Email and password example with 2FA in SvelteKit

Built with SQLite.

Emails are just logged to the console. Rate limiting is implemented using JavaScript Map.

Initialize project

Create sqlite.db and run setup.sql.

sqlite3 sqlite.db

Create a .env file. Generate a 128 bit (16 byte) string, base64 encode it, and set it as ENCRYPTION_KEY.

ENCRYPTION_KEY="L9pmqRJnO1ZJSQ2svbHuBA=="

You can use OpenSSL to quickly generate a secure key.
openssl rand --base64 16

Install dependencies and run the application:

pnpm i
pnpm dev

We do not consider user enumeration to be a real vulnerability so please don't open issues on it. If you really need to prevent it, just don't use emails.
This example does not handle unexpected errors gracefully.
There are some major code duplications (specifically for 2FA) to keep the codebase simple.
TODO: You may need to rewrite some queries and use transactions to avoid race conditions when using MySQL, Postgres, etc.
TODO: This project relies on the X-Forwarded-For header for getting the client's IP address.
TODO: Logging should be implemented.

Name		Name	Last commit message	Last commit date
Latest commit History 31 Commits
src		src
static		static
.env.example		.env.example
.gitignore		.gitignore
.npmrc		.npmrc
.prettierignore		.prettierignore
.prettierrc		.prettierrc
LICENSE		LICENSE
README.md		README.md
package.json		package.json
pnpm-lock.yaml		pnpm-lock.yaml
setup.sql		setup.sql
svelte.config.js		svelte.config.js
tsconfig.json		tsconfig.json
vite.config.ts		vite.config.ts