import * as blitz from 'blitz';
import { Ctx, AuthenticatedCtx, RequestMiddleware } from 'blitz';
import { ServerResponse, IncomingMessage } from 'http';
import { UrlObject } from 'url';

interface Session {
}
type PublicData = Session extends {
    PublicData: unknown;
} ? Session["PublicData"] : {
    userId: unknown;
    role?: unknown;
};
interface EmptyPublicData extends Partial<Omit<PublicData, "userId">> {
    userId: PublicData["userId"] | null;
    role?: PublicData["role"] | null;
}
interface ClientSession extends EmptyPublicData {
    isLoading: boolean;
}
interface AuthenticatedClientSession extends PublicData {
    isLoading: boolean;
}
type IsAuthorizedArgs = Session extends {
    isAuthorized: (...args: any) => any;
} ? "args" extends keyof Parameters<Session["isAuthorized"]>[0] ? Parameters<Session["isAuthorized"]>[0]["args"] : unknown[] : unknown[];
interface SessionModel extends Record<any, any> {
    handle: string;
    userId?: PublicData["userId"] | null;
    expiresAt?: Date | null;
    hashedSessionToken?: string | null;
    antiCSRFToken?: string | null;
    publicData?: string | null;
    privateData?: string | null;
}
interface SessionConfigMethods {
    getSession: (handle: string) => Promise<SessionModel | null>;
    getSessions: (userId: PublicData["userId"]) => Promise<SessionModel[]>;
    createSession: (session: SessionModel) => Promise<SessionModel>;
    updateSession: (handle: string, session: Partial<SessionModel>) => Promise<SessionModel | undefined>;
    deleteSession: (handle: string) => Promise<SessionModel | undefined>;
}
interface SessionContextBase {
    $handle: string | null;
    $publicData: unknown;
    $authorize(...args: IsAuthorizedArgs): asserts this is AuthenticatedSessionContext;
    $isAuthorized: (...args: IsAuthorizedArgs) => boolean;
    $thisIsAuthorized: (...args: IsAuthorizedArgs) => this is AuthenticatedSessionContext;
    $create: (publicData: PublicData, privateData?: Record<any, any>) => Promise<void>;
    $revoke: () => Promise<void>;
    $revokeAll: () => Promise<void>;
    $getPrivateData: () => Promise<Record<any, any>>;
    $setPrivateData: (data: Record<any, any>) => Promise<void>;
    $setPublicData: (data: Partial<Omit<PublicData, "userId">>) => Promise<void>;
    /**
     * This function is only for manual session handling
     *
     * Instead use {@link https://blitzjs.com/docs/auth-server#with-blitz-auth-api withBlitzAuth} to handle session creation and update
     */
    setSession: (res: Response | ServerResponse) => void;
}
interface SessionContext extends SessionContextBase, EmptyPublicData {
    $publicData: Partial<PublicData> | EmptyPublicData;
}
interface AuthenticatedSessionContext extends SessionContextBase, PublicData {
    userId: PublicData["userId"];
    $publicData: PublicData;
}
declare module "blitz" {
    interface Ctx {
        session: SessionContext;
    }
    interface AuthenticatedCtx extends Omit<Ctx, "session"> {
        session: AuthenticatedSessionContext;
    }
}
type BlitzCtx = Ctx;

