import * as _oak_oak from '@oak/oak'; import { Context, Next, Middleware, State } from '@oak/oak'; import { ZodType, z } from 'zod'; import { TokenPayload } from 'google-auth-library'; type GenericOakMiddlewareErrorHandler = ({ error, ctx, next, }: { error: Error; ctx: Context; next: Next; }) => void; declare function withZodValidation(schema: T): Middleware; declare function withErrorHandler(): Middleware; declare function withResponseSchema(): Middleware; type GoogleIdTokenPayloadType = TokenPayload & { email: string; }; /** * Verifies a Google ID token and returns the email address if the token is valid and the email is authorized. * @param googleClientId - The client ID of the Google application. * @param idToken - The ID token to verify. * @returns The email address if the token is valid and the email is authorized, or null if not. */ declare function decodeGoogleIdToken(googleClientId: string, idToken: string): Promise; declare class GoogleMiddlewareAuthError extends Error { readonly code: string; readonly idToken: string; constructor(message: string, code: string, idToken: string); toJson(): { name: string; message: string; code: string; idToken: string; }; } declare class MissingAuthorizationTokenError extends GoogleMiddlewareAuthError { constructor(); } declare class EmailNotPresentError extends GoogleMiddlewareAuthError { readonly idTokenPayload: GoogleIdTokenPayloadType; constructor(idToken: string, idTokenPayload: GoogleIdTokenPayloadType); toJson(): { idTokenPayload: GoogleIdTokenPayloadType; name: string; message: string; code: string; idToken: string; }; } declare class DomainNotAuthorizedError extends GoogleMiddlewareAuthError { readonly idTokenPayload: GoogleIdTokenPayloadType; readonly allowedDomains: readonly string[]; constructor(idToken: string, idTokenPayload: GoogleIdTokenPayloadType, allowedDomains: readonly string[]); toJson(): { domain: string | undefined; idTokenPayload: GoogleIdTokenPayloadType; name: string; message: string; code: string; idToken: string; }; } declare class EmailNotAuthorizedError extends GoogleMiddlewareAuthError { readonly idTokenPayload: GoogleIdTokenPayloadType; readonly allowedEmails: string[]; constructor(idToken: string, idTokenPayload: GoogleIdTokenPayloadType, allowedEmails: string[]); toJson(): { email: string; idTokenPayload: GoogleIdTokenPayloadType; name: string; message: string; code: string; idToken: string; }; } interface BuildGoogleAuthMiddlewareOptions { /** * The allowed domains to authenticate. * If not provided, the email must end with '@karpatkey.com' by default. */ allowedDomains?: string[]; /** * The allowed emails to authenticate. * If not provided, the email must end with '@karpatkey.com' by default. */ allowedEmails?: string[]; /** * The Google client ID to use for authentication. */ googleClientId: string; /** * The error handler to use for the middleware. You must provide this function. */ errorHandler: GenericOakMiddlewareErrorHandler; /** * The function to use to decode the Google ID token. * If not provided, the default function will be used. */ decodeGoogleIdToken?: typeof decodeGoogleIdToken; } type AuthState = { /** * @deprecated Use googleUser instead. */ user: GoogleIdTokenPayloadType; /** * The Google ID token payload. */ googleUser: GoogleIdTokenPayloadType; }; /** * Returns an Oak middleware function that verifies the Google ID token. * You can configure it to only allow certain emails via the `allowedEmails` option. * * If `allowedEmails` is provided, the authenticated email must exactly match one of the strings. * Otherwise, the email must end with '@karpatkey.com' by default. * * When `requireGoogleAuth` is disabled, the middleware will simply call next(). */ declare function buildGoogleAuthMiddleware(options: BuildGoogleAuthMiddlewareOptions): Middleware>>; declare const apiErrorResponseBodyZodSchema: z.ZodObject<{ meta: z.ZodObject<{ status: z.ZodNumber; }, "strip", z.ZodTypeAny, { status: number; }, { status: number; }>; errors: z.ZodArray; field: z.ZodOptional; path: z.ZodOptional; }, "strip", z.ZodTypeAny, { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }, { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }>, "many">>; }, "strip", z.ZodTypeAny, { message: string; code: string; details?: { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }[] | undefined; }, { message: string; code: string; details?: { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }[] | undefined; }>, "many">; }, "strip", z.ZodTypeAny, { meta: { status: number; }; errors: { message: string; code: string; details?: { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }[] | undefined; }[]; }, { meta: { status: number; }; errors: { message: string; code: string; details?: { message: string; code?: string | undefined; field?: string | undefined; path?: string | undefined; }[] | undefined; }[]; }>; /** * Standard response schema * @description A standard response schema for all API responses * @example * { * "data": { ... }, * "meta": { ... } * } */ declare const apiSuccessResponseBodyZodSchema: z.ZodObject<{ data: z.ZodUnknown; meta: z.ZodObject<{ status: z.ZodNumber; cache: z.ZodOptional; ttl: z.ZodOptional; expireAt: z.ZodOptional; }, "strip", z.ZodTypeAny, { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; }, { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; }>>; }, "strip", z.ZodTypeAny, { status: number; cache?: { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; } | undefined; }, { status: number; cache?: { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; } | undefined; }>; }, "strip", z.ZodTypeAny, { meta: { status: number; cache?: { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; } | undefined; }; data?: unknown; }, { meta: { status: number; cache?: { hit: boolean; source?: string | undefined; ttl?: number | undefined; expireAt?: number | undefined; } | undefined; }; data?: unknown; }>; type ApiErrorResponseBodyZodSchemaType = z.infer; type ApiSuccessResponseBodyZodSchemaType = Exclude, 'data'> & { data: DataType; }; /** * Returns a successful response to the client * @param ctx Oak context * @param body Success response body */ declare function returnOakSuccessResponse(ctx: Context, body: ApiSuccessResponseBodyZodSchemaType): void; /** * Set error response on context * @param ctx Oak context * @param errors Array of error objects */ declare function returnOakErrorResponse(ctx: Context, body: ApiErrorResponseBodyZodSchemaType): void; declare class NotFoundError extends Error { statusCode: number; constructor(message: string); } declare class BadRequestError extends Error { statusCode: number; constructor(message: string); } declare class ForbiddenError extends Error { statusCode: number; constructor(message: string); } declare class InternalServerError extends Error { statusCode: number; constructor(message: string); } export { BadRequestError, BuildGoogleAuthMiddlewareOptions, DomainNotAuthorizedError, EmailNotAuthorizedError, EmailNotPresentError, ForbiddenError, GenericOakMiddlewareErrorHandler, GoogleMiddlewareAuthError, InternalServerError, MissingAuthorizationTokenError, NotFoundError, buildGoogleAuthMiddleware, returnOakErrorResponse, returnOakSuccessResponse, withErrorHandler, withResponseSchema, withZodValidation };