</li> </ul> <h2> 🔒 Security First </h2> <p>We know that in crypto, security is everything.</p> <ol> <li> <strong>Read-Only Monitoring:</strong> The "watch" functions only require public addresses. You never need to expose your private keys to a live server to track payments.</li> <li> <strong>Stateless:</strong> payx3 doesn't store your data. You control your mnemonic and your infrastructure.</li> </ol> <h2> 💼 Open to Work </h2> <p>The creator of <strong>payx3</strong>, Susheel, is a blockchain enthusiast and developer currently open to new opportunities. If you’re looking for a freelancer or a full-time expert in <strong>Web3, Node.js, or Full-stack development</strong>, feel free to reach out!</p> <ul> <li> <strong>Email:</strong> <a href="mailto:susheelhbti@gmail.com">susheelhbti@gmail.com</a> </li> <li> <strong>NPM:</strong> <a href="https://www.npmjs.com/package/payx3" rel="noopener noreferrer">payx3 on npm</a> </li> </ul> <h2> Conclusion </h2> <p>Stop fighting with multiple libraries and inconsistent APIs. Whether you're a seasoned Web3 dev or just starting, <strong>payx3</strong> provides the streamlined workflow you've been looking for.</p> <p><strong>Ready to build?</strong> Check out the <a href="https://www.npmjs.com/package/payx3" rel="noopener noreferrer">(https://www.npmjs.com/package/payx3)</a> and start accepting payments today!</p> blockchain cryptocurrency showdev web3 payx3: Multi-Chain Crypto Payment SDK You've Been Waiting For susheel kumar Sun, 10 May 2026 13:35:58 +0000 https://forem.com/susheel_kumar_2041f5433d2/payx3-multi-chain-crypto-payment-sdk-youve-been-waiting-for-5f2k https://forem.com/susheel_kumar_2041f5433d2/payx3-multi-chain-crypto-payment-sdk-youve-been-waiting-for-5f2k <h2> The Problem </h2> <p>Every crypto payment integration follows the same painful pattern:</p> <ol> <li>Read blockchain docs for each chain</li> <li>Implement RPC calls</li> <li>Handle WebSocket reconnections</li> <li>Parse transaction data</li> <li>Calculate correct decimals (looking at you, BSC USDT with 18 decimals while everyone else uses 6)</li> <li>Build block explorer URLs</li> <li>Write confirmation logic</li> </ol> <p>And that's just <em>one</em> chain. What about the other 8 your client wants?</p> <h2> The Solution: payx3 </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">watchAll</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="k">await</span> <span class="nf">watchAll</span><span class="p">({</span> <span class="na">btcAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq</span><span class="dl">"</span><span class="p">,</span> <span class="na">evmAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xb2C65C9C98C2216099A37AF7FE12A93b8A37AFBd</span><span class="dl">"</span><span class="p">,</span> <span class="na">solAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">CbWki5xkrnde7TYj11jDWNEJ3h7bRTmk5Q22uANNfEt</span><span class="dl">"</span><span class="p">,</span> <span class="na">infuraKey</span><span class="p">:</span> <span class="dl">"</span><span class="s2">YOUR_KEY</span><span class="dl">"</span><span class="p">,</span> <span class="na">onPayment</span><span class="p">:</span> <span class="p">(</span><span class="nx">payment</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">amount</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">symbol</span><span class="p">}</span><span class="s2"> received on </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">chain</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// Fires for EVERYTHING: BTC, ETH, BNB, SOL, USDT, USDC...</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <p>One call. All chains. All tokens. Real-time.</p> <h2> What You Get </h2> <h3> 🔑 Wallet Generation </h3> <p>Generate a BIP-39 mnemonic and derive addresses for <strong>all supported chains</strong> simultaneously:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">generateMnemonic</span><span class="p">,</span> <span class="nx">deriveAll</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mnemonic</span> <span class="o">=</span> <span class="nf">generateMnemonic</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="c1">// 12 words</span> <span class="kd">const</span> <span class="nx">wallet</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">deriveAll</span><span class="p">(</span><span class="nx">mnemonic</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">bitcoin</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nx">address</span><span class="p">);</span> <span class="c1">// bc1... Native SegWit</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">evm</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> <span class="c1">// 0x... For ETH, BNB, MATIC, AVAX, ARB, OP</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">wallet</span><span class="p">.</span><span class="nx">solana</span><span class="p">.</span><span class="nx">address</span><span class="p">);</span> <span class="c1">// Solana address</span> </code></pre> </div> <h3> 👁️ Real-time Payment Watching </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Chain</th> <th>Native Token</th> <th>Supported Tokens</th> </tr> </thead> <tbody> <tr> <td>Bitcoin</td> <td>BTC</td> <td>—</td> </tr> <tr> <td>Ethereum</td> <td>ETH</td> <td>USDT, USDC, DAI, WBTC, WETH, LINK, UNI, AAVE, SHIB</td> </tr> <tr> <td>BNB Chain</td> <td>BNB</td> <td>USDT, USDC, DAI, LINK</td> </tr> <tr> <td>Polygon</td> <td>MATIC</td> <td>USDT, USDC, DAI, WBTC, WETH, LINK, UNI, AAVE</td> </tr> <tr> <td>Avalanche</td> <td>AVAX</td> <td>USDT, USDC, DAI, WBTC, WETH, LINK, AAVE</td> </tr> <tr> <td>Arbitrum</td> <td>ETH</td> <td>USDT, USDC, DAI, WBTC, WETH, LINK, UNI</td> </tr> <tr> <td>Optimism</td> <td>ETH</td> <td>USDT, USDC, DAI, WBTC, WETH, LINK</td> </tr> <tr> <td>Solana</td> <td>SOL</td> <td>Any SPL token</td> </tr> </tbody> </table></div> <h3> 🎯 Watch Any Custom ERC-20 </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">watchToken</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="nf">watchToken</span><span class="p">({</span> <span class="na">address</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0x...</span><span class="dl">"</span><span class="p">,</span> <span class="na">infuraKey</span><span class="p">:</span> <span class="dl">"</span><span class="s2">YOUR_KEY</span><span class="dl">"</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ETH</span><span class="dl">"</span><span class="p">,</span> <span class="na">contractAddress</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0x6982508145454Ce325dDbE47a25d4ec3d2311933</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// PEPE</span> <span class="na">decimals</span><span class="p">:</span> <span class="mi">18</span><span class="p">,</span> <span class="na">symbol</span><span class="p">:</span> <span class="dl">"</span><span class="s2">PEPE</span><span class="dl">"</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Pepe</span><span class="dl">"</span><span class="p">,</span> <span class="na">onPayment</span><span class="p">:</span> <span class="p">(</span><span class="nx">p</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">p</span><span class="p">.</span><span class="nx">amount</span><span class="p">}</span><span class="s2"> PEPE received!`</span><span class="p">),</span> <span class="p">});</span> </code></pre> </div> <h2> Payment Object </h2> <p>Every callback receives a consistent object regardless of chain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">{</span> <span class="nl">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Ethereum</span><span class="dl">"</span><span class="p">,</span> <span class="nx">chainSymbol</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ETH</span><span class="dl">"</span><span class="p">,</span> <span class="nx">symbol</span><span class="p">:</span> <span class="dl">"</span><span class="s2">USDT</span><span class="dl">"</span><span class="p">,</span> <span class="nx">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Tether USD</span><span class="dl">"</span><span class="p">,</span> <span class="nx">amount</span><span class="p">:</span> <span class="dl">"</span><span class="s2">100.50</span><span class="dl">"</span><span class="p">,</span> <span class="nx">txHash</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xa1b2c3...