import jsonwebtoken, { type JwtPayload, type Jwt, type VerifyOptions } from 'jsonwebtoken';
import { type MiddlewareOptions, type MiddlewareInputContext } from '@colyseus/better-call';
import type { Request, Response, NextFunction } from 'express';
export type { VerifyOptions, Jwt, JwtPayload };
/**
 * Type for the JWT auth middleware that works with both Express and better-call
 * Note: The better-call signature must be last for ReturnType to infer correctly
 */
export type JWTAuthMiddleware<T = JwtPayload> = ((req: Request, res: Response, next: NextFunction) => void) & {
    options: MiddlewareOptions;
} & ((ctx: MiddlewareInputContext<MiddlewareOptions>) => Promise<{
    auth: T;
}>);
export declare const JWT: {
    settings: {
        /**
         * The secret used to sign and verify the JWTs.
         */
        secret: jsonwebtoken.Secret;
        verify: VerifyOptions;
    };
    sign: (payload: any, options?: jsonwebtoken.SignOptions) => Promise<string>;
    verify: <T = string | jsonwebtoken.JwtPayload | jsonwebtoken.Jwt>(token: string, options?: VerifyOptions) => Promise<T>;
    /**
     * Returns the decoded payload without verifying if the signature is valid
     */
    decode: typeof jsonwebtoken.decode;
    /**
     * Middleware that verifies JsonWebTokens.
     * Works with both Express and better-call.
     *
     * Example (express):
     *   app.get("/protected_route", auth.middleware(), (req, res) => { ... });
     *
     * Example (better-call):
     *   const protectedRoute = createEndpoint("/protected-route", {
     *     method: "GET",
     *     use: [auth.middleware()],
     *   }, async (ctx) => {
     *     // ctx.context.auth contains the decoded JWT payload
     *   });
     */
    middleware: <T = jsonwebtoken.JwtPayload>(options?: VerifyOptions) => JWTAuthMiddleware<T>;
};