import { type KeyObject } from 'node:crypto'; import type express from 'express'; import { type DidString } from '@atproto/lex'; import { type VerifySignatureWithKeyFn } from '@atproto/xrpc-server'; import { type DataPlaneClient } from './data-plane/index.js'; type ReqCtx = { req: express.Request; }; type StandardAuthOpts = { skipAudCheck?: boolean; lxmCheck?: (method?: string) => boolean; }; export declare enum RoleStatus { Valid = 0, Invalid = 1, Missing = 2 } type NullOutput = { credentials: { type: 'none'; iss: null; }; }; type StandardOutput = { credentials: { type: 'standard'; /** @note we don't validate this to be a {@link DidString} (we might want to in the future) */ aud: string; iss: DidString | `${DidString}#${string}`; }; }; type RoleOutput = { credentials: { type: 'role'; admin: boolean; }; }; type ModServiceOutput = { credentials: { type: 'mod_service'; aud: DidString; iss: DidString | `${DidString}#${string}`; }; }; export type AuthVerifierOpts = { ownDid: DidString; alternateAudienceDids: DidString[]; modServiceDid: DidString; adminPasses: string[]; entrywayJwtPublicKey?: KeyObject; }; export declare class AuthVerifier { dataplane: DataPlaneClient; ownDid: DidString; standardAudienceDids: Set; modServiceDid: DidString; private adminPasses; private entrywayJwtPublicKey?; constructor(dataplane: DataPlaneClient, opts: AuthVerifierOpts); standardOptionalParameterized: (opts: StandardAuthOpts) => (ctx: ReqCtx) => Promise; standardOptional: (ctx: ReqCtx) => Promise; standard: (ctx: ReqCtx) => Promise; role: (ctx: ReqCtx) => RoleOutput; standardOrRole: (ctx: ReqCtx) => Promise; optionalStandardOrRole: (ctx: ReqCtx) => Promise; entrywaySession: (reqCtx: ReqCtx) => Promise; modService: (reqCtx: ReqCtx) => Promise; roleOrModService: (reqCtx: ReqCtx) => Promise; parseRoleCreds(req: express.Request): { status: RoleStatus; admin: boolean; moderator: boolean; triage: boolean; } | { moderator?: undefined; triage?: undefined; status: RoleStatus; admin: boolean; }; verifyServiceJwt boolean; }>(reqCtx: ReqCtx, opts: TOptions): Promise<{ iss: (DidString | `${DidString}#${string}`) & (TOptions extends { iss: ReadonlyArray; } ? I : unknown); aud: string & (TOptions extends { aud: infer A extends string; } ? A : unknown); }>; isModService(iss: string): iss is DidString | `${DidString}#atproto_labeler`; nullCreds(): NullOutput; parseCreds(creds: StandardOutput | RoleOutput | ModServiceOutput | NullOutput): { viewer: `did:${string}:${string}` | null; includeTakedowns: boolean; include3pBlocks: boolean; canPerformTakedown: boolean; isModService: boolean; skipViewerBlocks: boolean; }; } export declare const parseBasicAuth: (token: string) => { username: string; password: string; } | null; export declare const buildBasicAuth: (username: string, password: string) => string; export declare const createPublicKeyObject: (publicKeyHex: string) => KeyObject; export declare const verifySignatureWithKey: VerifySignatureWithKeyFn; export {}; //# sourceMappingURL=auth-verifier.d.ts.map