import { LogLevel } from '@ssense/logger';
import { IncomingMessage, ServerResponse } from 'node:http';
import { z, ZodEnum } from 'zod';
export interface AuthModuleOptions {
    enabled?: boolean;
    authServerHost?: string;
    authServerSecure?: boolean;
    publicRoutes?: RegExp[];
    publicHttpMethods?: string[];
    onForbidden?: (req: IncomingMessageWithAuth, res: ServerResponse, next: Function) => any;
    logger?: {
        enabled?: boolean;
        level?: LogLevel;
        pretty?: boolean;
    };
    alwaysCreateAuthObject?: boolean;
}
export type RequestHandler = (req: IncomingMessageWithAuth, res: ServerResponse, next: Function) => Promise<any>;
declare const AuthInfoTypeSchema: ZodEnum<['user', 'service']>;
type AuthInfoType = z.infer<typeof AuthInfoTypeSchema>;
export declare class AuthInfo {
    id: string;
    type: AuthInfoType;
    scopes: string[];
    token: string;
    tokenId: string;
    tokenExpirationTime: Date;
    enabled: boolean;
    publicRoute: boolean;
    hasScope(scope: string): boolean;
    hasScopes(scopes: string[]): boolean;
    isActive(): boolean;
}
export declare class AuthModule {
    private readonly userAgent;
    private readonly client;
    private readonly logger;
    private readonly publicRoutes;
    private readonly publicHttpMethods;
    private readonly alwaysCreateAuthObject;
    private cookieName;
    private publicKeysUrl;
    private invalidatedTokensUrl;
    private publicKeys;
    private publicKeysExpire;
    private invalidatedTokens;
    private jwtOptions;
    private pubSubClient;
    private pubSubMessagesSignatureAlgorithm;
    private static enabled;
    private static templates;
    private static forbiddenCallback;
    constructor(options?: AuthModuleOptions);
    authenticate(): RequestHandler;
    static enable(enabled: boolean): void;
    private initialize;
    private initializePubSubClient;
    private getAuthInfoFromRequest;
    private getPublicKeyFromKid;
    private getTokenInfo;
    private getInvalidatedTokens;
    private cleanExpiredInvalidatedTokens;
    private verifyToken;
    private parseScopes;
    private isPublicRoute;
    private isPublicHttpMethod;
    private validatePubSubMessageSignature;
    private onPubSubAuthTokenInvalidated;
    static requireScope(scope: string | string[]): any;
    static requireAllScopes(scopes: string[]): any;
    static checkScopes(scope: string | string[], checkAllScopes: boolean): any;
    static scopeMiddleware(scope: string | string[], checkAllScopes?: boolean): RequestHandler;
    private static hasRequiredScope;
    private static showAuthenticationPage;
}
export type IncomingMessageWithAuth = IncomingMessage & {
    auth?: AuthInfo;
    logger?: any;
};
export {};