Skip to content
This repository was archived by the owner on Jan 8, 2026. It is now read-only.

Releases: Grenish/authrix

Authrix v2.1.0

Choose a tag to compare

@Grenish Grenish released this 15 Aug 11:06
e51feaf

Authrix Release Notes — API Simplification & Critical Bug Fixes

This release delivers major stability improvements, critical bug fixes, and the first phase of our Email Services API and Core Auth API simplification.
It focuses on unifying duplicate code paths, fixing security-sensitive issues, and improving developer experience, while preserving backward compatibility via shims and one‑time warnings.


Highlights

🔒 Critical Security & Stability Fixes

  • Password Pepper Stability (Dev/Test) — Pepper now deterministically derived from JWT_SECRET if env pepper missing, preventing post‑restart sign‑in failures during development. Production still requires explicit AUTHRIX_PASSWORD_PEPPER.
  • Hashed Passwords for SSO Users — Random passwords generated for SSO accounts are now securely hashed before DB storage; user records also track authMethod and authProvider.
  • PostgreSQL Schema Updatesfull_name and profile_picture columns (plus optional auth_method and auth_provider) added to match Mongo adapter and persist extra profile fields.
  • Cookie Unit Normalization — Fixed maxAge seconds/milliseconds mismatch in Set-Cookie headers for predictable expiry across frameworks.
  • Middleware Signature Validation — Structural JWT checks now enforce signature verification if secret configured.

📧 Email Services API Unification

  • Single EmailServiceRegistry replaces multiple registries; setDefault() ensures consistent default resolution.
  • New explicit initialization:
    initEmailServices({
      defaultEmailService: 'resend',
      providers: { resend: {...}, sendgrid: {...} }
    })
  • Normalized types (SendEmailOptions, EmailMetadata, EmailServiceCapabilities) and environment validation across providers.
  • Side‑effect–free imports (no auto‑init) for cleaner application bootstraps.

⚙️ Core Auth API Consolidation

  • New grouped namespace:
    • auth.actions (signup, signin, logout)
    • auth.session (getUser, isAuthenticated)
    • auth.handlers (factory route handlers)
  • Legacy flat exports remain with one‑time deprecation warnings; full migration doc provided.

Developer Experience Improvements

  • Reduced inline comment noise; concise TSDoc added for public APIs to improve IDE hover help.
  • Deterministic default email service selection (resend > sendgrid > gmail > smtp > console) when only environment configuration provided.
  • Centralized registry and cookie helpers reduce configuration complexity.

Migration Notes

  • Email: Prefer initEmailServices() or pass email config via initAuth(). Legacy initializeEmailServices calls still work but warn.
  • Auth Actions: Update imports to auth.actions.* and auth.session.* where possible. Old Next/App/Pages-specific exports map directly.
  • PostgreSQL: Apply provided ALTER TABLE snippet to add missing columns for profile and auth method/provider fields.
  • Env Vars: Set AUTHRIX_PASSWORD_PEPPER (required in prod) and JWT_SECRET. In dev, missing pepper falls back to deterministic derivation.

Status

  • Critical fixes complete for pepper stability, SSO hashing, Postgres fields, cookie expiry, and JWT signature enforcement.
  • Email and core API unification Phase 1 complete; shims ensure non-breaking transition.
  • Upcoming: Enhanced provider diagnostics, logging unification, rolling session refresh option, and migration doc for API simplification.

Recommended Action:
Upgrade promptly to benefit from security and stability fixes. Apply the Postgres migration if applicable, update environment variables, and begin transitioning to the unified auth and initEmailServices APIs.

Authrix v2.0.3

Choose a tag to compare

@Grenish Grenish released this 12 Aug 09:46
4b65887
  • New Features

    • Major password/security utilities added: Argon2-first hashing, verification with transparent rehash, policy-driven validation, secure password generator, rehash detection, and rate-limiting/pepper protections. Public APIs now expose these helpers.
    • Sign-in now transparently upgrades stored password hashes when supported.
  • Tests

    • Expanded password/security test suite and added test helpers.
    • New test scripts: security and performance.
  • Chores

    • Version bump to 2.0.3; added argon2 dependency.

