import type { Application, Request } from 'express';
import type { Server } from 'http';
import * as pine from '@balena/pinejs';
import { sbvrUtils } from '@balena/pinejs';
import type { User } from './balena-model.js';
import type { defaultFindUser$select, GetNewUserRoleFunction } from './infra/auth/auth.js';
import * as jwt from './infra/auth/jwt-passport.js';
import { captureException } from './infra/error-handling/index.js';
import { findUser, getUser } from './infra/auth/auth.js';
import { setUserTokenDataCallback } from './infra/auth/jwt.js';
import { createAllPermissions } from './infra/auth/permissions.js';
import { createScopedAccessToken } from './infra/auth/jwt.js';
import { getApiKeyOptsFromRequest } from './features/api-keys/lib.js';
import { addHooksForFieldSizeLimitChecks } from './features/field-size-limits/setup-field-size-limits.js';
import { createRateLimiter } from './infra/rate-limiting/index.js';
import { DeviceOnlineStates } from './features/device-heartbeat/index.js';
import type { GetUrlFunction } from './features/request-logging/index.js';
export * as tags from './features/tags/validation.js';
export type { TokenUserPayload } from './infra/auth/jwt.js';
export type { Creds, ResolvedUserPayload } from './infra/auth/jwt-passport.js';
export type { Access } from './features/registry/registry.js';
export type { ApplicationType } from './features/application-types/application-types.js';
export type { DeviceTypeJson } from './features/device-types/device-type-json.js';
export type { DefaultApplicationType } from './features/application-types/application-types.js';
export * as request from './infra/request-promise/index.js';
export * as redis from './infra/redis/index.js';
export * as scheduler from './infra/scheduler/index.js';
export * as cache from './infra/cache/index.js';
export * as config from './lib/config.js';
export * as registry from './features/registry/registry.js';
export * as abstractSql from './abstract-sql-utils.js';
export { getFileUploadHandler } from './fileupload-handler.js';
export * as deviceState from './features/device-state/index.js';
export declare const errors: {
    captureException: typeof captureException;
    handleHttpErrors: (req: Request, res: import("express").Response, err: Error) => boolean;
    ThisShouldNeverHappenError: (errorMessage: string, options?: Parameters<typeof captureException>[2]) => pine.errors.InternalRequestError;
    translateError: (err: Error | number | string) => string;
};
export declare const deletedFrozenDevices: {
    defaultRespondFn: (_req: Request, res: import("express").Response, delayMs: number, status: number) => Promise<void>;
    setRespondFn: ($respondFn: (_req: Request, res: import("express").Response, delayMs: number, status: number) => Promise<void>) => void;
};
export declare const auth: {
    findUser: typeof findUser;
    getUser: typeof getUser;
    reqHasPermission: (req: Pick<Request, "apiKey" | "user">, permission: string) => boolean;
    setUserTokenDataCallback: typeof setUserTokenDataCallback;
    tokenFields: ("id" | "jwt_secret")[];
    userFields: ("id" | "actor" | "jwt_secret")[];
    userHasPermission: (user: undefined | sbvrUtils.Actor, permission: string) => boolean;
    comparePassword: (password: string, hash: string | null) => Promise<boolean>;
    generateNewJwtSecret: () => Promise<string>;
    loginUserXHR: (res: import("express").Response, userId: number, extraParams: import("./infra/auth/jwt.js").ExtraParams & {
        statusCode?: number;
    }) => Promise<void>;
    registerUser: (userData: AnyObject & {
        username: string;
        email: string | null;
        password?: string;
    }, tx: Tx, req?: Request) => Promise<{ [P in keyof User["Read"]]: import("@balena/abstract-sql-to-typescript").Deferred<User["Read"][P]>; }>;
    setPassword: (user: Pick<User["Read"], "id">, newPassword: string, tx: Tx) => Promise<void>;
    updateUserXHR: (res: import("express").Response, req: Request, { tx }: {
        tx: Tx;
    }) => Promise<void>;
    validatePassword: (password: string | undefined) => asserts password is string;
    checkUserPassword: (password: string, userId: number, tx: Tx) => Promise<void>;
    createSessionToken: (userId: number, { existingToken, jwtOptions, tx }: import("./infra/auth/jwt.js").ExtraParams) => Promise<string>;
    createScopedAccessToken: typeof createScopedAccessToken;
    createJwt: (payload: AnyObject, jwtOptions?: jwt.SignOptions) => string;
