/**
 * @fileoverview Base UserController for BrightDB-backed applications.
 *
 * Provides core user authentication routes: register, login, verify,
 * request-direct-login, profile, settings, logout, change-password,
 * recover, and refresh-token.
 *
 * Domain-specific extensions (e.g. BrightHub profile creation, backup codes,
 * direct-challenge verification, energy account in profile) are added by
 * subclasses in consuming libraries like brightchain-api-lib.
 *
 * @module controllers/user
 */
import { CoreLanguageCode } from '@digitaldefiance/i18n-lib';
import { PlatformID } from '@digitaldefiance/node-ecies-lib';
import { ApiErrorResponse, DecoratorBaseController, IApiChallengeResponse, IApiMessageResponse, IStatusCodeResponse } from '@digitaldefiance/node-express-suite';
import type { NextFunction, Request, Response } from 'express';
import type { IBrightDbApplication } from '../interfaces/bright-db-application';
import { IApiLoginResponse, IApiRequestUserResponse, IApiTotpSetupResponse, IApiUserSettingsResponse } from '../interfaces/responses';
export declare class BrightDbUserController<TID extends PlatformID = Buffer> extends DecoratorBaseController<CoreLanguageCode, TID, IBrightDbApplication<TID>> {
    constructor(application: IBrightDbApplication<TID>);
    register(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    /**
     * Hook called after successful registration.
     * Override in subclasses to create social profiles, etc.
     */
    protected onPostRegister(_memberId: string, _username: string, _displayName?: string): Promise<void>;
    /**
     * POST /verify-email — Verify a user's email address using a token
     * sent during registration.
     */
    verifyEmail(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    /**
     * POST /resend-verification — Resend the email verification link.
     * Requires the user's email address in the request body.
     */
    resendVerification(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    login(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    getProfile(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    updateProfile(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    changePassword(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    recover(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    logout(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse | ApiErrorResponse>>;
    requestDirectLogin(_req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiChallengeResponse | ApiErrorResponse>>;
    directChallenge(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>>;
    /**
     * GET /verify — returns the authenticated user's DTO.
     * The auth middleware already populates req.user with a full IRequestUserDTO
     * via buildRequestUserDTO, so we just return it.
     */
    verify(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>>;
    /**
     * GET /settings — returns the authenticated user's settings.
     */
    getSettings(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiUserSettingsResponse | ApiErrorResponse>>;
    /**
     * POST /settings — updates the authenticated user's settings.
     */
    updateSettings(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiRequestUserResponse | ApiErrorResponse>>;
    /**
     * GET /refresh-token — re-signs the JWT and returns a new token + user DTO.
     */
    refreshToken(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiLoginResponse | ApiErrorResponse>>;
    /**
     * POST /totp/setup — generate a pending TOTP secret and return provisioning URI.
     * Requires full JWT auth. Returns 409 if TOTP is already enabled.
     */
    totpSetup(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiTotpSetupResponse | IApiMessageResponse>>;
    /**
     * POST /totp/confirm — verify a 6-digit code against the pending secret and activate TOTP.
     * Requires full JWT auth.
     */
    totpConfirm(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse>>;
    /**
     * POST /totp/disable — verify code and disable TOTP.
     * Requires full JWT auth. Returns 409 if TOTP is not active.
     */
    totpDisable(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiMessageResponse>>;
    /**
     * POST /totp/reset — verify current code, generate new pending secret for re-setup.
     * Requires full JWT auth. Returns 409 if TOTP is not active.
     */
    totpReset(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiTotpSetupResponse | IApiMessageResponse>>;
    /**
     * POST /totp/verify — verify a TOTP code using a pending token and issue a full JWT.
     * Does NOT require standard auth middleware — validates the pending token manually.
     */
    totpVerify(req: Request, _res: Response, _next: NextFunction): Promise<IStatusCodeResponse<IApiLoginResponse | IApiMessageResponse>>;
}
//# sourceMappingURL=user.d.ts.map