@zod-vault/server
Self-hostable backend with Hono and SQLite.
Server Setup
Section titled “Server Setup”import { createServer } from "@zod-vault/server";
const server = createServer({ jwtSecret: process.env.JWT_SECRET, dbPath: "./data/vault.db",});
server.listen(3000);Environment Variables
Section titled “Environment Variables”| Variable | Required | Default | Description |
|---|---|---|---|
JWT_SECRET | Yes | - | Secret for JWT signing |
JWT_ISSUER | No | zod-vault | JWT issuer claim |
JWT_ACCESS_EXPIRY | No | 15m | Access token expiry |
JWT_REFRESH_EXPIRY | No | 7d | Refresh token expiry |
DB_PATH | No | ./data/vault.db | SQLite path |
PORT | No | 3000 | HTTP port |
REST API
Section titled “REST API”Auth Endpoints
Section titled “Auth Endpoints”POST /auth/email/register
Section titled “POST /auth/email/register”Register a new user.
curl -X POST https://vault.example.com/auth/email/register \ -H "Content-Type: application/json" \ -d '{"email": "user@example.com", "password": "secret"}'Response:
{ "accessToken": "eyJ...", "refreshToken": "eyJ...", "user": { "id": "...", "email": "user@example.com" }}POST /auth/email/login
Section titled “POST /auth/email/login”Login with email/password.
curl -X POST https://vault.example.com/auth/email/login \ -H "Content-Type: application/json" \ -d '{"email": "user@example.com", "password": "secret"}'GET /auth/me
Section titled “GET /auth/me”Get current user.
curl https://vault.example.com/auth/me \ -H "Authorization: Bearer <token>"POST /auth/refresh
Section titled “POST /auth/refresh”Refresh access token.
curl -X POST https://vault.example.com/auth/refresh \ -H "Content-Type: application/json" \ -d '{"refreshToken": "eyJ..."}'POST /auth/logout
Section titled “POST /auth/logout”Logout (invalidate refresh token).
curl -X POST https://vault.example.com/auth/logout \ -H "Authorization: Bearer <token>"Vault Endpoints
Section titled “Vault Endpoints”GET /vault
Section titled “GET /vault”List user’s vaults.
curl https://vault.example.com/vault \ -H "Authorization: Bearer <token>"Response:
{ "vaults": [ { "uid": "abc123", "name": "my-store", "data": "encrypted...", "salt": "base64...", "version": 1, "updatedAt": 1234567890 } ]}POST /vault
Section titled “POST /vault”Create a vault.
curl -X POST https://vault.example.com/vault \ -H "Authorization: Bearer <token>" \ -H "Content-Type: application/json" \ -d '{"name": "my-store", "data": "encrypted...", "salt": "base64..."}'GET /vault/:uid
Section titled “GET /vault/:uid”Get a specific vault.
curl https://vault.example.com/vault/abc123 \ -H "Authorization: Bearer <token>"PUT /vault/:uid
Section titled “PUT /vault/:uid”Update a vault.
curl -X PUT https://vault.example.com/vault/abc123 \ -H "Authorization: Bearer <token>" \ -H "Content-Type: application/json" \ -d '{"data": "new-encrypted...", "salt": "new-salt..."}'DELETE /vault/:uid
Section titled “DELETE /vault/:uid”Delete a vault.
curl -X DELETE https://vault.example.com/vault/abc123 \ -H "Authorization: Bearer <token>"Health
Section titled “Health”GET /health
Section titled “GET /health”curl https://vault.example.com/healthResponse:
{"status": "ok", "timestamp": 1234567890}Database Schema
Section titled “Database Schema”CREATE TABLE users ( id TEXT PRIMARY KEY, email TEXT UNIQUE NOT NULL, password_hash TEXT, created_at INTEGER NOT NULL, updated_at INTEGER NOT NULL);
CREATE TABLE vaults ( uid TEXT PRIMARY KEY, user_id TEXT NOT NULL REFERENCES users(id), name TEXT NOT NULL, data TEXT NOT NULL, salt TEXT NOT NULL, version INTEGER DEFAULT 1, created_at INTEGER NOT NULL, updated_at INTEGER NOT NULL, UNIQUE(user_id, name));
CREATE TABLE refresh_tokens ( jti TEXT PRIMARY KEY, user_id TEXT NOT NULL REFERENCES users(id), expires_at INTEGER NOT NULL, created_at INTEGER NOT NULL);