    createAllPermissions: typeof createAllPermissions;
    setApiKey: (roleName: string, apiKeyPermissions: string[], key: string, tx: Tx) => Promise<import("@balena/abstract-sql-to-typescript").PickDeferred<{
        created_at: import("@balena/sbvr-types").Types["Date Time"]["Read"];
        modified_at: import("@balena/sbvr-types").Types["Date Time"]["Read"];
        id: import("@balena/sbvr-types").Types["Serial"]["Read"];
        key: import("@balena/sbvr-types").Types["Short Text"]["Read"];
        expiry_date: import("@balena/sbvr-types").Types["Date Time"]["Read"] | null;
        is_of__actor: {
            __id: import("@balena/pinejs/out/sbvr-api/user.js").Actor["Read"]["id"];
        } | [import("@balena/pinejs/out/sbvr-api/user.js").Actor["Read"]];
        name: import("@balena/sbvr-types").Types["Text"]["Read"] | null;
        description: import("@balena/sbvr-types").Types["Text"]["Read"] | null;
        api_key__has__role?: Array<import("@balena/pinejs/out/sbvr-api/user.js").ApiKeyHasRole["Read"]>;
        api_key__has__permission?: Array<import("@balena/pinejs/out/sbvr-api/user.js").ApiKeyHasPermission["Read"]>;
    }, "id" | "key">>;
    getOrInsertPermissionId: (name: string, tx: Tx) => Promise<{
        id: number;
    }>;
    assignRolePermission: (role: number, permission: number, tx: Tx) => Promise<{
        id: number;
    }>;
    getOrInsertRoleId: (name: string, tx: Tx) => Promise<{
        id: number;
    }>;
    assignUserPermission: (user: number, permission: number, tx: Tx) => Promise<{
        id: number;
    }>;
    assignUserRole: (user: number, role: number, tx: Tx) => Promise<{
        id: number;
    }>;
    revokeUserRole: (user: number, role: number, tx: Tx) => Promise<void>;
    getUserIDFromCreds: (req: Request) => string;
    registryAuth: {
        algo: jwt.SignOptions["algorithm"];
        issuer: jwt.SignOptions["issuer"];
        key: import("jsonwebtoken").Secret;
        pub: import("jsonwebtoken").Secret;
        kid: string;
    };
    normalizeHandle: (handle: string) => string;
    publicKeys: {
        defaultGetAuthorizedKeysFn: (req: pine.permissions.PermissionReq, username: string) => Promise<string>;
        setGetAuthorizedKeysFn: ($getAuthorizedKeys: (req: pine.permissions.PermissionReq, username: string) => Promise<string>) => void;
    };
    /** @deprecated Will be removed in a future version */
    refreshToken: import("express").RequestHandler<import("express-serve-static-core").ParamsDictionary, any, any, import("qs").ParsedQs, Record<string, any>>;
    ROLES: {
        [roleName: string]: string[];
    };
    DEVICE_API_KEY_PERMISSIONS: string[];
    DEFAULT_USER_EXTRA_PERMISSIONS: string[];
    KEYS: {
        [keyName: string]: {
            key?: string;
            permissions: string[];
        };
    };
    getServiceFromRequest: (req: {
        apiKey?: sbvrUtils.ApiKey;
    }) => string | undefined;
};
export declare const rateLimiting: {
    createRateLimitMiddleware: (rateLimiter: ReturnType<typeof createRateLimiter>, keyOpts?: Parameters<(rateLimiter: ReturnType<typeof createRateLimiter>, { ignoreIP, allowReset, }?: {
        ignoreIP?: boolean;
        allowReset?: boolean;
    }, field?: import("./infra/rate-limiting/index.js").RateLimitKey) => import("./infra/rate-limiting/index.js").RateLimitMiddleware>[1]) => import("./infra/rate-limiting/index.js").PartialRateLimitMiddleware;
    createRateLimiter: (keyScope: string, opts: import("rate-limiter-flexible").IRateLimiterOptions) => import("rate-limiter-flexible").RateLimiterMemory | import("rate-limiter-flexible").RateLimiterCluster | {
        consume: (key: string | number, pointsToConsume?: number | undefined, options?: {
            [key: string]: any;
        } | undefined) => Promise<import("rate-limiter-flexible").RateLimiterRes>;
        penalty: (key: string | number, points?: number | undefined, options?: {
            [key: string]: any;
        } | undefined) => Promise<import("rate-limiter-flexible").RateLimiterRes>;
        delete: (key: string | number, options?: {
            [key: string]: any;
        } | undefined) => Promise<boolean>;
    };
};
export * as middleware from './exports/middleware.js';
export declare const hooks: {
    addDeleteHookForDependents: (resource: string, dependents: Parameters<typeof import("./infra/cascade-delete/index.js").addDeleteHookForDependents>[2]) => void;
    addHooksForFieldSizeLimitChecks: typeof addHooksForFieldSizeLimitChecks;
