import type { Context } from 'hono'; /** * Shared session helpers used by SDK handlers that issue server-side * sessions (e.g. `auth`, `webAuthn`). Each handler is responsible for its * own session payload shape and storage; this module only provides the * token-extraction, cookie-issuance, and token-generation primitives so * the conventions stay consistent. */ /** Default `Set-Cookie` attributes for handler-issued session cookies. */ export declare const defaults: { readonly httpOnly: true; readonly sameSite: "Lax"; readonly path: "/"; }; /** * Parse a `Bearer ` value out of an `Authorization` header. Returns * `undefined` when the header is missing, doesn't use the `Bearer` * scheme, or contains an empty token. */ export declare function bearerToken(authorization: string | null): string | undefined; /** * Extract the value of a single cookie from a raw `Cookie` header. * Returns `undefined` when the cookie is absent. */ export declare function parseCookieValue(header: string, name: string): string | undefined; /** * Minimal request interface accepted by `tokenFromRequest` and * `getSession`. Compatible with both the Fetch API `Request` and * Node.js `http.IncomingMessage` so callers in Express, Fastify, or * plain `http.createServer` don't need to construct a synthetic * `Request` just to read a session. */ export type SessionRequest = Request | { headers: Record; }; /** * Resolve the session token for a request. Prefers `Authorization: Bearer * ` over the cookie. When `cookie: false`, the cookie is ignored * even if present so callers cannot opt back into cookie mode by sending * a stale `Set-Cookie` value. * * Accepts both Fetch API `Request` and Node.js `IncomingMessage`-shaped * objects (see {@link SessionRequest}). */ export declare function tokenFromRequest(req: SessionRequest, options: { /** Whether cookie issuance is enabled for this handler. */ cookie: boolean; /** Cookie name when cookie mode is enabled. */ cookieName: string; }): string | undefined; /** * Build the raw `Set-Cookie` header value for a session cookie. Use this * when the route handler returns a freshly-constructed `Response` (which * bypasses Hono's context header merging) — append the returned string * to the response's `Set-Cookie` header directly. */ export declare function serializeCookie(options: { /** Cookie name. */ name: string; /** Token value. */ value: string; /** Cookie max-age in seconds. */ ttl: number; /** Resolved request protocol — drives the `Secure` attribute. */ protocol: string; }): string; /** * Build the raw `Set-Cookie` header value that clears a previously * issued session cookie. */ export declare function clearCookieHeader(name: string): string; /** * Clear a previously-issued session cookie by writing an empty value with * `Max-Age=0`. */ export declare function clearCookie(c: Context, name: string): void; /** * Generate a 256-bit cryptographically-random session token, encoded as * lowercase hex without the `0x` prefix. */ export declare function generateToken(): string; /** * Build the final JSON response for a verify/login route, merging an * optional hook `Response` (extra body fields, status, custom headers) * with the handler's own JSON and an optional `Set-Cookie` header. * * The hook contract — return a `Response` whose body fields and status * are folded onto the default response — is shared by `auth` and * `webAuthn`. Hook fields take precedence over the handler's defaults * via spread order. */ export declare function mergeResponse(json: Record, hook?: Response | undefined, cookieHeader?: string | undefined): Promise; //# sourceMappingURL=session.d.ts.map