import type { Request } from 'express';
import { permissions } from '@balena/pinejs';
export interface ApiKeyOptions {
    apiKey?: string;
    name: string | null;
    description: string | null;
    expiryDate: string | null;
    tx?: Tx;
}
type ApiKeyActor = 'application' | 'device' | 'user';
export declare function getApiKeyOptsFromRequest(params: Dictionary<unknown>, prefix?: string, mandatoryExpiryDate?: false): Pick<ApiKeyOptions, 'name' | 'description' | 'expiryDate'>;
export declare function getApiKeyOptsFromRequest(params: Dictionary<unknown>, prefix: string | undefined, mandatoryExpiryDate: true): NonNullableField<Pick<ApiKeyOptions, 'name' | 'description' | 'expiryDate'>, 'expiryDate'>;
export declare function getApiKeyOptsFromRequest(params: Dictionary<unknown>, prefix?: string, mandatoryExpiryDate?: boolean): Pick<ApiKeyOptions, 'name' | 'description' | 'expiryDate'>;
export declare const createApiKey: (actorType: ApiKeyActor, roleName: string, req: Request, actorTypeID: number, options: ApiKeyOptions) => Promise<string>;
export declare const createProvisioningApiKey: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, actorTypeID: number, options: ApiKeyOptions) => Promise<string>;
export declare const createDeviceApiKey: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, actorTypeID: number, options: ApiKeyOptions) => Promise<string>;
export declare const createNamedUserApiKey: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, actorTypeID: number, options: ApiKeyOptions) => Promise<string>;
/**
 * @deprecated this is a legacy api key for very old devices and should not be used any more
 */
export declare const createUserApiKey: (req: Request<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>, actorTypeID: number, options: ApiKeyOptions) => Promise<string>;
export type ApiKeyParameters = {
    actorType: (typeof supportedActorTypes)[number];
    actorTypeId: number;
    roles: string[];
} & Pick<ApiKeyOptions, 'name' | 'description' | 'expiryDate' | 'apiKey'>;
export declare const supportedActorTypes: readonly ["application", "user", "device"];
export declare const createGenericApiKey: (req: Request, { actorType, actorTypeId, roles, name, description, expiryDate, apiKey, }: ApiKeyParameters) => Promise<string>;
export declare const isApiKeyWithRole: import("../../infra/cache/multi-level-memoizee.js").MemoizedFn<(key: string, roleName: string, tx?: Tx) => Promise<boolean>>;
/**
 * Temporarily augments the request's api key with the specified permissions.
 * This will not have any effect if the request is not using an api key
 */
export declare const augmentReqApiKeyPermissions: <T extends permissions.PermissionReq>(req: T, extraPermissions: string[], 
/**
 * When mutateRequestObject is
 * false: A new request object with augmented permissions is returned to be used for specific tasks,
 *   while the rest of the code (eg: middleware & hooks) still runs with permissions the original request.
 * true: The permissions are augmented for the whole lifetime of the request.
 */
mutateRequestObject?: boolean) => T;
export {};