};
export declare const utils: {
    updateOrInsertModel: <T extends keyof import("./balena-model.js").default>(resource: T, filter: import("pinejs-client-core").FilterObj<import("./balena-model.js").default[T]["Read"]>, updateFields: Partial<import("./balena-model.js").default[T]["Write"]>, tx?: Tx) => Promise<{
        id: number;
    }>;
    getOrInsertModelId: <T extends keyof import("./balena-model.js").default>(resource: T, body: Partial<import("./balena-model.js").default[T]["Write"]>, tx?: Tx) => Promise<{
        id: number;
    }>;
    getIP: (req: Request) => string | undefined;
    getIPv4: (req: Request) => string | undefined;
    isValidInteger: (num: any) => num is number;
    varListInsert: (varList: import("./features/device-state/state-get-utils.js").EnvVarList, obj: Dictionary<string>, filterFn?: (name: string) => boolean) => void;
    throttledForEach: <T, U>(array: T[], delayMS: number, fn: (item: T) => PromiseLike<U> | U) => Promise<U[]>;
    getBodyOrQueryParam: <R extends Request, P extends (keyof R["body"] | keyof R["query"]) & string, D = undefined>(req: R, paramName: P, defaultValue?: D) => Exclude<(P extends keyof R["body"] ? R["body"][P] : never) | (P extends keyof R["query"] ? R["query"][P] : never), null> | D;
};
export declare const apiKeys: {
    augmentReqApiKeyPermissions: <T extends pine.permissions.PermissionReq>(req: T, extraPermissions: string[], mutateRequestObject?: boolean) => T;
    isApiKeyWithRole: import("./infra/cache/multi-level-memoizee.js").MemoizedFn<(key: string, roleName: string, tx?: Tx) => Promise<boolean>>;
    getApiKeyOptsFromRequest: typeof getApiKeyOptsFromRequest;
};
export declare const application: {
    addUserHasDirectAccessToApplicationToModel: (abstractSql: import("@balena/abstract-sql-compiler").AbstractSqlModel, selectQueryNodeTransformer?: (selectQueryNode: import("@balena/abstract-sql-compiler").SelectQueryNode) => import("@balena/abstract-sql-compiler").SelectQueryNode) => void;
    getApplicationSlug: (orgHandle: string, appName: string) => string;
};
export declare const device: {
    addVirtualFieldsToModel: (abstractSql: import("@balena/abstract-sql-compiler").AbstractSqlModel) => void;
    supervisorProxy: (req: Request, res: import("express").Response) => Promise<void>;
    generateConfig: (req: Request, app: import("balena-device-config").GenerateOptions["application"], provisioningKeyOptions: import("./features/api-keys/lib.js").ApiKeyOptions, deviceType: import("./features/device-types/device-type-json.js").DeviceTypeJson, osVersion?: string) => Promise<any>;
    getPollInterval: (deviceId: number, config?: Dictionary<string>) => Promise<number>;
    DeviceOnlineStates: typeof DeviceOnlineStates;
    getDeviceOnlineStateManager: () => import("./features/device-heartbeat/index.js").DeviceOnlineStateManager;
};
export declare const release: {
    addVirtualFieldsToModel: (abstractSql: import("@balena/abstract-sql-compiler").AbstractSqlModel) => void;
};
export declare const deviceTypes: {
    getAccessibleDeviceTypeJsons: (resinApi: typeof sbvrUtils.api.resin) => Promise<import("./features/device-types/device-type-json.js").DeviceTypeJson[]>;
    getDeviceTypeJsonBySlug: (resinApi: typeof sbvrUtils.api.resin, slug: string) => Promise<import("./features/device-types/device-type-json.js").DeviceTypeJson>;
    getDeviceTypeBySlug: (resinApi: typeof sbvrUtils.api.resin, slug: string) => Promise<{
        id: number;
        slug: string;
    }>;
};
export * as contracts from './exports/contracts.js';
export declare const envVarsConfig: {
    ALLOWED_NAMES: string[];
    BLOCKED_NAMES: string[];
    SUPERVISOR_CONFIG_VAR_PROPERTIES: {
        [k: string]: import("json-schema").JSONSchema6 & Required<Pick<import("json-schema").JSONSchema6, "description">> & {
            will_reboot?: boolean;
            warning?: string;
        };
    };
    DEVICE_TYPE_SPECIFIC_CONFIG_VAR_PROPERTIES: {
        capableDeviceTypes: string[];
        properties: Dictionary<import("json-schema").JSONSchema6 & Required<Pick<import("json-schema").JSONSchema6, "description">> & {
            will_reboot?: boolean;
            warning?: string;
        }>;
    }[];
};
import './translations/v6/numeric-big-integer-hack.js';
export declare const translations: {
    v7: {
        getTranslations: (_abstractSqlModel?: import("@balena/abstract-sql-compiler").AbstractSqlModel) => {
            'device-installs-application-has-service name-has-name': {
