import type AuthModel from './user.js';
import './express-extension.js';
import type Express from 'express';
import type { Tx } from '../database-layer/db.js';
import type { ApiKey, User } from '../sbvr-api/sbvr-utils.js';
import * as sbvrUtils from '../sbvr-api/sbvr-utils.js';
import { type HookReq } from './hooks.js';
import { PermissionError, PermissionParsingError } from './errors.js';
import { type ODataRequest } from './uri-parser.js';
export { PermissionError, PermissionParsingError };
export interface PermissionReq {
    user?: User;
    apiKey?: ApiKey;
}
export declare const root: PermissionReq;
export declare const rootRead: PermissionReq;
interface NestedCheckOr<T> {
    or: NestedCheckArray<T>;
}
interface NestedCheckAnd<T> {
    and: NestedCheckArray<T>;
}
type NestedCheckArray<T> = Array<NestedCheck<T>>;
type NestedCheck<T> = NestedCheckOr<T> | NestedCheckAnd<T> | NestedCheckArray<T> | T;
type PermissionCheck = NestedCheck<string>;
type MappedType<I, O> = O extends NestedCheck<infer T> ? Exclude<Exclude<I, string> | T, boolean> : Exclude<Exclude<I, string> | O, boolean>;
type MappedNestedCheck<T extends NestedCheck<I>, I, O> = T extends NestedCheckOr<I> ? NestedCheckOr<MappedType<I, O>> : T extends NestedCheckAnd<I> ? NestedCheckAnd<MappedType<I, O>> : T extends NestedCheckArray<I> ? NestedCheckArray<MappedType<I, O>> : Exclude<I, string> | O;
export declare function nestedCheck<I extends string, O>(check: I, stringCallback: (s: string) => O): O;
export declare function nestedCheck<I extends boolean, O>(check: I, stringCallback: (s: string) => O): boolean;
export declare function nestedCheck<I extends NonNullable<unknown>, O>(check: NestedCheck<I>, stringCallback: (s: string) => O): Exclude<I, string> | O | MappedNestedCheck<typeof check, I, O>;
export declare const checkPassword: (username: string, password: string) => Promise<{
    id: number;
    actor: number;
    username: string;
    permissions: string[];
}>;
export declare const getUserPermissions: (userId: number, tx?: Tx) => Promise<string[]>;
export declare const getApiKeyPermissions: (apiKey: string, tx?: Tx) => Promise<string[]>;
export declare const checkApiKey: (apiKey: string, tx?: Tx) => Promise<PermissionReq["apiKey"]>;
export declare const resolveAuthHeader: (req: Pick<Express.Request, "header">, tx: Tx | undefined, expectedScheme?: string) => Promise<PermissionReq["apiKey"]>;
export declare const canAccess: {
    readonly $fn: {
        readonly $scope: "Auth";
        readonly $method: "canAccess";
    };
};
export declare const customAuthorizationMiddleware: (expectedScheme?: string) => (req: Express.Request, _res?: Express.Response, next?: Express.NextFunction) => Promise<void>;
export declare const authorizationMiddleware: (req: Express.Request, _res?: Express.Response, next?: Express.NextFunction) => Promise<void>;
export declare const resolveApiKey: (req: HookReq | Express.Request, tx: Tx | undefined, paramName?: string) => Promise<PermissionReq["apiKey"]>;
export declare const customApiKeyMiddleware: (paramName?: string) => (req: HookReq | Express.Request, _res?: Express.Response, next?: Express.NextFunction) => Promise<void>;
export declare const apiKeyMiddleware: (req: HookReq | Express.Request, _res?: Express.Response, next?: Express.NextFunction) => Promise<void>;
export declare const checkPermissions: (req: PermissionReq, actionList: PermissionCheck, resourceName?: string, vocabulary?: string) => Promise<boolean | NestedCheck<string>>;
export declare const checkPermissionsMiddleware: (action: PermissionCheck) => Express.RequestHandler;
export declare const addPermissions: (req: PermissionReq, request: ODataRequest & {
    permissionType?: PermissionCheck;
}) => Promise<void>;
declare module './sbvr-utils.js' {
    interface API {
        [authModelConfig.apiRoot]: PinejsClient<AuthModel>;
    }
}
declare const authModelConfig: {
    readonly apiRoot: "Auth";
    readonly modelText: string;
    readonly customServerCode: {
        readonly setup: typeof setup;
    };
    readonly migrations: {
        readonly '11.0.0-modified-at': "\n\t\t\tALTER TABLE \"actor\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"api key\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"api key-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"api key-has-role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"user\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"user-has-role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"user-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t";
        readonly '11.0.1-modified-at': "\n\t\t\tALTER TABLE \"role-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t";
        readonly '14.42.0-api-key-expiry-date': "\n\t\t\tALTER TABLE \"api key\"\n\t\t\tADD COLUMN IF NOT EXISTS \"expiry date\" TIMESTAMP NULL;\n\t\t";
        readonly '22.0.0-timestamps': (tx: Tx, { db }: typeof sbvrUtils) => Promise<void>;
    };
};
export declare const config: {
    models: {
        readonly apiRoot: "Auth";
        readonly modelText: string;
        readonly customServerCode: {
            readonly setup: typeof setup;
        };
        readonly migrations: {
            readonly '11.0.0-modified-at': "\n\t\t\tALTER TABLE \"actor\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"api key\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"api key-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"api key-has-role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\n\t\t\tALTER TABLE \"user\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"user-has-role\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t\tALTER TABLE \"user-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t";
            readonly '11.0.1-modified-at': "\n\t\t\tALTER TABLE \"role-has-permission\"\n\t\t\tADD COLUMN IF NOT EXISTS \"modified at\" TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;\n\t\t";
            readonly '14.42.0-api-key-expiry-date': "\n\t\t\tALTER TABLE \"api key\"\n\t\t\tADD COLUMN IF NOT EXISTS \"expiry date\" TIMESTAMP NULL;\n\t\t";
            readonly '22.0.0-timestamps': (tx: Tx, { db }: typeof sbvrUtils) => Promise<void>;
        };
    }[];
};
export declare function setup(): void;