import { z } from 'zod'; /** * Pagination parameters shared across list endpoints */ export declare const paginationSchema: z.ZodObject<{ limit: z.ZodOptional; offset: z.ZodOptional; }, "strip", z.ZodTypeAny, { limit?: string | undefined; offset?: string | undefined; }, { limit?: string | undefined; offset?: string | undefined; }>; /** * POST /api/auth/users - Create user * redirectTo is used only for link-based email verification and must be allowlisted. */ export declare const createUserRequestSchema: z.ZodObject<{ email: z.ZodString; password: z.ZodString; name: z.ZodOptional; redirectTo: z.ZodOptional; autoConfirm: z.ZodOptional; }, "strip", z.ZodTypeAny, { email: string; password: string; name?: string | undefined; redirectTo?: string | undefined; autoConfirm?: boolean | undefined; }, { email: string; password: string; name?: string | undefined; redirectTo?: string | undefined; autoConfirm?: boolean | undefined; }>; /** * POST /api/auth/sessions - Create session */ export declare const createSessionRequestSchema: z.ZodObject<{ email: z.ZodString; password: z.ZodString; }, "strip", z.ZodTypeAny, { email: string; password: string; }, { email: string; password: string; }>; /** * POST /api/auth/admin/sessions - Create admin session */ export declare const createAdminSessionRequestSchema: z.ZodObject<{ email: z.ZodString; password: z.ZodString; }, "strip", z.ZodTypeAny, { email: string; password: string; }, { email: string; password: string; }>; /** * POST /api/auth/refresh - Refresh user session * POST /api/auth/admin/refresh - Refresh dashboard admin session * Non-web clients send refreshToken in the request body */ export declare const refreshSessionRequestSchema: z.ZodObject<{ refreshToken: z.ZodString; }, "strip", z.ZodTypeAny, { refreshToken: string; }, { refreshToken: string; }>; export declare const exchangeAdminSessionRequestSchema: z.ZodObject<{ code: z.ZodString; }, "strip", z.ZodTypeAny, { code: string; }, { code: string; }>; /** * GET /api/auth/users - List users (query parameters) */ export declare const listUsersRequestSchema: z.ZodOptional; offset: z.ZodOptional; } & { search: z.ZodOptional; }, "strip", z.ZodTypeAny, { limit?: string | undefined; offset?: string | undefined; search?: string | undefined; }, { limit?: string | undefined; offset?: string | undefined; search?: string | undefined; }>>; /** * DELETE /api/auth/users - Delete users (batch) */ export declare const deleteUsersRequestSchema: z.ZodObject<{ userIds: z.ZodArray; }, "strip", z.ZodTypeAny, { userIds: string[]; }, { userIds: string[]; }>; /** * PATCH /api/auth/profiles/current - Update current user's profile */ export declare const updateProfileRequestSchema: z.ZodObject<{ profile: z.ZodRecord; }, "strip", z.ZodTypeAny, { profile: Record; }, { profile: Record; }>; /** * POST /api/auth/email/send-verification - Send verification email (code or link based on config) * redirectTo is used only for link-based email verification and must be allowlisted. */ export declare const sendVerificationEmailRequestSchema: z.ZodObject<{ email: z.ZodString; redirectTo: z.ZodOptional; }, "strip", z.ZodTypeAny, { email: string; redirectTo?: string | undefined; }, { email: string; redirectTo?: string | undefined; }>; /** * POST /api/auth/email/verify - Verify email with a 6-digit code * Link verification uses GET /api/auth/email/verify-link instead. * The link flow redirects with insforge_status / insforge_type query params and does not create a frontend session. */ export declare const verifyEmailRequestSchema: z.ZodObject<{ email: z.ZodString; otp: z.ZodString; }, "strip", z.ZodTypeAny, { email: string; otp: string; }, { email: string; otp: string; }>; /** * POST /api/auth/email/send-reset-password - Send reset password email (code or link based on config) * redirectTo is used only for link-based password reset and must be allowlisted. */ export declare const sendResetPasswordEmailRequestSchema: z.ZodObject<{ email: z.ZodString; redirectTo: z.ZodOptional; }, "strip", z.ZodTypeAny, { email: string; redirectTo?: string | undefined; }, { email: string; redirectTo?: string | undefined; }>; /** * POST /api/auth/email/exchange-reset-password-token - Exchange reset password code for reset token * Used in two-step password reset flow (code method only): exchange code for token, then reset password with token */ export declare const exchangeResetPasswordTokenRequestSchema: z.ZodObject<{ email: z.ZodString; code: z.ZodString; }, "strip", z.ZodTypeAny, { code: string; email: string; }, { code: string; email: string; }>; /** * POST /api/auth/email/reset-password - Reset password with token * Token can be: * - Magic link token (from send-reset-password endpoint when method is 'link') * - Reset token (from exchange-reset-password-token endpoint after code verification) * Both use RESET_PASSWORD purpose and are verified the same way * The link flow redirects with token / insforge_status / insforge_type query params. */ export declare const resetPasswordRequestSchema: z.ZodObject<{ newPassword: z.ZodString; otp: z.ZodString; }, "strip", z.ZodTypeAny, { otp: string; newPassword: string; }, { otp: string; newPassword: string; }>; /** * Response for POST /api/auth/users * For mobile/desktop clients: refreshToken is returned in body instead of cookie */ export declare const createUserResponseSchema: z.ZodObject<{ user: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>>; accessToken: z.ZodNullable; requireEmailVerification: z.ZodOptional; csrfToken: z.ZodOptional>; refreshToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { accessToken: string | null; user?: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; } | undefined; requireEmailVerification?: boolean | undefined; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }, { accessToken: string | null; user?: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; } | undefined; requireEmailVerification?: boolean | undefined; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }>; /** * Response for POST /api/auth/sessions * For mobile/desktop clients: refreshToken is returned in body instead of cookie */ export declare const createSessionResponseSchema: z.ZodObject<{ user: z.ZodObject<{ id: z.ZodString; email: z.ZodString; emailVerified: z.ZodBoolean; providers: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>; accessToken: z.ZodString; csrfToken: z.ZodOptional>; refreshToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }>; /** * Response for POST /api/auth/email/verify * For mobile/desktop clients: refreshToken is returned in body instead of cookie */ export declare const verifyEmailResponseSchema: z.ZodObject<{ user: z.ZodObject<{ id: z.ZodString; email: z.ZodString; emailVerified: z.ZodBoolean; providers: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>; accessToken: z.ZodString; csrfToken: z.ZodOptional>; refreshToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }>; /** * Response for POST /api/auth/refresh * Returns new access token after token refresh * For web clients: csrfToken is returned (refresh token is in cookie) * For mobile/desktop clients: refreshToken is returned in body */ export declare const refreshSessionResponseSchema: z.ZodObject<{ accessToken: z.ZodString; user: z.ZodObject<{ id: z.ZodString; email: z.ZodString; emailVerified: z.ZodBoolean; providers: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>; csrfToken: z.ZodOptional; refreshToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | undefined; }, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | undefined; }>; /** * Response for POST /api/auth/email/exchange-reset-password-token * Returns reset token that can be used to reset password */ export declare const exchangeResetPasswordTokenResponseSchema: z.ZodObject<{ token: z.ZodString; expiresAt: z.ZodString; }, "strip", z.ZodTypeAny, { token: string; expiresAt: string; }, { token: string; expiresAt: string; }>; /** * Response for POST /api/auth/email/reset-password * Includes success message */ export declare const resetPasswordResponseSchema: z.ZodObject<{ message: z.ZodString; }, "strip", z.ZodTypeAny, { message: string; }, { message: string; }>; /** * Response for POST /api/auth/admin/sessions */ export declare const createAdminSessionResponseSchema: z.ZodObject<{ user: z.ZodObject<{ id: z.ZodString; email: z.ZodString; emailVerified: z.ZodBoolean; providers: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>; accessToken: z.ZodString; csrfToken: z.ZodOptional>; refreshToken: z.ZodOptional; }, "strip", z.ZodTypeAny, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; accessToken: string; refreshToken?: string | undefined; csrfToken?: string | null | undefined; }>; /** * Response for GET /api/auth/sessions/current */ export declare const getCurrentSessionResponseSchema: z.ZodObject<{ user: z.ZodObject<{ id: z.ZodString; email: z.ZodString; emailVerified: z.ZodBoolean; providers: z.ZodOptional>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>; }, "strip", z.ZodTypeAny, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; }, { user: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }; }>; /** * Response for GET /api/auth/profiles/:userId - Get user profile */ export declare const getProfileResponseSchema: z.ZodObject<{ id: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; }, "strip", z.ZodTypeAny, { id: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; }, { id: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; }>; /** * Response for GET /api/auth/users */ export declare const listUsersResponseSchema: z.ZodObject<{ data: z.ZodArray>; createdAt: z.ZodString; updatedAt: z.ZodString; profile: z.ZodNullable; avatar_url: z.ZodOptional; }, "passthrough", z.ZodTypeAny, z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">, z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough">>>; metadata: z.ZodNullable>; }, "strip", z.ZodTypeAny, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }, { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }>, "many">; pagination: z.ZodObject<{ offset: z.ZodNumber; limit: z.ZodNumber; total: z.ZodNumber; }, "strip", z.ZodTypeAny, { limit: number; offset: number; total: number; }, { limit: number; offset: number; total: number; }>; }, "strip", z.ZodTypeAny, { data: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectOutputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }[]; pagination: { limit: number; offset: number; total: number; }; }, { data: { id: string; metadata: Record | null; email: string; emailVerified: boolean; createdAt: string; updatedAt: string; profile: z.objectInputType<{ name: z.ZodOptional; avatar_url: z.ZodOptional; }, z.ZodTypeAny, "passthrough"> | null; providers?: string[] | undefined; }[]; pagination: { limit: number; offset: number; total: number; }; }>; /** * Response for DELETE /api/auth/users */ export declare const deleteUsersResponseSchema: z.ZodObject<{ message: z.ZodString; deletedCount: z.ZodNumber; }, "strip", z.ZodTypeAny, { message: string; deletedCount: number; }, { message: string; deletedCount: number; }>; /** * Response for GET /api/auth/v1/google-auth and GET /api/auth/v1/github-auth */ export declare const getOauthUrlResponseSchema: z.ZodObject<{ authUrl: z.ZodString; }, "strip", z.ZodTypeAny, { authUrl: string; }, { authUrl: string; }>; /** * POST /api/auth/oauth/configs - Create OAuth configuration */ export declare const createOAuthConfigRequestSchema: z.ZodObject; clientId: z.ZodOptional; scopes: z.ZodOptional>; redirectUri: z.ZodOptional; useSharedKey: z.ZodBoolean; createdAt: z.ZodString; updatedAt: z.ZodString; }, "id" | "createdAt" | "updatedAt"> & { clientSecret: z.ZodOptional; }, "strip", z.ZodTypeAny, { provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; clientSecret?: string | undefined; }, { provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; clientSecret?: string | undefined; }>; /** * PUT /api/auth/oauth/configs/:provider - Update OAuth configuration */ export declare const updateOAuthConfigRequestSchema: z.ZodObject<{ redirectUri: z.ZodOptional>; clientId: z.ZodOptional>; scopes: z.ZodOptional>>; useSharedKey: z.ZodOptional; clientSecret: z.ZodOptional>; }, "strip", z.ZodTypeAny, { redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; useSharedKey?: boolean | undefined; clientSecret?: string | undefined; }, { redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; useSharedKey?: boolean | undefined; clientSecret?: string | undefined; }>; /** * GET /api/auth/oauth/:provider - Initialize OAuth flow * Query params for PKCE flow as per RFC 7636 * Note: code_challenge uses snake_case as per OAuth 2.0 PKCE specification */ export declare const oAuthInitRequestSchema: z.ZodObject<{ redirect_uri: z.ZodOptional; code_challenge: z.ZodString; }, "strip", z.ZodTypeAny, { code_challenge: string; redirect_uri?: string | undefined; }, { code_challenge: string; redirect_uri?: string | undefined; }>; /** * POST /api/auth/oauth/exchange - Exchange OAuth code for tokens * Note: code_verifier uses snake_case as per OAuth 2.0 PKCE specification (RFC 7636) */ export declare const oAuthCodeExchangeRequestSchema: z.ZodObject<{ code: z.ZodString; code_verifier: z.ZodString; }, "strip", z.ZodTypeAny, { code: string; code_verifier: string; }, { code: string; code_verifier: string; }>; /** * Response for GET /api/auth/oauth/configs */ export declare const listOAuthConfigsResponseSchema: z.ZodObject<{ data: z.ZodArray; clientId: z.ZodOptional; scopes: z.ZodOptional>; redirectUri: z.ZodOptional; useSharedKey: z.ZodBoolean; createdAt: z.ZodString; updatedAt: z.ZodString; }, "strip", z.ZodTypeAny, { id: string; provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; createdAt: string; updatedAt: string; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; }, { id: string; provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; createdAt: string; updatedAt: string; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; }>, "many">; count: z.ZodNumber; }, "strip", z.ZodTypeAny, { data: { id: string; provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; createdAt: string; updatedAt: string; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; }[]; count: number; }, { data: { id: string; provider: "google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft"; createdAt: string; updatedAt: string; useSharedKey: boolean; redirectUri?: string | undefined; clientId?: string | undefined; scopes?: string[] | undefined; }[]; count: number; }>; /** * PUT /api/auth/config - Update authentication configuration */ export declare const updateAuthConfigRequestSchema: z.ZodObject<{ requireEmailVerification: z.ZodOptional; passwordMinLength: z.ZodOptional; requireNumber: z.ZodOptional; requireLowercase: z.ZodOptional; requireUppercase: z.ZodOptional; requireSpecialChar: z.ZodOptional; verifyEmailMethod: z.ZodOptional>; resetPasswordMethod: z.ZodOptional>; allowedRedirectUrls: z.ZodOptional>>>; disableSignup: z.ZodOptional; }, "strip", z.ZodTypeAny, { requireEmailVerification?: boolean | undefined; passwordMinLength?: number | undefined; requireNumber?: boolean | undefined; requireLowercase?: boolean | undefined; requireUppercase?: boolean | undefined; requireSpecialChar?: boolean | undefined; verifyEmailMethod?: "code" | "link" | undefined; resetPasswordMethod?: "code" | "link" | undefined; allowedRedirectUrls?: string[] | null | undefined; disableSignup?: boolean | undefined; }, { requireEmailVerification?: boolean | undefined; passwordMinLength?: number | undefined; requireNumber?: boolean | undefined; requireLowercase?: boolean | undefined; requireUppercase?: boolean | undefined; requireSpecialChar?: boolean | undefined; verifyEmailMethod?: "code" | "link" | undefined; resetPasswordMethod?: "code" | "link" | undefined; allowedRedirectUrls?: string[] | null | undefined; disableSignup?: boolean | undefined; }>; /** * Response for GET /api/auth/config */ export declare const getAuthConfigResponseSchema: z.ZodObject<{ id: z.ZodString; requireEmailVerification: z.ZodBoolean; passwordMinLength: z.ZodNumber; requireNumber: z.ZodBoolean; requireLowercase: z.ZodBoolean; requireUppercase: z.ZodBoolean; requireSpecialChar: z.ZodBoolean; verifyEmailMethod: z.ZodEnum<["code", "link"]>; resetPasswordMethod: z.ZodEnum<["code", "link"]>; allowedRedirectUrls: z.ZodNullable>>; disableSignup: z.ZodBoolean; createdAt: z.ZodString; updatedAt: z.ZodString; }, "strip", z.ZodTypeAny, { id: string; createdAt: string; updatedAt: string; requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; allowedRedirectUrls?: string[] | null | undefined; }, { id: string; createdAt: string; updatedAt: string; requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; allowedRedirectUrls?: string[] | null | undefined; }>; /** * Admin auth response — the full shape including admin-only fields. This is * the canonical source; the public response is derived from this by omitting * sensitive fields below. Re-exported as `authMetadataSchema` from * metadata.schema.ts for the admin-gated /api/metadata route. * * CONVENTION: new admin-only fields land in `authConfigSchema` and appear * here automatically. To expose a field publicly, REMOVE it from the .omit() * call in `getPublicAuthConfigResponseSchema`. This way the safer default * (admin-only) is what you get if you forget to think about it. */ /** * SMTP slice for the admin metadata response. Excludes id/createdAt/updatedAt * (rendering metadata, not the row); password is never exposed — hasPassword * is the only signal admins get about credential presence. */ export declare const adminSmtpMetadataSchema: z.ZodObject, "strip", z.ZodTypeAny, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }>; export declare const authConfigAdminResponseSchema: z.ZodObject<{ requireEmailVerification: z.ZodBoolean; passwordMinLength: z.ZodNumber; requireNumber: z.ZodBoolean; requireLowercase: z.ZodBoolean; requireUppercase: z.ZodBoolean; requireSpecialChar: z.ZodBoolean; verifyEmailMethod: z.ZodEnum<["code", "link"]>; resetPasswordMethod: z.ZodEnum<["code", "link"]>; allowedRedirectUrls: z.ZodNullable>>; disableSignup: z.ZodBoolean; oAuthProviders: z.ZodArray, "many">; customOAuthProviders: z.ZodArray; smtpConfig: z.ZodObject, "strip", z.ZodTypeAny, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }>; }, "strip", z.ZodTypeAny, { requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; oAuthProviders: ("google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft")[]; customOAuthProviders: string[]; smtpConfig: { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }; allowedRedirectUrls?: string[] | null | undefined; }, { requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; oAuthProviders: ("google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft")[]; customOAuthProviders: string[]; smtpConfig: { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }; allowedRedirectUrls?: string[] | null | undefined; }>; /** * Response for GET /api/auth/public-config — admin response minus * admin-only fields. This route is unauthenticated, so anything sensitive * MUST be omitted here. SMTP host can leak internal infrastructure * (e.g. internal corp mail server), so the entire smtpConfig slice is * admin-only. */ export declare const getPublicAuthConfigResponseSchema: z.ZodObject; resetPasswordMethod: z.ZodEnum<["code", "link"]>; allowedRedirectUrls: z.ZodNullable>>; disableSignup: z.ZodBoolean; oAuthProviders: z.ZodArray, "many">; customOAuthProviders: z.ZodArray; smtpConfig: z.ZodObject, "strip", z.ZodTypeAny, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }, { enabled: boolean; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }>; }, "allowedRedirectUrls" | "smtpConfig">, "strip", z.ZodTypeAny, { requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; oAuthProviders: ("google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft")[]; customOAuthProviders: string[]; }, { requireEmailVerification: boolean; passwordMinLength: number; requireNumber: boolean; requireLowercase: boolean; requireUppercase: boolean; requireSpecialChar: boolean; verifyEmailMethod: "code" | "link"; resetPasswordMethod: "code" | "link"; disableSignup: boolean; oAuthProviders: ("google" | "github" | "discord" | "linkedin" | "facebook" | "instagram" | "tiktok" | "apple" | "x" | "spotify" | "microsoft")[]; customOAuthProviders: string[]; }>; /** * PUT /api/auth/smtp-config - Upsert SMTP configuration */ export declare const upsertSmtpConfigRequestSchema: z.ZodEffects; port: z.ZodUnion<[z.ZodLiteral<25>, z.ZodLiteral<465>, z.ZodLiteral<587>, z.ZodLiteral<2525>]>; username: z.ZodDefault; password: z.ZodOptional; senderEmail: z.ZodDefault; senderName: z.ZodDefault; minIntervalSeconds: z.ZodDefault; }, "strip", z.ZodTypeAny, { enabled: boolean; host: string; port: 25 | 465 | 587 | 2525; username: string; senderEmail: string; senderName: string; minIntervalSeconds: number; password?: string | undefined; }, { enabled: boolean; port: 25 | 465 | 587 | 2525; host?: string | undefined; username?: string | undefined; senderEmail?: string | undefined; senderName?: string | undefined; minIntervalSeconds?: number | undefined; password?: string | undefined; }>, { enabled: boolean; host: string; port: 25 | 465 | 587 | 2525; username: string; senderEmail: string; senderName: string; minIntervalSeconds: number; password?: string | undefined; }, { enabled: boolean; port: 25 | 465 | 587 | 2525; host?: string | undefined; username?: string | undefined; senderEmail?: string | undefined; senderName?: string | undefined; minIntervalSeconds?: number | undefined; password?: string | undefined; }>; /** * Response for GET /api/auth/smtp-config */ export declare const getSmtpConfigResponseSchema: z.ZodObject<{ id: z.ZodString; enabled: z.ZodBoolean; host: z.ZodString; port: z.ZodNumber; username: z.ZodString; hasPassword: z.ZodBoolean; senderEmail: z.ZodString; senderName: z.ZodString; minIntervalSeconds: z.ZodNumber; createdAt: z.ZodString; updatedAt: z.ZodString; }, "strip", z.ZodTypeAny, { id: string; enabled: boolean; createdAt: string; updatedAt: string; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }, { id: string; enabled: boolean; createdAt: string; updatedAt: string; host: string; port: number; username: string; hasPassword: boolean; senderEmail: string; senderName: string; minIntervalSeconds: number; }>; /** * PUT /api/auth/email-templates/:type - Update email template */ export declare const updateEmailTemplateRequestSchema: z.ZodObject<{ subject: z.ZodString; bodyHtml: z.ZodString; }, "strip", z.ZodTypeAny, { subject: string; bodyHtml: string; }, { subject: string; bodyHtml: string; }>; /** * Response for GET /api/auth/email-templates */ export declare const listEmailTemplatesResponseSchema: z.ZodObject<{ data: z.ZodArray, "many">; }, "strip", z.ZodTypeAny, { data: { id: string; createdAt: string; updatedAt: string; templateType: string; subject: string; bodyHtml: string; }[]; }, { data: { id: string; createdAt: string; updatedAt: string; templateType: string; subject: string; bodyHtml: string; }[]; }>; /** * Standard error response format for auth endpoints */ export declare const authErrorResponseSchema: z.ZodObject<{ error: z.ZodString; message: z.ZodString; statusCode: z.ZodNumber; nextActions: z.ZodOptional; }, "strip", z.ZodTypeAny, { message: string; error: string; statusCode: number; nextActions?: string | undefined; }, { message: string; error: string; statusCode: number; nextActions?: string | undefined; }>; export type CreateUserRequest = z.infer; export type CreateSessionRequest = z.infer; export type CreateAdminSessionRequest = z.infer; export type RefreshSessionRequest = z.infer; export type ListUsersRequest = z.infer; export type DeleteUsersRequest = z.infer; export type UpdateProfileRequest = z.infer; export type CreateOAuthConfigRequest = z.infer; export type UpdateOAuthConfigRequest = z.infer; export type OAuthInitRequest = z.infer; export type OAuthCodeExchangeRequest = z.infer; export type UpdateAuthConfigRequest = z.infer; export type SendVerificationEmailRequest = z.infer; export type VerifyEmailRequest = z.infer; export type SendResetPasswordEmailRequest = z.infer; export type ExchangeResetPasswordTokenRequest = z.infer; export type ResetPasswordRequest = z.infer; export type CreateUserResponse = z.infer; export type CreateSessionResponse = z.infer; export type VerifyEmailResponse = z.infer; export type ExchangeResetPasswordTokenResponse = z.infer; export type RefreshSessionResponse = z.infer; export type ResetPasswordResponse = z.infer; export type CreateAdminSessionResponse = z.infer; export type GetCurrentSessionResponse = z.infer; export type GetProfileResponse = z.infer; export type ListUsersResponse = z.infer; export type DeleteUsersResponse = z.infer; export type GetOauthUrlResponse = z.infer; export type ListOAuthConfigsResponse = z.infer; export type GetAuthConfigResponse = z.infer; export type GetPublicAuthConfigResponse = z.infer; export type AuthErrorResponse = z.infer; export declare const createCustomOAuthConfigRequestSchema: z.ZodObject & { clientSecret: z.ZodString; }, "strip", z.ZodTypeAny, { name: string; key: string; clientId: string; discoveryEndpoint: string; clientSecret: string; }, { name: string; key: string; clientId: string; discoveryEndpoint: string; clientSecret: string; }>; export declare const updateCustomOAuthConfigRequestSchema: z.ZodObject<{ name: z.ZodOptional; clientId: z.ZodOptional; discoveryEndpoint: z.ZodOptional; clientSecret: z.ZodOptional>; }, "strip", z.ZodTypeAny, { name?: string | undefined; clientId?: string | undefined; discoveryEndpoint?: string | undefined; clientSecret?: string | undefined; }, { name?: string | undefined; clientId?: string | undefined; discoveryEndpoint?: string | undefined; clientSecret?: string | undefined; }>; export declare const listCustomOAuthConfigsResponseSchema: z.ZodObject<{ data: z.ZodArray, "many">; count: z.ZodNumber; }, "strip", z.ZodTypeAny, { data: { name: string; id: string; key: string; createdAt: string; updatedAt: string; clientId: string; discoveryEndpoint: string; }[]; count: number; }, { data: { name: string; id: string; key: string; createdAt: string; updatedAt: string; clientId: string; discoveryEndpoint: string; }[]; count: number; }>; export type CreateCustomOAuthConfigRequest = z.infer; export type UpdateCustomOAuthConfigRequest = z.infer; export type ListCustomOAuthConfigsResponse = z.infer; export type UpsertSmtpConfigRequest = z.infer; export type GetSmtpConfigResponse = z.infer; export type UpdateEmailTemplateRequest = z.infer; export type ListEmailTemplatesResponse = z.infer; //# sourceMappingURL=auth-api.schema.d.ts.map