                $toResource: string;
            };
        };
        loadHooks: () => Promise<typeof import("./translations/v7/hooks.js")>;
    };
    v6: {
        getTranslations: (abstractSqlModel?: import("@balena/abstract-sql-compiler").AbstractSqlModel) => {
            'my application': {
                $toResource: string;
                abstractSql: ["SelectQuery", ["Select", import("@balena/abstract-sql-compiler").AnyTypeNodes[]], ["From", ["Alias", ["Resource", "application$v7"], "application"]], ["Where", ["Exists", ["SelectQuery", ["Select", []], ["From", ["Alias", ["Resource", "user-has direct access to-application$v7"], "user-has direct access to-application"]], ["Where", ["Equals", ["ReferencedField", "user-has direct access to-application", "has direct access to-application"], ["ReferencedField", "application", string]]]]]]];
            };
            application: {
                'depends on-application': ["Cast", ["Null"], string];
            };
            'application-has-name': {
                $toResource: string;
            };
            'device-has-name': {
                $toResource: string;
            };
            device: {
                'is managed by-device': ["Cast", ["Null"], string];
                'logs channel': ["Cast", ["Null"], string];
                'vpn address': ["Cast", ["Null"], string];
                'should be running-release': string;
                'overall status': ["Case", ["When", import("@balena/abstract-sql-compiler").BooleanTypeNodes, ["EmbeddedText", "inactive"]], ["When", import("@balena/abstract-sql-compiler").EqualsNode, ["EmbeddedText", "post-provisioning"]], ["When", import("@balena/abstract-sql-compiler").AndNode, ["EmbeddedText", "configuring"]], ["When", import("@balena/abstract-sql-compiler").AndNode, ["EmbeddedText", "offline"]], ["When", ["And", ["Exists", ["ReferencedField", "device", "download progress"]], ["Equals", ["ReferencedField", "device", "status"], ["EmbeddedText", "Downloading"]]], ["EmbeddedText", "updating"]], ["When", ["Exists", ["ReferencedField", "device", "provisioning progress"]], ["EmbeddedText", "configuring"]], ["When", ["Exists", ["SelectQuery", ["Select", []], ["From", ["Alias", ["Resource", "device-installs-image$v7$bypass"], "ii"]], ["Where", ["And", ["Equals", ["ReferencedField", "ii", "device"], ["ReferencedField", "device", string]], ["Exists", ["ReferencedField", "ii", "download progress"]], ["Equals", ["ReferencedField", "ii", "status"], ["EmbeddedText", "Downloading"]]]]]], ["EmbeddedText", "updating"]], ["Else", ["EmbeddedText", "idle"]]];
            };
            release: {
                abstractSql: ["SelectQuery", ["Select", import("@balena/abstract-sql-compiler").AnyTypeNodes[]], ["From", ["Alias", ["Resource", "release$v7"], "release"]]];
            };
            'image-is downloaded by-device': {
                $toResource: string;
                abstractSql: ["SelectQuery", ["Select", [["Alias", ["Cast", ["Null"], "Integer"], string], ["Alias", ["Cast", ["Null"], "Date"], "created at"], ["Alias", ["Cast", ["Null"], "Integer"], string], ["Alias", ["Cast", ["Null"], "Short Text"], string], ["Alias", ["Cast", ["Null"], "Integer"], string], ["Alias", ["Cast", ["Null"], "Integer"], string]]], ["Where", ["Boolean", false]]];
            };
        };
        loadHooks: () => Promise<typeof import("./translations/v6/hooks.js")>;
    };
};
export declare const AUTH_PATH = "/auth";
export type SetupFunction = (app: Application) => void | PromiseLike<void>;
export interface SetupOptions {
    config: Parameters<typeof pine.init>[1];
    databaseOptions?: Parameters<typeof pine.init>[2];
    version: string;
    skipHttpsPaths?: string[];
    getUrl: GetUrlFunction;
    onInit?: SetupFunction;
    onInitMiddleware?: SetupFunction;
    onInitModel?: SetupFunction;
    onInitHooks?: SetupFunction;
    onInitRoutes?: SetupFunction;
    onInitTasks?: SetupFunction;
    onLogin?: (user: Pick<User['Read'], (typeof defaultFindUser$select)[number]>, tx: Tx, req: Request) => PromiseLike<void> | void;
    onLogWriteStreamInitialized?: (req: Request) => void;
    onLogReadStreamInitialized?: (req: Request) => void;
    getNewUserRole?: GetNewUserRoleFunction;
}
export declare function setup(app: Application, options: SetupOptions): Promise<{
    app: Application;
    startServer: (port: string | number) => Promise<Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>>;
}>;