import { Request, RequestHandler } from 'express'; import type { AuthPayload, LTAuthAdapter } from '../types'; export type { AuthPayload, LTAuthAdapter }; declare global { namespace Express { interface Request { auth?: AuthPayload; } } } /** * Reference JWT auth adapter using `jsonwebtoken`. * * Reads a Bearer token from the Authorization header and verifies it * with the configured secret. Returns the decoded payload or null. */ export declare class JwtAuthAdapter implements LTAuthAdapter { private explicitSecret; constructor(secret?: string); authenticate(req: Request): AuthPayload | null | Promise; private authenticateBotApiKey; } /** * Create Express middleware from any auth adapter. * * The adapter handles token extraction and verification. * This middleware handles the HTTP response (401) and ensures * the payload contains a `userId` claim before setting `req.auth`. * * Usage: * ```typescript * import { createAuthMiddleware, JwtAuthAdapter } from '@hotmeshio/long-tail'; * * // Use the reference JWT adapter * app.use(createAuthMiddleware(new JwtAuthAdapter('my-secret'))); * * // Or plug in your own adapter * app.use(createAuthMiddleware(myClerkAdapter)); * ``` */ export declare function createAuthMiddleware(adapter: LTAuthAdapter): RequestHandler; export declare const requireAuth: RequestHandler; /** * Replace the auth adapter used by `requireAuth`. * Call before starting the server. */ export declare function setAuthAdapter(adapter: LTAuthAdapter): void; /** * Middleware that requires admin access. Must be placed AFTER requireAuth. * * Checks isSuperAdmin() via the database first, then falls back to the * JWT `role` claim for stateless admin checks. Returns 403 otherwise. */ export declare const requireAdmin: RequestHandler; /** * Middleware that requires builder access. Must be placed AFTER requireAuth. * * Builders are superadmin or users with the 'engineer' role. * This is the backend equivalent of the dashboard's `isBuilder` check. */ export declare const requireBuilder: RequestHandler; /** * Generate a JWT token. Utility for tests and token provisioning. */ export declare function signToken(payload: AuthPayload, expiresIn?: string): string;