</span><span class="dl">"</span><span class="p">,</span> <span class="nx">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">unconfirmed</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// or "confirmed"</span> <span class="nx">explorerUrl</span><span class="p">:</span> <span class="dl">"</span><span class="s2">https://etherscan.io/tx/0xa1b2c3...</span><span class="dl">"</span><span class="p">,</span> <span class="nx">contract</span><span class="p">:</span> <span class="dl">"</span><span class="s2">0xdAC17F...</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// null for native coins</span> <span class="nx">timestamp</span><span class="p">:</span> <span class="mi">1715000000000</span><span class="p">,</span> <span class="nx">blockNumber</span><span class="p">:</span> <span class="mi">19500000</span> <span class="c1">// onConfirmed only</span> <span class="p">}</span> </code></pre> </div> <h2> CLI Tool </h2> <p>No code? No problem. Install globally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> payx3 </code></pre> </div> <p>Generate a wallet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>payx3 generate </code></pre> </div> <p>Watch for payments using <code>config.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"infuraKey"</span><span class="p">:</span><span class="w"> </span><span class="s2">"YOUR_INFURA_KEY"</span><span class="p">,</span><span class="w"> </span><span class="nl">"addresses"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"BTC"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bc1q..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"EVM"</span><span class="p">:</span><span class="w"> </span><span class="s2">"0x..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"SOL"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CbWk..."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>payx3 watch </code></pre> </div> <p>Or watch specific addresses inline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>payx3 watch <span class="nt">--btc</span> bc1q... <span class="nt">--evm</span> 0x... <span class="nt">--sol</span> CbWk... <span class="nt">--key</span> YOUR_INFURA_KEY </code></pre> </div> <h2> REST API Server </h2> <p>Run as a full API server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>node examples/server.js <span class="c"># Server running on http://localhost:3000</span> </code></pre> </div> <h3> Endpoints </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Endpoint</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>POST</code></td> <td><code>/wallet/create</code></td> <td>Generate wallet + addresses</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/btc</code></td> <td>Watch BTC address</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/eth</code></td> <td>Watch ETH</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/bnb</code></td> <td>Watch BNB</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/polygon</code></td> <td>Watch MATIC</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/avalanche</code></td> <td>Watch AVAX</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/arbitrum</code></td> <td>Watch ETH on Arbitrum</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/optimism</code></td> <td>Watch ETH on Optimism</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/sol</code></td> <td>Watch SOL + SPL tokens</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/usdt</code></td> <td>Watch USDT (any chain)</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/usdc</code></td> <td>Watch USDC (any chain)</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/token</code></td> <td>Watch any ERC-20</td> </tr> <tr> <td><code>POST</code></td> <td><code>/watch/all</code></td> <td>Watch everything at once</td> </tr> <tr> <td><code>GET</code></td> <td><code>/payments</code></td> <td>List all received payments</td> </tr> <tr> <td><code>DELETE</code></td> <td><code>/watch/:id</code></td> <td>Stop a watcher</td> </tr> </tbody> </table></div> <h2> Real-World Examples </h2> <h3> E-commerce Checkout </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">generateMnemonic</span><span class="p">,</span> <span class="nx">deriveAll</span><span class="p">,</span> <span class="nx">watchAll</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">createPaymentSession</span><span class="p">(</span><span class="nx">orderId</span><span class="p">,</span> <span class="nx">amountUSD</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Generate a fresh wallet for this order</span> <span class="kd">const</span> <span class="nx">mnemonic</span> <span class="o">=</span> <span class="nf">generateMnemonic</span><span class="p">(</span><span class="mi">128</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">wallet</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">deriveAll</span><span class="p">(</span><span class="nx">mnemonic</span><span class="p">);</span> <span class="c1">// Store mnemonic temporarily (in DB with orderId)</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">saveOrderWallet</span><span class="p">(</span><span class="nx">orderId</span><span class="p">,</span> <span class="nx">mnemonic</span><span class="p">);</span> <span class="c1">// Start watching</span> <span class="nf">watchAll</span><span class="p">({</span> <span class="na">btcAddress</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">bitcoin</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nx">address</span><span class="p">,</span> <span class="na">evmAddress</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">evm</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">solAddress</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">solana</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">infuraKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">INFURA_KEY</span><span class="p">,</span> <span class="na">onPayment</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">payment</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Mark order as paid</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">updateOrderStatus</span><span class="p">(</span><span class="nx">orderId</span><span class="p">,</span> <span class="dl">"</span><span class="s2">paid</span><span class="dl">"</span><span class="p">,</span> <span class="nx">payment</span><span class="p">);</span> <span class="c1">// Send confirmation email</span> <span class="k">await</span> <span class="nx">email</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">orderEmail</span><span class="p">,</span> <span class="s2">`Payment received: </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">amount</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">symbol</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// Trigger fulfillment webhook</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">fulfillmentUrl</span><span class="p">,</span> <span class="p">{</span> <span class="nx">orderId</span><span class="p">,</span> <span class="nx">payment</span> <span class="p">});</span> <span class="p">},</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="na">addresses</span><span class="p">:</span> <span class="p">{</span> <span class="na">BTC</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">bitcoin</span><span class="p">[</span><span class="mi">2</span><span class="p">].</span><span class="nx">address</span><span class="p">,</span> <span class="na">EVM</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">evm</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="na">SOL</span><span class="p">:</span> <span class="nx">wallet</span><span class="p">.</span><span class="nx">solana</span><span class="p">.