Authrix v2.0.2

Choose a tag to compare

@Grenish Grenish released this 12 Aug 08:45
45c0271

What's Changed

  • New Features

    • Unified SSO URL generation across providers, plus helpers to fetch single or all auth URLs and handle callbacks.
    • Flexible Next.js auth helpers that work across App Router, Pages, and Middleware.
    • Added a universalAuth aggregator for framework-agnostic auth operations.
  • Refactor

    • Standardized cookie handling and token extraction; safer encoding/decoding.
    • Centralized React API calls with consistent error handling; clearer universal auth error messages.
  • Documentation

    • Added contributor instructions and best practices.
  • Chores

    • Introduced a post-build trim to reduce package size; version bumped to 2.0.2.
  • Package Size Optimization

    • Reduced the package size from 117.5 kB to 106.5 kB, achieving an approximate 9.36% decrease.
    • Reduced the unpacked size from 497.9 kB to 438.8 kB, resulting in an approximate 11.87% decrease.

Authrix v2.0.1

Choose a tag to compare

@Grenish Grenish released this 11 Aug 17:01
6444e8d
  • New Features

    • Added Prisma adapter.
    • Expanded SSO: Apple, Discord, Facebook, LinkedIn, X, plus enhanced Google/GitHub.
    • Introduced SMS-based 2FA and multiple email services (Gmail, SendGrid, Resend, SMTP, Console) with discovery.
    • Next.js: ready-to-use API handlers and flexible helpers.
    • Upgraded signup/signin/logout, session APIs, and cross‑framework auth middleware.
    • Rebuilt Forgot Password with 2FA and rate limiting.
  • Improvements

    • Mongo/PostgreSQL adapters support fullName/profilePicture and clearer duplicate handling.
    • Centralized email verification with resend and cleanup utilities.
    • Streamlined OAuth exports and utilities.
  • Chores

    • Removed legacy example endpoints/components.
    • Bumped version to 2.0.1.

Authrix v2.0.0

Choose a tag to compare

@Grenish Grenish released this 17 Jul 08:23
0928cf4

Bug Fixes

  • Enhanced validation for email and username uniqueness.
  • Standardized normalization across authentication adapter

New Features

  • PostgreSQL Support: Added comprehensive PostgreSQL adapter with support for 2FA, user profile fields, and credential validation.
  • 2FA & Email Verification: Full two-factor authentication and verification flows implemented, compatible with Gmail, Resend, SendGrid, SMTP, and CLI-based mailing.
  • SSO (Single Sign-On): Integrated Google and GitHub OAuth with Express and Next.js middleware helpers.
  • Forgot Password: Implemented secure password recovery via code-based and temporary password strategies.
  • Extended User Schema: Optional support for username, first name, and last name fields.

Documentation

  • Major documentation overhaul: added in-depth guides for 2FA, SSO, PostgreSQL adapter, and Express/Next.js integration.
  • Expanded the README to serve as a full manual.

Refactor

  • Deprecated and removed Firebase and Supabase adapter support, along with associated tests and dependencies.
  • Reorganized export structure and utility functions for SSO, password recovery, and Next.js usage.

Chores

  • Updated TypeScript configuration for better module isolation and performance.
  • Synchronized peer dependencies with updated provider implementations.

What's Changed

Full Changelog: prod...factor-auth

authrix v1.0.4

Choose a tag to compare

@Grenish Grenish released this 15 Jul 10:59
3b3d046
  • Secure JWT Authentication
  • HttpOnly Cookie Support
  • Flexible Middleware
  • Fixed NextJs detection
  • Fixed edge runtime error
  • Optimized api endpoints
  • Minimize the bundle size

What's Changed

New Contributors

Full Changelog: https://github.com/Grenish/authrix/commits/prod