import { Request, Response } from 'express';
import { AuthMiddlewareConfig, NormalizedAuthMiddlewareConfig, AuthFailureReason } from '../types';
/**
 * Normalizes authentication middleware configuration by applying default values for optional fields.
 *
 * @param config - User-provided middleware configuration with nested strategy configs
 * @returns Normalized configuration with all strategy configs in nested objects and defaults applied
 * @throws {TypeError} If configuration validation fails
 *
 * @example
 * ```typescript
 * const normalized = normalizeAuthMiddlewareConfig({
 *   authStrategies: ['SESSION'],
 *   sessionConfig: {
 *     sessionOptions: { secrets: 'my-secret', enableCsrfProtection: true },
 *   },
 * });
 * // Returns config with sessionConfig and jwtConfig objects, all defaults applied
 * ```
 */
export declare function normalizeAuthMiddlewareConfig(config: AuthMiddlewareConfig): NormalizedAuthMiddlewareConfig;
/**
 * Validates the CSRF token for API requests to prevent cross-site request forgery attacks.
 *
 * Compares the CSRF token stored in the session against the token provided in the
 * request header. Both must exist and match exactly for validation to pass.
 *
 * @param req - The Request object containing headers
 * @param csrfToken - The CSRF token stored in the session (from session.csrfToken)
 * @param csrfHeaderName - The header name to check for the token (default: 'X-CSRF-TOKEN')
 * @returns True if the CSRF token is valid, false otherwise
 *
 * @example
 * ```typescript
 * const isValid = isValidCsrf(req, session.csrfToken, 'X-CSRF-TOKEN');
 * if (!isValid) {
 *   return new NextResponse(null, { status: 403 });
 * }
 * ```
 */
export declare function isValidCsrf(req: Request, csrfToken: string | undefined, csrfHeaderName: string): boolean;
/**
 * Sends appropriate error response based on failure reason.
 */
export declare function sendAuthFailureResponse(res: Response, reason: AuthFailureReason): void;