</span><span class="nx">address</span><span class="p">,</span> <span class="p">},</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> Subscription Payments </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">watchUSDC</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">"</span><span class="s2">payx3</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// Watch for $50 USDC monthly subscription payments</span> <span class="nf">watchUSDC</span><span class="p">({</span> <span class="na">address</span><span class="p">:</span> <span class="nx">companyWallet</span><span class="p">,</span> <span class="na">infuraKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">INFURA_KEY</span><span class="p">,</span> <span class="na">chain</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ETH</span><span class="dl">"</span><span class="p">,</span> <span class="na">onPayment</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">payment</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nf">parseFloat</span><span class="p">(</span><span class="nx">payment</span><span class="p">.</span><span class="nx">amount</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="mi">50</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Find user by transaction sender</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">findUserByAddress</span><span class="p">(</span><span class="nx">payment</span><span class="p">.</span><span class="k">from</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Extend subscription by 30 days</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">extendSubscription</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="mi">30</span><span class="p">);</span> <span class="c1">// Send receipt</span> <span class="k">await</span> <span class="nx">email</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="s2">`Subscription renewed — </span><span class="p">${</span><span class="nx">payment</span><span class="p">.</span><span class="nx">amount</span><span class="p">}</span><span class="s2"> USDC`</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="p">});</span> </code></pre> </div> <h2> Why payx3? </h2> <h3> ✅ No Private Keys Needed </h3> <p>You never share private keys. The library only <strong>reads</strong> blockchain data. Your funds stay where they belong.</p> <h3> ✅ Automatic Decimal Handling </h3> <p>USDT has 6 decimals on Ethereum but 18 on BNB Chain. payx3 handles this automatically. You always get human-readable amounts.</p> <h3> ✅ Built-in Reconnection </h3> <p>WebSockets disconnect? payx3 reconnects automatically. Your payment detection never stops.</p> <h3> ✅ 0→1 in 5 Minutes </h3> <p>From <code>npm install</code> to watching payments on 8 chains. No blockchain experience required.</p> <h2> Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>payx3 </code></pre> </div> <p>Get a free Infura key: <a href="https://app.infura.io/register" rel="noopener noreferrer">https://app.infura.io/register</a></p> <h2> GitHub &amp; Documentation </h2> <p><strong><a href="https://github.com/susheelhbti/payx3" rel="noopener noreferrer">github.com/susheelhbti/payx3</a></strong></p> <ul> <li>Full API documentation</li> <li>Examples for every chain and token</li> <li>REST API server example</li> <li>MIT license — free for commercial use</li> </ul> <h2> Support the Project </h2> <p>If payx3 saves you development time, consider:</p> <p>⭐ <strong>Starring the repo</strong> on GitHub<br><br> 🐛 <strong>Reporting issues</strong> you find<br><br> 🔧 <strong>Submitting PRs</strong> for new chains or tokens<br><br> 💬 <strong>Sharing</strong> with other developers</p> <h2> About the Author </h2> <p>I'm Susheel, a blockchain developer available for freelance and full-time work.</p> <p>Need a custom integration? Multi-chain payment system? Web3 infrastructure?</p> <p>📧 <strong><a href="mailto:susheelhbti@gmail.com">susheelhbti@gmail.com</a></strong></p> blockchain javascript showdev web3 Introducing Sakshsky-Auth: Secure Passwordless Email Authentication for Node.js susheel kumar Sat, 12 Jul 2025 06:12:42 +0000 https://forem.com/susheel_kumar_2041f5433d2/introducing-sakshsky-auth-secure-passwordless-email-authentication-for-nodejs-20nc https://forem.com/susheel_kumar_2041f5433d2/introducing-sakshsky-auth-secure-passwordless-email-authentication-for-nodejs-20nc <p>In today's fast-paced digital world, traditional password-based authentication is increasingly seen as a vulnerability—prone to breaches, phishing, and user frustration. Enter passwordless authentication, a modern approach that leverages secure, one-time verification methods like email codes. At Sakshsky, we're excited to release <strong>sakshsky-auth</strong>, a lightweight Node.js package designed to make implementing robust, tamper-resistant email-based authentication simple and secure.</p> <p>Whether you're building a web app, API, or internal tool, sakshsky-auth handles the heavy lifting: generating verification codes, binding them to device fingerprints, and verifying incoming emails with built-in IMAP/POP3 monitoring. Let's dive into what makes this package a game-changer for developers prioritizing security without complexity.</p> <h2> Why Passwordless Authentication? </h2> <p>Passwords are a pain point. Users forget them, attackers crack them, and managing them securely requires hashing, salting, and constant updates. Passwordless systems, like those used by companies such as Slack or GitHub, shift the burden to trusted channels like email or biometrics.</p> <p>Sakshsky-auth focuses on email verification, enhanced with device fingerprinting to prevent common attacks like code interception or replay. It's ideal for apps where email is a primary identifier, offering a seamless user experience: Enter your email, get a code, send it back, and you're in—no passwords required.</p> <h2> Key Features </h2> <p>Sakshsky-auth is built with security and ease-of-use in mind. Here's what sets it apart:</p> <ul> <li> <strong>Passwordless Flow</strong>: Users initiate login with their email, receive a pre-filled verification email, and send it to complete auth.</li> <li> <strong>Device Fingerprinting</strong>: Collects session data (IP, UA, browser, etc.) to create a unique "fingerprint" bound to the code, reducing cross-device tampering risks.</li> <li> <strong>Tamper Detection</strong>: Uses salted SHA-256 hashes to verify email integrity—any alteration to the code or hash fails authentication.</li> <li> <strong>Built-in Email Monitoring</strong>: Supports IMAP and POP3 for real-time or polled inbox checking, with auto-protocol detection.</li> <li> <strong>Customizable Code Generation</strong>: Use the default UUID or provide your own generator for shorter/OTP-style codes.</li> <li> <strong>MongoDB Integration</strong>: Stores temporary verification records via Mongoose for easy expiry and cleanup.</li> <li> <strong>Socket.IO Support</strong>: Real-time notifications for successful verifications, perfect for live apps.</li> </ul> <p>The package is modular, lightweight (under 50KB installed), and has no external runtime dependencies beyond what's needed for your stack.</p> <h2> How It Works Under the Hood </h2> <ol> <li> <strong>Initiation</strong>: On login request, the package generates a code, collects a device fingerprint, salts and hashes it, and prepares a pre-filled email (using <code>mailto:</code> for client-side compose).</li> <li> <strong>Email Sending</strong>: The user sends the email with the code and hash.</li> <li> <strong>Verification</strong>: The package monitors the inbox (IMAP/IDLE for real-time or POP3/polling), parses incoming emails, extracts code/hash, rebuilds the hash from stored data, and checks for matches. On success, it triggers a callback (e.g., Socket.IO emit) and deletes the record.</li> <li> <strong>Security Checks</strong>: Expiry, sender match, and hash validation ensure safety.</li> </ol> <p>This flow minimizes attack surfaces while keeping things user-friendly.