/**
 * Database-backed OAuth State Storage
 *
 * Alternative to in-memory state store for production multi-instance deployments.
 * Provides persistent, shared state storage across server instances.
 */
import type Database from "better-sqlite3-multiple-ciphers";
/**
 * Initialize OAuth state storage table
 */
export declare function initializeOAuthStateTable(db: Database.Database): void;
/**
 * Store OAuth state in database
 */
export declare function saveOAuthState(db: Database.Database, state: string, redirectUrl?: string, expirationMs?: number): void;
/**
 * Validate and consume OAuth state (single-use)
 */
export declare function validateOAuthState(db: Database.Database, state: string): {
    valid: boolean;
    redirectUrl?: string;
};
/**
 * Clean up expired OAuth states
 * Call this periodically (e.g., every hour) to prevent table bloat
 */
export declare function cleanupExpiredOAuthStates(db: Database.Database): number;
/**
 * Example usage in OAuth routes:
 *
 * // On /auth/github:
 * const state = generateState();
 * saveOAuthState(db, state, req.query.redirect as string);
 * res.redirect(authUrl);
 *
 * // On /auth/callback:
 * const { valid, redirectUrl } = validateOAuthState(db, req.query.state as string);
 * if (!valid) {
 *   return res.status(400).json({ error: "INVALID_STATE" });
 * }
 * // ... proceed with OAuth flow
 *
 * // Cleanup job (run periodically):
 * setInterval(() => {
 *   const deleted = cleanupExpiredOAuthStates(db);
 *   logger.debug(`Cleaned up ${deleted} expired OAuth states`);
 * }, 60 * 60 * 1000); // Every hour
 */