import { Elysia } from 'elysia';
import type { AnySchema, UnwrapSchema } from 'elysia/types';
import { type CryptoKey, type JWK, type KeyObject, type JoseHeaderParameters, type JWTVerifyOptions } from 'jose';
type Prettify<T> = {
    [K in keyof T]: T[K];
} & {};
type NormalizedClaim = 'nbf' | 'exp' | 'iat';
type AllowClaimValue = string | number | boolean | null | undefined | AllowClaimValue[] | {
    [key: string]: AllowClaimValue;
};
type ClaimType = Record<string, AllowClaimValue>;
type UnwrapSchemaWithFallback<Schema extends AnySchema | undefined, Fallback = unknown> = Schema extends AnySchema ? UnwrapSchema<NonNullable<Schema>> : Fallback;
/**
 * This interface is a specific, strongly-typed representation of the
 * standard claims found in a JWT payload.
 *
 * It is re-declared here to override potentially generic definitions from
 * third-party libraries, ensuring the compiler knows every expected field.
 *
 * This interface can be modified as needed within the plugin to easily
 * accommodate custom claims for specific use cases.
 */
export interface JWTPayloadSpec {
    /**
     * JWT Issuer
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 RFC7519#section-4.1.1}
     */
    iss?: string;
    /**
     * JWT Subject
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2 RFC7519#section-4.1.2}
     */
    sub?: string;
    /**
     * JWT Audience
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3 RFC7519#section-4.1.3}
     */
    aud?: string | string[];
    /**
     * JWT ID
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7 RFC7519#section-4.1.7}
     */
    jti?: string;
    /**
     * JWT Not Before
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
     */
    nbf?: number;
    /**
     * JWT Expiration Time
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
     */
    exp?: number;
    /**
     * JWT Issued At
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
     */
    iat?: number;
}
/**
 * This interface defines the shape of JWT payload fields that can be
 * provided as input when creating or signing a token.
 *
 * Unlike `JWTPayloadSpec`, values here may be expressed in more flexible forms,
 * such as relative time strings or control flags (e.g., `iat: true`).
 *
 * This interface is parsed and normalized by the plugin before becoming part
 * of the final JWT payload.
 */
export interface JWTPayloadInput extends Omit<JWTPayloadSpec, NormalizedClaim> {
    /**
     * JWT Not Before
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5 RFC7519#section-4.1.5}
     */
    nbf?: string | number;
    /**
     * JWT Expiration Time
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4 RFC7519#section-4.1.4}
     */
    exp?: string | number;
    /**
     * JWT Issued At
     *
     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 RFC7519#section-4.1.6}
     */
    iat?: boolean;
}
/**
 * Defines the types for the header parameters of a JWS.
 *
 * Much like `JWTPayloadSpec`, this interface is declared to provide strong,
 * explicit typing, allowing TypeScript to validate the header's structure
 * and provide accurate autocompletion.
 *
 * It can also be modified within the plugin to handle custom header
 * parameters required for specific development scenarios.
 */
export interface JWTHeaderParameters extends JoseHeaderParameters {
    /**
     * JWS "alg" (Algorithm) Header Parameter
     *
     * @see {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}
     */
    alg?: string;
    /**
     * This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing
     * Input computation as per {@link https://www.rfc-editor.org/rfc/rfc7797 RFC7797}.
     */
    b64?: true;
    /** JWS "crit" (Critical) Header Parameter */
    crit?: string[];
}
export interface JWTOption<Name extends string | undefined = 'jwt', Schema extends AnySchema | undefined = undefined> extends JWTHeaderParameters, JWTPayloadInput {
    /**
     * Name to decorate method as
     *
     * ---
     * @example
     * For example, `jwt` will decorate Context with `Context.jwt`
     *
     * ```typescript
     * app
     *     .decorate({
     *         name: 'myJWTNamespace',
     *         secret: process.env.JWT_SECRETS
     *     })
     *     .get('/sign/:name', ({ myJWTNamespace, params }) => {
     *         return myJWTNamespace.sign(params)
     *     })
     * ```
     */
    name?: Name;
    /**
     * JWT Secret
     */
    secret: string | Uint8Array | CryptoKey | JWK | KeyObject;
    /**
     * Type strict validation for JWT payload
     */
    schema?: Schema;
}
export declare const jwt: <const Name extends string = "jwt", const Schema extends AnySchema | undefined = undefined>({ name, secret, schema, ...defaultValues }: JWTOption<Name, Schema>) => Elysia<"", {
    decorator: { [name in Name extends string ? Name : "jwt"]: {
        sign(signValue: Prettify<Omit<UnwrapSchemaWithFallback<Schema, ClaimType>, NormalizedClaim> & JWTPayloadInput>): Promise<string>;
        verify(jwt?: string, options?: JWTVerifyOptions): Promise<(UnwrapSchemaWithFallback<Schema, ClaimType> & Omit<JWTPayloadSpec, keyof UnwrapSchema<Schema, {}>>) | false>;
    }; };
    store: {};
    derive: {};
    resolve: {};
}, {
    typebox: {};
    error: {};
}, {
    schema: {};
    standaloneSchema: {};
    macro: {};
    macroFn: {};
    parser: {};
    response: {};
}, {}, {
    derive: {};
    resolve: {};
    schema: {};
    standaloneSchema: {};
    response: {};
}, {
    derive: {};
    resolve: {};
    schema: {};
    standaloneSchema: {};
    response: {};
}>;
export default jwt;