guardo
A complete authentication engine for Node.js and Next.js. OTP login, JWT tokens, multi-device sessions, and middleware - wired together so you don’t have to.
Production-Ready · TypeScript · v1.4.0
npm install guardoA full OTP login flow in three steps - no config needed to try it:
auth.ts
import { createAuth } from "guardo";
const auth = createAuth({
jwt: { secret: process.env.JWT_SECRET! },
});
// 1. Send a one-time code
await auth.otp.send({ identifier: "user@example.com" });
// 2. Verify it and log in
const { user, accessToken, refreshToken, sessionId } =
await auth.auth.loginWithOtp({
identifier: "user@example.com",
otp: "123456",
});
// 3. Protect routes
app.get("/me", auth.middleware.express(), (req, res) => {
// req.user is the decoded JWT payload unless `resolveUser` is configured
res.json(req.user);
});Features
◉ OTP Login - email or SMS codes⬡ JWT Tokens - access + refresh, with rotation▤ Sessions - multi-device, per-device revoke◆ Middleware - Express, Fastify & Next.js▦ Pluggable Storage - Memory or Redis◷ Rate Limiting - per-identifier and per-IP◈ Events - typed lifecycle hooks● Cookie Mode - httpOnly token transport
Only jwt.secret is required. Everything else has a sensible default, so you
can be running in seconds and harden later.
Where to next
- Installation - add guardo to your project
- Quick Start - a complete login flow
- Configuration - every option on
createAuth()