/** * OAuth2 Authentication Routes * * Handles OAuth2 code flow, token exchange, and user authentication * * SECURITY: All routes are rate-limited to prevent brute-force attacks. * - /auth/github: Standard rate limit (initiates OAuth flow) * - /auth/callback: Strict rate limit (performs DB operations) * - /auth/refresh: Strict rate limit (token validation + DB operations) * - /auth/revoke: Strict rate limit (DB operations) */ import { Router } from "express"; import type Database from "better-sqlite3-multiple-ciphers"; import { GitHubOAuthConfig } from "../auth/github-provider.js"; export interface OAuthConfig { github?: GitHubOAuthConfig; jwtPrivateKey: string; jwtPublicKey: string; } /** * Create OAuth2 router with rate limiting * * SECURITY: All routes are rate-limited to prevent abuse: * - Standard limit: 20 requests per 15 minutes for OAuth initiation * - Strict limit: 10 requests per 15 minutes for token operations */ export declare function createOAuthRouter(db: Database.Database, config: OAuthConfig): Router;