</p> <h2> Installation and Quick Start </h2> <p>Get started in minutes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>sakshsky-auth </code></pre> </div> <p>In your Node.js app (e.g., Express):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">http</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">socketIo</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">socket.io</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mongoose</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">path</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sakshskyInitLoginHandler</span><span class="p">,</span> <span class="nx">sakshskyStartAuthMonitor</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sakshsky-auth</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="nf">socketIo</span><span class="p">(</span><span class="nx">server</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">static</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">)));</span> <span class="c1">// Connect to MongoDB</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongodb://localhost:27017/emailAuth</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Define schemas</span> <span class="kd">const</span> <span class="nx">verificationSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">expiry</span><span class="p">:</span> <span class="nb">Date</span><span class="p">,</span> <span class="na">socketId</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">hashedFingerprint</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nb">String</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">Verification</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">Verification</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verificationSchema</span><span class="p">);</span> <span class="c1">// Login initiation route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/init-login</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">serverEmail</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">verify@yourdomain.com</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Your inbound email</span> <span class="k">await</span> <span class="nf">sakshskyInitLoginHandler</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">serverEmail</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Serve frontend</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> <span class="c1">// Dashboard (protect in production)</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Logged in!</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Email config</span> <span class="kd">const</span> <span class="nx">emailConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">imap.gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">993</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-inbox@gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="dl">'</span><span class="s1">app-password</span><span class="dl">'</span> <span class="p">};</span> <span class="c1">// Start monitor</span> <span class="nf">sakshskyStartAuthMonitor</span><span class="p">(</span><span class="nx">emailConfig</span><span class="p">,</span> <span class="p">(</span><span class="nx">verification</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">io</span><span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="nx">verification</span><span class="p">.</span><span class="nx">socketId</span><span class="p">).</span><span class="nf">emit</span><span class="p">(</span><span class="dl">'</span><span class="s1">verified</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">verification</span><span class="p">.</span><span class="nx">email</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server on port 3000</span><span class="dl">'</span><span class="p">));</span> </code></pre> </div> <h2> Detailed Example: Copy-Paste and Run </h2> <p>To help you get started quickly, here's a complete, copy-pasteable example. This includes a basic Express server, MongoDB setup, and a simple frontend HTML file. Save the server code as <code>server.js</code>, the HTML as <code>public/index.html</code>, and run <code>node server.js</code>.</p> <h3> Server Code (server.js) </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">http</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">http</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">socketIo</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">socket.io</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">path</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">path</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mongoose</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">sakshskyInitLoginHandler</span><span class="p">,</span> <span class="nx">sakshskyStartAuthMonitor</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">sakshsky-auth</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">http</span><span class="p">.</span><span class="nf">createServer</span><span class="p">(</span><span class="nx">app</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">io</span> <span class="o">=</span> <span class="nf">socketIo</span><span class="p">(</span><span class="nx">server</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">static</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">)));</span> <span class="c1">// Connect to MongoDB</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongodb://localhost:27017/emailAuth</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">useNewUrlParser</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">useUnifiedTopology</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">MongoDB connected</span><span class="dl">'</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">MongoDB error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">));</span> <span class="c1">// Define verification schema</span> <span class="kd">const</span> <span class="nx">verificationSchema</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nc">Schema</span><span class="p">({</span> <span class="na">email</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">expiry</span><span class="p">:</span> <span class="nb">Date</span><span class="p">,</span> <span class="na">socketId</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">hashedFingerprint</span><span class="p">:</span> <span class="nb">String</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nb">String</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">Verification</span> <span class="o">=</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">model</span><span class="p">(</span><span class="dl">'</span><span class="s1">Verification</span><span class="dl">'</span><span class="p">,</span> <span class="nx">verificationSchema</span><span class="p">);</span> <span class="c1">// Login initiation route</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/init-login</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">serverEmail</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">your-server-email@example.com</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// Replace with your inbound email</span> <span class="k">await</span> <span class="nf">sakshskyInitLoginHandler</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">serverEmail</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Serve frontend</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">sendFile</span><span class="p">(</span><span class="nx">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="nx">__dirname</span><span class="p">,</span> <span class="dl">'</span><span class="s1">public</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> <span class="c1">// Dashboard example</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Welcome to the dashboard! You are logged in.</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Email config (replace with your details)</span> <span class="kd">const</span> <span class="nx">emailConfig</span> <span class="o">=</span> <span class="p">{</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">imap.gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">port</span><span class="p">:</span> <span class="mi">993</span><span class="p">,</span> <span class="na">user</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-inbox@gmail.com</span><span class="dl">'</span><span class="p">,</span> <span class="na">pass</span><span class="p">:</span> <span class="dl">'</span><span class="s1">your-app-password</span><span class="dl">'</span> <span class="c1">// Use Gmail app password</span> <span class="p">};</span> <span class="c1">// Start auth monitor</span> <span class="nf">sakshskyStartAuthMonitor</span><span class="p">(</span><span class="nx">emailConfig</span><span class="p">,</span> <span class="p">(</span><span class="nx">verification</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">io</span><span class="p">.</span><span class="nf">to</span><span class="p">(</span><span class="nx">verification</span><span class="p">.