import { Request, Response } from "express";
import { AuthToken, TokenStore } from "../../types";
/**
 * Configuration options for the `ExpressStore`.
 */
export type ExpressStoreOptions = {
    clientId: string;
    req: Request;
    res: Response;
    /**
     * Whether to use secure cookies (HTTPS only).
     * Defaults to false. Set to true in production (HTTPS).
     */
    secure?: boolean;
    /**
     * Whether to set httpOnly flag (prevents JavaScript access).
     * Defaults to false to match the original Sharetribe SDK behavior and allow
     * the BrowserStore to share the same cookie. Setting to true will prevent
     * client-side JavaScript from reading or writing the token cookie, which
     * breaks the shared session model between server and client SDK instances.
     */
    httpOnly?: boolean;
    /**
     * SameSite cookie attribute for CSRF protection.
     * Defaults to 'Lax' for balance of security and usability.
     */
    sameSite?: "strict" | "lax" | "none";
};
/**
 * `ExpressStore` is an implementation of the `TokenStore` interface for managing authentication tokens via cookies in an Express application.
 *
 * **Note:** This store defaults to `httpOnly: false` to match the original Sharetribe SDK behavior.
 * Server and client SDK instances share the same cookie, so httpOnly must be false
 * for the BrowserStore to read/write the token set by the server.
 */
declare class ExpressStore implements TokenStore {
    expiration: number;
    private namespace;
    private key;
    private cookieOptions;
    private req;
    private res;
    private currentToken;
    /**
     * Initializes the `ExpressStore` with client-specific options.
     * @param options - Configuration options for the store.
     */
    constructor({ clientId, req, res, secure, httpOnly, sameSite }: ExpressStoreOptions);
    /**
     * Retrieves the authentication token, either from cache or from the request cookies.
     * @returns A promise that resolves to the `AuthToken` or null if no token exists.
     */
    getToken(): AuthToken | null;
    /**
     * Stores the authentication token in a response cookie.
     * @param token - The authentication token to store.
     */
    setToken(token: AuthToken): void;
    /**
     * Removes the authentication token from the response cookies.
     */
    removeToken(): void;
    /**
     * Reads the authentication token from the request cookies.
     * @returns The `AuthToken` if present in cookies, otherwise null.
     */
    private readCookie;
}
export default ExpressStore;