import { MiddlewareHandler } from 'hono';

type HTTPMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS';
type CSRFIgnoreRule = string | {
    path: string;
    methods?: [HTTPMethod, ...HTTPMethod[]];
};
interface CSRFConfig {
    /**
     * Cookie name for CSRF token
     * @default 'XSRF-TOKEN'
     */
    cookieName?: string;
    /**
     * Header name for CSRF token
     * @default 'X-XSRF-TOKEN'
     */
    headerName?: string;
    /**
     * Ignore rules for specific paths and methods
     * @example
     * [
     *   { path: '/api/webhook/*', methods: ['POST'] },
     *   { path: '/auth/apple/callback' }, // ignores all methods
     * ]
     */
    ignores?: CSRFIgnoreRule[];
    /**
     * Skip CSRF check for these methods
     * @default ['GET', 'HEAD', 'OPTIONS']
     */
    safeMethods?: HTTPMethod[];
    /**
     * Origin allowed to bypass CSRF check
     * @default undefined
     */
    origin?: string[];
    /**
     * Sec-Fetch-Site allowed to bypass CSRF check
     * @default undefined
     */
    secFetchSite?: Array<'same-origin' | 'same-site' | 'none' | 'cross-origin'>;
    /**
     * Custom error message
     * @default 'CSRF token validation failed'
     */
    errorMessage?: string;
}
/**
 * Create CSRF protection middleware
 *
 * @example
 * ```ts
 * import { Hono } from 'hono';
 * import { csrf } from '@shware/http/hono';
 *
 * const app = new Hono();
 *
 * // basic usage
 * app.use(csrf());
 *
 * // with configuration
 * app.use(csrf({
 *   cookieName: 'csrf-token',
 *   headerName: 'X-CSRF-Token',
 *   ignores: [
 *     { path: '/api/webhook/*', methods: ['POST'] },
 *     { path: '/auth/apple/callback' },
 *   ]
 * }));
 * ```
 */
declare function csrf(config?: CSRFConfig): MiddlewareHandler;

export { type CSRFConfig, type CSRFIgnoreRule, csrf };