</span><span class="nx">socketId</span><span class="p">).</span><span class="nf">emit</span><span class="p">(</span><span class="dl">'</span><span class="s1">verified</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">verification</span><span class="p">.</span><span class="nx">email</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server running on http://localhost:3000</span><span class="dl">'</span><span class="p">));</span> </code></pre> </div> <h3> Frontend Code (public/index.html) </h3> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="cp">&lt;!DOCTYPE html&gt;</span> <span class="nt">&lt;html</span> <span class="na">lang=</span><span class="s">"en"</span><span class="nt">&gt;</span> <span class="nt">&lt;head&gt;</span> <span class="nt">&lt;meta</span> <span class="na">charset=</span><span class="s">"UTF-8"</span><span class="nt">&gt;</span> <span class="nt">&lt;meta</span> <span class="na">name=</span><span class="s">"viewport"</span> <span class="na">content=</span><span class="s">"width=device-width, initial-scale=1.0"</span><span class="nt">&gt;</span> <span class="nt">&lt;title&gt;</span>Sakshsky Auth Example<span class="nt">&lt;/title&gt;</span> <span class="nt">&lt;script </span><span class="na">src=</span><span class="s">"/socket.io/socket.io.js"</span><span class="nt">&gt;&lt;/script&gt;</span> <span class="nt">&lt;/head&gt;</span> <span class="nt">&lt;body&gt;</span> <span class="nt">&lt;h1&gt;</span>Passwordless Email Login<span class="nt">&lt;/h1&gt;</span> <span class="nt">&lt;input</span> <span class="na">type=</span><span class="s">"email"</span> <span class="na">id=</span><span class="s">"email"</span> <span class="na">placeholder=</span><span class="s">"Your Email"</span> <span class="na">required</span><span class="nt">&gt;</span> <span class="nt">&lt;button</span> <span class="na">onclick=</span><span class="s">"initLogin()"</span><span class="nt">&gt;</span>Login<span class="nt">&lt;/button&gt;</span> <span class="nt">&lt;script&gt;</span> <span class="kd">const</span> <span class="nx">socket</span> <span class="o">=</span> <span class="nf">io</span><span class="p">();</span> <span class="kd">function</span> <span class="nf">initLogin</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">email</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">getElementById</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">).</span><span class="nx">value</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span><span class="p">)</span> <span class="k">return</span> <span class="nf">alert</span><span class="p">(</span><span class="dl">'</span><span class="s1">Enter email</span><span class="dl">'</span><span class="p">);</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/init-login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">email</span><span class="p">,</span> <span class="na">socketId</span><span class="p">:</span> <span class="nx">socket</span><span class="p">.</span><span class="nx">id</span> <span class="p">})</span> <span class="p">}).</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">()).</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="s2">`mailto:</span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">toEmail</span><span class="p">}</span><span class="s2">?subject=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">subject</span><span class="p">)}</span><span class="s2">&amp;body=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">body</span><span class="p">)}</span><span class="s2">`</span><span class="p">;</span> <span class="nx">socket</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">verified</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">alert</span><span class="p">(</span><span class="s2">`Logged in as </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">/dashboard</span><span class="dl">'</span><span class="p">;</span> <span class="p">});</span> <span class="p">}).</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nf">alert</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="nt">&lt;/script&gt;</span> <span class="nt">&lt;/body&gt;</span> <span class="nt">&lt;/html&gt;</span> </code></pre> </div> <p>Run <code>node server.js</code>, visit <code>http://localhost:3000</code>, enter an email, send the pre-filled message, and watch for the verification alert!</p> <h2> Security Considerations </h2> <p>While robust, email auth has limitations (e.g., inbox compromise). Sakshsky-auth mitigates with hashes and fingerprints, but for high-stakes apps, combine with 2FA or WebAuthn. Always use HTTPS, rate-limit requests, and monitor for anomalies.</p> <h2> Future Plans </h2> <p>We're planning support for SMS fallback, WebAuthn integration, and customizable fingerprints. Feedback welcome on GitHub!</p> <p>At Sakshsky, we're committed to secure, simple tools. Try sakshsky-auth today and let us know what you think!</p> Announcing Laravel API Resource Optimizer: Supercharge Your Laravel APIs susheel kumar Mon, 12 May 2025 08:51:31 +0000 https://forem.com/susheel_kumar_2041f5433d2/announcing-laravel-api-resource-optimizer-supercharge-your-laravel-apis-le7 https://forem.com/susheel_kumar_2041f5433d2/announcing-laravel-api-resource-optimizer-supercharge-your-laravel-apis-le7 <p>I'm thrilled to introduce <strong>Laravel API Resource Optimizer</strong>, a new open-source package designed to make your Laravel APIs faster, lighter, and more flexible. Whether you're building a REST API for a mobile app, a SaaS platform, or a microservices architecture, this package streamlines API development by enhancing Laravel's built-in API Resource classes with powerful optimization features.</p> <p>In this post, I'll walk you through what the package does, why it matters, and how you can start using it today to level up your Laravel APIs.</p> <h2> Why Laravel API Resource Optimizer? </h2> <p>Laravel's API Resources are fantastic for transforming Eloquent models into JSON responses, but they lack advanced optimization features out of the box. Developers often find themselves writing repetitive code to handle tasks like:</p> <ul> <li>Allowing clients to request specific fields to reduce payload size.</li> <li>Dynamically including related data without over-fetching.</li> <li>Caching responses to improve performance.</li> </ul> <p>The <strong>Laravel API Resource Optimizer</strong> package addresses these pain points by providing a drop-in solution that makes your APIs more efficient and developer-friendly. Built with performance and simplicity in mind, it’s compatible with Laravel 8.x, 9.x, and 10.x, and it’s ready to use in your next project.</p> <h2> Key Features </h2> <p>Here’s what makes this package stand out:</p> <ul> <li> <strong>Sparse Fieldsets</strong>: Let clients request only the fields they need (e.g., <code>GET /users?fields=id,name</code>), reducing response sizes and improving performance.</li> <li> <strong>Conditional Relationship Loading</strong>: Include related data on demand (e.g., <code>GET /users?include=posts</code>) to avoid unnecessary database queries.</li> <li> <strong>Response Caching</strong>: Cache API responses with configurable TTL to minimize server load and speed up requests.</li> <li> <strong>Schema Validation</strong>: Ensure requested fields and relationships are valid, enhancing security and reliability.</li> <li> <strong>Rate-Limiting</strong>: Protect your API with built-in throttling to prevent abuse.</li> </ul> <p>These features are designed to work seamlessly with Laravel’s ecosystem, leveraging familiar conventions and requiring minimal setup.</p> <h2> Getting Started </h2> <p>Installing and using the package is a breeze. Here’s a quick guide to get you up and running.