declare function isLocalhost(req: IncomingMessage | Request): boolean;
/**
 * Parse cookies from the `headers` of request
 * @param req request object
 */
declare function getCookieParser(headers: {
    [key: string]: undefined | string | string[];
}): () => {
    [key: string]: string;
};
interface SimpleRolesIsAuthorized<RoleType = string> {
    ({ ctx, args }: {
        ctx: any;
        args: [roleOrRoles?: RoleType | RoleType[]];
    }): boolean;
}
declare const simpleRolesIsAuthorized: SimpleRolesIsAuthorized;
type JwtPayload = AnonymousSessionPayload | null;
type AnonSessionKernel = {
    handle: string;
    publicData: EmptyPublicData;
    jwtPayload: JwtPayload;
    antiCSRFToken: string;
    anonymousSessionToken: string;
};
type AuthedSessionKernel = {
    handle: string;
    publicData: PublicData;
    jwtPayload: JwtPayload;
    antiCSRFToken: string;
    sessionToken: string;
};
type SessionKernel = AnonSessionKernel | AuthedSessionKernel;
declare function getSession(req: Request): Promise<SessionContext>;
declare function getSession(req: Request, res: never, isRsc: boolean): Promise<SessionContext>;
declare function getSession(req: IncomingMessage, res: ServerResponse): Promise<SessionContext>;
declare function getSession(req: IncomingMessage, res: ServerResponse, isRsc: boolean): Promise<SessionContext>;
interface RouteUrlObject extends Pick<UrlObject, "pathname" | "query" | "href"> {
    pathname: string;
}
declare function getBlitzContext(): Promise<Ctx>;
declare function useAuthenticatedBlitzContext({ redirectTo, redirectAuthenticatedTo, role, }: {
    redirectTo?: string | RouteUrlObject;
    redirectAuthenticatedTo?: string | RouteUrlObject | ((ctx: Ctx) => string | RouteUrlObject);
    role?: string | string[];
}): Promise<AuthenticatedCtx>;
declare class SessionContextClass implements SessionContext {
    private _headers;
    private _kernel;
    private _isRsc;
    private _response?;
    private static headersToIncludeInResponse;
    constructor(headers: Headers, kernel: SessionKernel, isRsc: boolean, response?: ServerResponse);
    $antiCSRFToken(): string;
    get $handle(): string;
    get userId(): unknown;
    get $publicData(): {
        userId: unknown;
        role?: unknown;
    } | EmptyPublicData;
    $authorize(...args: IsAuthorizedArgs): void;
    $isAuthorized(...args: IsAuthorizedArgs): boolean;
    $thisIsAuthorized(...args: IsAuthorizedArgs): this is AuthenticatedSessionContext;
    setSession(response: Response | ServerResponse): void;
    $create(publicData: PublicData, privateData?: Record<any, any>): Promise<void>;
    $revoke(): Promise<void>;
    $revokeAll(): Promise<void>;
    $setPublicData(data: Record<any, any>): Promise<void>;
    $getPrivateData(): Promise<Record<any, any>>;
    $setPrivateData(data: Record<any, any>): Promise<void>;
}
type AnonymousSessionPayload = {
    isAnonymous: true;
    handle: string;
    publicData: EmptyPublicData;
    antiCSRFToken: string;
};
declare function getAllSessionHandlesForUser(userId: PublicData["userId"]): Promise<string[]>;
/**
 * Updates publicData in all sessions
 *
 * @param {PublicData["userId"]} userId
 * @param {Record<any, any>} data
 */
declare function setPublicDataForUser(userId: PublicData["userId"], data: Record<any, any>): Promise<void>;

interface SessionConfigOptions {
    cookiePrefix?: string;
    sessionExpiryMinutes?: number;
    anonSessionExpiryMinutes?: number;
    method?: "essential" | "advanced";
    sameSite?: "none" | "lax" | "strict";
    secureCookies?: boolean;
    domain?: string;
    publicDataKeysToSyncAcrossSessions?: string[];
}
interface IsAuthorized {
    isAuthorized: (data: {
        ctx: Ctx;
        args: any;
    }) => boolean;
}
interface PrismaClientWithSession {
    session: {
        findFirst(args?: {
            where?: {
                handle?: SessionModel["handle"];
            };
        }): Promise<SessionModel | null>;
        findMany(args?: {
            where?: {
                userId?: PublicData["userId"];
                expiresAt?: {
                    gt?: Date;
                };
            };
        }): Promise<SessionModel[]>;
        create(args: {
            data: SessionModel & {
                userId?: any;
                user?: {
                    connect: {
                        id: any;
                    };
                };
            };
        }): Promise<SessionModel>;
        update(args: {
            data: Partial<SessionModel>;
            where: {
                handle: SessionModel["handle"];
            };
        }): Promise<SessionModel>;
        delete(args: {
            where: {
                handle?: SessionModel["handle"];
            };
        }): Promise<SessionModel>;
    };
}
declare const PrismaStorage: <Client extends PrismaClientWithSession>(db: Client) => SessionConfigMethods;
interface AuthPluginOptions extends Partial<SessionConfigOptions>, IsAuthorized {
    storage: SessionConfigMethods;
}
declare const AuthServerPlugin: (options: AuthPluginOptions) => blitz.BlitzServerPlugin<{
    getBlitzContext: typeof getBlitzContext;
    useAuthenticatedBlitzContext: typeof useAuthenticatedBlitzContext;
    withBlitzAuth: <T extends {
        [method: string]: (request: Request, context: any, ctx: Ctx) => Promise<Response> | Response;
    }>(handlers: T) => T;
}, RequestMiddleware<IncomingMessage, ServerResponse<IncomingMessage> & {
    blitzCtx: Ctx;
}, void | Promise<void>>, Ctx>;

declare global {
    var sessionConfig: AuthPluginOptions & SessionConfigMethods;
    var __BLITZ_SESSION_COOKIE_PREFIX: string | undefined;
    var __BLITZ_GET_RSC_CONTEXT: () => Promise<Ctx>;
}

export { AuthenticatedClientSession as A, BlitzCtx as B, ClientSession as C, EmptyPublicData as E, IsAuthorizedArgs as I, PublicData as P, Session as S, SessionModel as a, SessionConfigMethods as b, SessionContextBase as c, SessionContext as d, AuthenticatedSessionContext as e, SessionContextClass as f, getAllSessionHandlesForUser as g, getCookieParser as h, getSession as i, isLocalhost as j, simpleRolesIsAuthorized as k, AnonymousSessionPayload as l, SimpleRolesIsAuthorized as m, PrismaStorage as n, AuthPluginOptions as o, AuthServerPlugin as p, setPublicDataForUser as s };