import { Authenticator, type Strategy } from "../auth";
import { type DB } from "../core";
import type { Entity, EntityManager } from "../data";
import { type FieldSchema } from "../data/prototype";
import { Module } from "../modules/Module";
import { AuthController } from "./api/AuthController";
import { type AppAuthSchema, authConfigSchema } from "./auth-schema";
import type { AppEntity } from "../core/config";
export type UserFieldSchema = FieldSchema<typeof AppAuth.usersFields>;
declare module "../core" {
    interface Users extends AppEntity, UserFieldSchema {
    }
    interface DB {
        users: Users;
    }
}
export type CreateUserPayload = {
    email: string;
    password: string;
    [key: string]: any;
};
export declare class AppAuth extends Module<typeof authConfigSchema> {
    private _authenticator?;
    cache: Record<string, any>;
    _controller: AuthController;
    onBeforeUpdate(from: AppAuthSchema, to: AppAuthSchema): Promise<{
        allow_register?: boolean | undefined;
        strategies?: {
            [x: string]: {
                enabled?: boolean | undefined;
                type: "password" | "oauth" | "custom_oauth";
                config: {
                    type: "oidc" | "oauth2";
                    name: "google" | "github";
                    client: {
                        client_id: string;
                        client_secret: string;
                    };
                } | {
                    type: "oidc" | "oauth2";
                    name: string;
                    client: {
                        client_id: string;
                        client_secret: string;
                        token_endpoint_auth_method: "client_secret_basic";
                    };
                    as: {
                        code_challenge_methods_supported?: "S256" | undefined;
                        scopes_supported?: string[] | undefined;
                        scope_separator?: string | undefined;
                        authorization_endpoint?: string | undefined;
                        token_endpoint?: string | undefined;
                        userinfo_endpoint?: string | undefined;
                        issuer: string;
                    };
                } | {
                    rounds?: number | undefined;
                    hashing: "plain" | "sha256" | "bcrypt";
                };
            };
        } | undefined;
        guard?: {
            enabled?: boolean | undefined;
        } | undefined;
        roles?: {
            [x: string]: {
                permissions?: string[] | undefined;
                is_default?: boolean | undefined;
                implicit_allow?: boolean | undefined;
            };
        } | undefined;
        cookie: {
            path?: string | undefined;
            expires?: number | undefined;
            sameSite?: "strict" | "lax" | "none" | undefined;
            secure?: boolean | undefined;
            httpOnly?: boolean | undefined;
            renew?: boolean | undefined;
            pathSuccess?: string | undefined;
            pathLoggedOut?: string | undefined;
        };
        enabled: boolean;
        basepath: string;
        entity_name: string;
        jwt: {
            alg?: "HS256" | "HS384" | "HS512" | undefined;
            expires?: number | undefined;
            issuer?: string | undefined;
            secret: string;
            fields: string[];
        };
    }>;
    get enabled(): boolean;
    build(): Promise<void>;
    isStrategyEnabled(strategy: Strategy | string): boolean;
    get controller(): AuthController;
    getSchema(): import("@sinclair/typebox").TObject<{
        enabled: import("@sinclair/typebox").TBoolean;
        basepath: import("@sinclair/typebox").TString;
        entity_name: import("@sinclair/typebox").TString;
        allow_register: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
        jwt: import("@sinclair/typebox").TObject<{
            secret: import("@sinclair/typebox").TString;
            alg: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnsafe<"HS256" | "HS384" | "HS512">>;
            expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
            issuer: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
            fields: import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>;
        }>;
        cookie: import("@sinclair/typebox").TObject<{
            path: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
            sameSite: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnsafe<"strict" | "lax" | "none">>;
            secure: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
            httpOnly: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
            expires: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
            renew: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
            pathSuccess: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
            pathLoggedOut: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
        }>;
        strategies: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TUnion<import("@sinclair/typebox").TObject<{
            enabled: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
            type: import("@sinclair/typebox").TLiteral<"password"> | import("@sinclair/typebox").TLiteral<"oauth"> | import("@sinclair/typebox").TLiteral<"custom_oauth">;
            config: import("@sinclair/typebox").TObject<{
                hashing: import("@sinclair/typebox").TUnsafe<"plain" | "sha256" | "bcrypt">;
                rounds: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TNumber>;
            }> | import("@sinclair/typebox").TObject<{
                name: import("@sinclair/typebox").TUnsafe<"google" | "github">;
                type: import("@sinclair/typebox").TUnsafe<"oidc" | "oauth2">;
                client: import("@sinclair/typebox").TObject<{
                    client_id: import("@sinclair/typebox").TString;
                    client_secret: import("@sinclair/typebox").TString;
                }>;
            }> | import("@sinclair/typebox").TObject<{
                type: import("@sinclair/typebox").TUnsafe<"oidc" | "oauth2">;
                name: import("@sinclair/typebox").TString;
                client: import("@sinclair/typebox").TObject<{
                    client_id: import("@sinclair/typebox").TString;
                    client_secret: import("@sinclair/typebox").TString;
                    token_endpoint_auth_method: import("@sinclair/typebox").TUnsafe<"client_secret_basic">;
                }>;
                as: import("@sinclair/typebox").TObject<{
                    issuer: import("@sinclair/typebox").TString;
                    code_challenge_methods_supported: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TUnsafe<"S256">>;
                    scopes_supported: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
                    scope_separator: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
                    authorization_endpoint: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
                    token_endpoint: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
                    userinfo_endpoint: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TString>;
                }>;
            }>;
        }>[]>>>;
        guard: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TObject<{
            enabled: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
        }>>;
        roles: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TRecord<import("@sinclair/typebox").TString, import("@sinclair/typebox").TObject<{
            permissions: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TArray<import("@sinclair/typebox").TString>>;
            is_default: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
            implicit_allow: import("@sinclair/typebox").TOptional<import("@sinclair/typebox").TBoolean>;
        }>>>;
    }>;
    get authenticator(): Authenticator;
    get em(): EntityManager;
    getUsersEntity(forceCreate?: boolean): Entity<"users", typeof AppAuth.usersFields>;
    static usersFields: {
        email: import("../data").TextField<true>;
        strategy: import("../data").TextField<true>;
        strategy_value: import("../data").TextField<true>;
        role: import("../data").TextField<false> & {
            required: () => import("../data").TextField<true>;
        };
    };
    registerEntities(): void;
    createUser({ email, password, ...additional }: CreateUserPayload): Promise<DB["users"]>;
    toJSON(secrets?: boolean): AppAuthSchema;
}