</p> <h3> Installation </h3> <p>Install the package via Composer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer require sakshsky/laravel-api-optimizer </code></pre> </div> <p>Optionally, publish the configuration file to customize settings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan vendor:publish <span class="nt">--provider</span><span class="o">=</span><span class="s2">"Sakshsky</span><span class="se">\A</span><span class="s2">piOptimizer</span><span class="se">\A</span><span class="s2">piOptimizerServiceProvider"</span> </code></pre> </div> <p>The configuration file (<code>config/api-optimizer.php</code>) lets you tweak options like cache duration and default fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">return</span> <span class="p">[</span> <span class="s1">'cache_ttl'</span> <span class="o">=&gt;</span> <span class="mi">60</span><span class="p">,</span> <span class="c1">// Cache responses for 60 seconds</span> <span class="s1">'default_fields'</span> <span class="o">=&gt;</span> <span class="p">[</span><span class="s1">'id'</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">],</span> <span class="s1">'max_nesting_depth'</span> <span class="o">=&gt;</span> <span class="mi">3</span><span class="p">,</span> <span class="s1">'rate_limit'</span> <span class="o">=&gt;</span> <span class="s1">'60,1'</span><span class="p">,</span> <span class="c1">// 60 requests per minute</span> <span class="p">];</span> </code></pre> </div> <h3> Creating an Optimized Resource </h3> <p>Extend the <code>OptimizedResource</code> class to define your API resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Http\Resources</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Sakshsky\ApiOptimizer\OptimizedResource</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">UserResource</span> <span class="kd">extends</span> <span class="nc">OptimizedResource</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$allowedFields</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'id'</span><span class="p">,</span> <span class="s1">'name'</span><span class="p">,</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'created_at'</span><span class="p">];</span> <span class="k">protected</span> <span class="nv">$allowedIncludes</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'posts'</span><span class="p">];</span> <span class="k">public</span> <span class="k">function</span> <span class="n">toArray</span><span class="p">(</span><span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'id'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">,</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">name</span><span class="p">,</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">email</span><span class="p">,</span> <span class="s1">'created_at'</span> <span class="o">=&gt;</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">created_at</span><span class="p">,</span> <span class="s1">'posts'</span> <span class="o">=&gt;</span> <span class="nc">PostResource</span><span class="o">::</span><span class="nf">collection</span><span class="p">(</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">whenLoaded</span><span class="p">(</span><span class="s1">'posts'</span><span class="p">)),</span> <span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Using in a Controller </h3> <p>Use the resource in your controller like any Laravel API Resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">namespace</span> <span class="nn">App\Http\Controllers</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Http\Resources\UserResource</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\User</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">UserController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">index</span><span class="p">()</span> <span class="p">{</span> <span class="nv">$users</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">query</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">paginate</span><span class="p">();</span> <span class="k">return</span> <span class="nc">UserResource</span><span class="o">::</span><span class="nf">collection</span><span class="p">(</span><span class="nv">$users</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Example API Requests </h3> <p>Here’s what you can do with the package:</p> <ol> <li> <strong>Fetch all fields</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> GET /api/users </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"John Doe"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"john@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"created_at"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-05-12T12:00:00Z"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <ol> <li> <strong>Request specific fields</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> GET /api/users?fields<span class="o">=</span><span class="nb">id</span>,name </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"John Doe"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <ol> <li> <strong>Include relationships</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> GET /api/users?include<span class="o">=</span>posts </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"John Doe"</span><span class="p">,</span><span class="w"> </span><span class="nl">"email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"john@example.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"posts"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"My First Post"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <h3> Applying Middleware </h3> <p>The package includes an <code>api-optimizer</code> middleware to parse query parameters. Apply it to your routes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'api-optimizer'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">group</span><span class="p">(</span><span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">resource</span><span class="p">(</span><span class="s1">'users'</span><span class="p">,</span> <span class="nc">UserController</span><span class="o">::</span><span class="n">class</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> Why This Package Matters </h2> <p>In today’s API-driven world, performance and flexibility are critical. Clients—whether mobile apps or web frontends—expect fast, tailored responses. By supporting sparse fieldsets and conditional includes, <strong>Laravel API Resource Optimizer</strong> reduces payload sizes and database queries, leading to faster responses and lower server costs. The caching feature is a game-changer for high-traffic APIs, and the schema validation ensures your endpoints stay secure.</p> <p>Plus, it’s built with Laravel’s developer experience in mind. You don’t need to rewrite your existing resources or learn a new paradigm—just extend <code>OptimizedResource</code> and start optimizing.</p> <h2> What’s Next? </h2> <p>This is just the beginning for <strong>Laravel API Resource Optimizer</strong>. Future updates may include:</p> <ul> <li> <strong>GraphQL-like Query Support</strong>: Allow structured queries (e.g., <code>?query={id,name,posts{id,title}}</code>) for even more flexibility.</li> <li> <strong>Response Compression</strong>: Compress responses to further reduce payload sizes.</li> <li> <strong>OpenAPI Integration</strong>: Generate Swagger documentation for optimized resources.</li> <li> <strong>Multi-Tenancy Support</strong>: Optimize APIs for SaaS applications.</li> </ul> <p>I’m excited to hear your feedback and ideas for new features. If you have suggestions, feel free to open an issue or submit a pull request!</p> <h2> Contribute and Connect </h2> <p><strong>Laravel API Resource Optimizer</strong> is open-source under the MIT License, and contributions are welcome! Whether you’re fixing bugs, adding features, or improving documentation, your help will make this package even better.</p> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/sakshsky/laravel-api-optimizer" rel="noopener noreferrer">github.com/sakshsky/laravel-api-optimizer</a> </li> <li> <strong>Packagist</strong>: <a href="https://packagist.org/packages/sakshsky/laravel-api-optimizer" rel="noopener noreferrer">packagist.org/packages/sakshsky/laravel-api-optimizer</a> </li> <li> <strong>Issues</strong>: <a href="https://github.com/sakshsky/laravel-api-optimizer/issues" rel="noopener noreferrer">github.com/sakshsky/laravel-api-optimizer/issues</a> </li> <li> <strong>X</strong>: Follow me at <a href="https://x.com/sakshsky" rel="noopener noreferrer">@sakshsky</a> for updates</li> </ul> <p>To get started, check out the <a href="https://github.com/sakshsky/laravel-api-optimizer/blob/main/CONTRIBUTING.md" rel="noopener noreferrer">CONTRIBUTING.md</a> file for guidelines.</p> <h2> Try It Today </h2> <p>Ready to supercharge your Laravel APIs? Install <strong>Laravel API Resource Optimizer</strong> and see the difference for yourself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer require sakshsky/laravel-api-optimizer </code></pre> </div> <p>I can’t wait to see how you use this package in your projects. Share your experiences, success stories, or questions on <a href="https://x.com/sakshsky" rel="noopener noreferrer">X</a> with the hashtag <code>#LaravelApiOptimizer</code>, or drop a comment below.</p> <p>Happy coding, and let’s make Laravel APIs faster together!</p> <p><em>If you enjoyed this post, please share it with the Laravel community and star the <a href="https://github.com/sakshsky/laravel-api-optimizer" rel="noopener noreferrer">GitHub repository</a>. Stay tuned for more updates!</em></p> Introducing Saksh Wallet: A Simple Wallet System for Laravel susheel kumar Mon, 12 May 2025 08:14:25 +0000 https://forem.com/susheel_kumar_2041f5433d2/introducing-saksh-wallet-a-simple-wallet-system-for-laravel-46oa https://forem.com/susheel_kumar_2041f5433d2/introducing-saksh-wallet-a-simple-wallet-system-for-laravel-46oa <p>Are you building a Laravel application that needs to manage user wallets, handle transactions, or track balances across multiple currencies? Look no further! I’m thrilled to announce the release of <strong><code>sakshsky/saksh-wallet</code></strong>, a lightweight, open-source Laravel package designed to simplify wallet functionality with a clean and intuitive API. Whether you’re creating an e-commerce platform, a freelance marketplace, or a gaming app, Saksh Wallet has you covered.</p> <p>In this post, I’ll walk you through what Saksh Wallet is, its key features, how to install and use it, and why it’s a great addition to your Laravel projects. Let’s dive in!</p> <h2> What is Saksh Wallet? </h2> <p>Saksh Wallet is a Laravel package that provides a robust and flexible wallet system for managing user transactions and balances. Built with Laravel 12 in mind, it leverages two database tables—<code>wallet_transactions</code> for transaction history and <code>balances</code> for current balances—to deliver a performant and scalable solution. The package is open-source, licensed under MIT, and available on Packagist at <a href="https://packagist.org/packages/sakshsky/saksh-wallet" rel="noopener noreferrer">sakshsky/saksh-wallet</a>.</p> <p>Whether you need to credit funds, debit with fees, or retrieve balance summaries, Saksh Wallet offers a straightforward API that integrates seamlessly into your Laravel application.</p> <h2> Key Features </h2> <p>Saksh Wallet is designed to be simple yet powerful. Here’s what it offers:</p> <ul> <li> <strong>Dual-Table Architecture</strong>: Uses <code>wallet_transactions</code> for tracking every credit and debit and <code>balances</code> for instant balance queries, ensuring performance and reliability.</li> <li> <strong>Multi-Currency Support</strong>: Handle transactions in any currency (e.g., USD, EUR, GBP) with per-currency balance tracking.</li> <li> <strong>Secure User Association</strong>: Links transactions and balances to users via <code>user_id</code> with foreign key constraints for data integrity.</li> <li> <strong>Flexible Transactions</strong>: Supports credits, debits with optional fees, references, and descriptions for detailed transaction records.</li> <li> <strong>Integrity Verification</strong>: Includes an Artisan command (<code>saksh-wallet:verify</code>) to check balance consistency against transaction history.</li> <li> <strong>Comprehensive Tests</strong>: Comes with PHPUnit tests to ensure reliability and ease of contribution.</li> <li> <strong>Open-Source Ready</strong>: Includes <code>.gitignore</code>, <code>.gitattributes</code>, <code>CONTRIBUTING.md</code>, and <code>CHANGELOG.md</code> for a complete package.</li> </ul> <p>Whether you’re managing in-game currencies, processing payments, or tracking user funds, Saksh Wallet provides the tools you need with minimal setup.</p> <h2> Why Choose Saksh Wallet? </h2> <p>There are several wallet packages for Laravel, like <code>bavix/laravel-wallet</code>, but Saksh Wallet stands out for its simplicity and focus on core functionality. Here’s why it’s worth considering:</p> <ul> <li> <strong>Lightweight</strong>: Minimal dependencies and a clean codebase make it easy to integrate and maintain.</li> <li> <strong>Performant</strong>: The <code>balances</code> table ensures O(1) balance queries, ideal for high-traffic applications.</li> <li> <strong>Developer-Friendly</strong>: Intuitive methods like <code>addFunds</code>, <code>deductFunds</code>, and <code>getBalance</code> make development a breeze.</li> <li> <strong>Extensible</strong>: Built with Laravel conventions, it’s easy to extend for custom features like transaction reversals or payment gateway integration.</li> <li> <strong>Open-Source</strong>: Licensed under MIT, it’s free to use and welcomes contributions from the community.</li> </ul> <h2> Installation </h2> <p>Getting started with Saksh Wallet is quick and easy. Follow these steps to add it to your Laravel 12 project:</p> <ol> <li> <strong>Install via Composer</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> composer require sakshsky/saksh-wallet </code></pre> </div> <ol> <li> <strong>Publish Migrations</strong>: The package includes a single migration to create the <code>wallet_transactions</code> and <code>balances</code> tables: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> php artisan vendor:publish <span class="nt">--tag</span><span class="o">=</span>saksh-wallet-migrations </code></pre> </div> <ol> <li> <strong>Run Migrations</strong>: Apply the migrations to set up the database schema: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> php artisan migrate </code></pre> </div> <p>That’s it! Your Laravel application is now ready to manage wallets.</p> <p><strong>Note</strong>: Ensure your <code>users</code> table exists (standard in Laravel) and contains at least one user, as the package uses <code>user_id</code> with foreign key constraints.</p> <h2> Usage </h2> <p>Saksh Wallet provides a simple API for managing wallet operations. Here’s how you can use it in your Laravel application:</p> <h3> Example: Controller Setup </h3> <p>Create a controller to handle wallet operations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Http\Controllers</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Saksh\Wallet\Services\SakshWallet</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Http\Request</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Facades\Auth</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">WalletController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="k">protected</span> <span class="nv">$wallet</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="kt">SakshWallet</span> <span class="nv">$wallet</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">wallet</span> <span class="o">=</span> <span class="nv">$wallet</span><span class="p">;</span> <span class="p">}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">manageWallet</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nv">$userId</span> <span class="o">=</span> <span class="nc">Auth</span><span class="o">::</span><span class="nf">id</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$userId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="s1">'User not authenticated'</span><span class="p">],</span> <span class="mi">401</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Credit 500 USD</span> <span class="nv">$creditResult</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">wallet</span><span class="o">-&gt;</span><span class="nf">addFunds</span><span class="p">(</span> <span class="nv">$userId</span><span class="p">,</span> <span class="mi">500</span><span class="p">,</span> <span class="s1">'USD'</span><span class="p">,</span> <span class="s1">'ref123'</span><span class="p">,</span> <span class="s1">'Salary payment'</span> <span class="p">);</span> <span class="c1">// Debit 200 USD with a 5 USD fee</span> <span class="nv">$debitResult</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">wallet</span><span class="o">-&gt;</span><span class="nf">deductFunds</span><span class="p">(</span> <span class="nv">$userId</span><span class="p">,</span> <span class="mi">200</span><span class="p">,</span> <span class="s1">'USD'</span><span class="p">,</span> <span class="s1">'ref124'</span><span class="p">,</span> <span class="s1">'Grocery shopping'</span><span class="p">,</span> <span class="mi">5</span> <span class="p">);</span> <span class="c1">// Get balance for USD</span> <span class="nv">$balance</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">wallet</span><span class="o">-&gt;</span><span class="nf">getBalance</span><span class="p">(</span><span class="nv">$userId</span><span class="p">,</span> <span class="s1">'USD'</span><span class="p">);</span> <span class="c1">// Get balance summary across all currencies</span> <span class="nv">$summary</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">wallet</span><span class="o">-&gt;</span><span class="nf">sakshGetBalanceSummary</span><span class="p">(</span><span class="nv">$userId</span><span class="p">);</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">([</span> <span class="s1">'credit'</span> <span class="o">=&gt;</span> <span class="nv">$creditResult</span><span class="p">,</span> <span class="s1">'debit'</span> <span class="o">=&gt;</span> <span class="nv">$debitResult</span><span class="p">,</span> <span class="s1">'balance'</span> <span class="o">=&gt;</span> <span class="nv">$balance</span><span class="p">,</span> <span class="s1">'summary'</span> <span class="o">=&gt;</span> <span class="nv">$summary</span><span class="p">,</span> <span class="p">]);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nc">\Exception</span> <span class="nv">$e</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">response</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">json</span><span class="p">([</span><span class="s1">'error'</span> <span class="o">=&gt;</span> <span class="nv">$e</span><span class="o">-&gt;</span><span class="nf">getMessage</span><span class="p">()],</span> <span class="mi">400</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Define Routes </h3> <p>Add a route to access the wallet functionality (e.g., in <code>routes/api.php</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">use</span> <span class="nc">App\Http\Controllers\WalletController</span><span class="p">;</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/wallet'</span><span class="p">,</span> <span class="p">[</span><span class="nc">WalletController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="s1">'manageWallet'</span><span class="p">])</span><span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'auth'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'wallet.manage'</span><span class="p">);</span> </code></pre> </div> <h3> Example Output </h3> <p>Visiting <code>/wallet</code> (with an authenticated user) might return:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"credit"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Credited 500 USD. New balance is 500"</span><span class="p">,</span><span class="w"> </span><span class="nl">"debit"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Debited 200 USD. New balance is 295"</span><span class="p">,</span><span class="w"> </span><span class="nl">"balance"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"user_id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"currency"</span><span class="p">:</span><span class="w"> </span><span class="s2">"USD"</span><span class="p">,</span><span class="w"> </span><span class="nl">"balance"</span><span class="p">:</span><span class="w"> </span><span class="mi">295</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"summary"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"user_id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"balance"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"USD"</span><span class="p">:</span><span class="w"> </span><span class="mi">295</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Verify Wallet Integrity </h3> <p>Run the included Artisan command to ensure balances match transaction history:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan saksh-wallet:verify </code></pre> </div> <p>This command checks for discrepancies and is useful for debugging or auditing.</p> <h2> Use Cases </h2> <p>Saksh Wallet is versatile and can be used in various scenarios:</p> <ul> <li> <strong>E-commerce</strong>: Allow customers to maintain a wallet for quick checkouts or refunds.</li> <li> <strong>Freelance Platforms</strong>: Manage payments to freelancers with platform fees.</li> <li> <strong>Gaming Apps</strong>: Handle in-game currencies for purchases or rewards.</li> <li> <strong>Financial Apps</strong>: Track user funds for budgeting or investment platforms.</li> </ul> <p>The package’s multi-currency support makes it ideal for global applications, while its simple API ensures developers can integrate it quickly.</p> How Solidity Gas Saver Reduces Your Ethereum Costs 🚀 susheel kumar Wed, 02 Apr 2025 08:26:03 +0000 https://forem.com/susheel_kumar_2041f5433d2/how-solidity-gas-saver-reduces-your-ethereum-costs-2963 https://forem.com/susheel_kumar_2041f5433d2/how-solidity-gas-saver-reduces-your-ethereum-costs-2963 <h2> Introduction </h2> <p>Gas fees are one of the biggest challenges for Ethereum developers. Every transaction consumes gas, and inefficient smart contracts can result in unnecessarily high fees. To solve this, I’ve built <strong>Solidity Gas Saver</strong>, an npm package that provides optimized Solidity contracts to help reduce gas costs while maintaining functionality.</p> <h2> Why Gas Optimization Matters </h2> <p>Ethereum operates on a gas-based fee model, where every computation, storage operation, and transaction costs gas. Optimizing Solidity code can:</p> <ul> <li>Reduce contract execution costs</li> <li>Lower user fees for dApps</li> <li>Improve transaction speeds by minimizing computational overhead</li> </ul> <h2> How Solidity Gas Saver Works </h2> <p>The <strong>Solidity Gas Saver</strong> package includes several powerful contracts and libraries:</p> <h3> 1️⃣ GasEfficientMath </h3> <p>This library optimizes arithmetic operations by utilizing unchecked Solidity blocks, reducing gas costs for operations like multiplication and addition.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>uint256 result = GasEfficientMath.mul(5, 10); // More efficient than default Solidity math </code></pre> </div> <h3> 2️⃣ BatchExecutor </h3> <p>BatchExecutor allows multiple contract calls to be executed in a single transaction, reducing redundant gas costs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>batchExecutor.execute([call1, call2, call3]); </code></pre> </div> <h3> 3️⃣ GasOptimizedTokenTransfer </h3> <p>Token transfers can be optimized by reducing redundant operations, making ERC-20 transactions cheaper.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>token.transferOptimized(recipient, amount); </code></pre> </div> <h2> How to Use Solidity Gas Saver </h2> <h3> Install the Package </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>solidity-gas-saver </code></pre> </div> <h3> Import and Use in Your Smart Contracts </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import "solidity-gas-saver/contracts/GasEfficientMath.sol"; </code></pre> </div> <h3> Deploy Optimized Contracts </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx hardhat run scripts/deploy.js <span class="nt">--network</span> goerli </code></pre> </div> <h2> Who Can Benefit? </h2> <ul> <li> <strong>DeFi Developers</strong> building gas-efficient protocols</li> <li> <strong>dApp Creators</strong> looking to minimize costs for users</li> <li> <strong>Smart Contract Developers</strong> who want optimized Solidity functions</li> </ul> <h2> Conclusion </h2> <p>The <strong>Solidity Gas Saver</strong> package is designed to help developers write more efficient smart contracts, reducing gas fees and improving overall performance. 🚀</p> <p>👉 <strong>Try it now:</strong> <a href="https://www.npmjs.com/package/solidity-gas-saver" rel="noopener noreferrer">Solidity Gas Saver on npm</a></p>