import { VueClientRequest } from '../app-factory.js';
/**
 * Result of authentication check.
 * - If authenticated: { authenticated: true, username: string, isAdmin: boolean }
 * - If not authenticated: { authenticated: false }
 */
export type AuthResult = {
    authenticated: true;
    username: string;
    isAdmin: boolean;
} | {
    authenticated: false;
};
/**
 * Get the authenticated user from the request's session cookie or authorization header.
 * Returns the username from the session - does NOT trust req.body.user.
 *
 * This is the secure way to get the authenticated username - callers should use
 * the returned username rather than trusting user-supplied data.
 */
export declare function getAuthenticatedUser(req: VueClientRequest): Promise<AuthResult>;
/**
 * Check if the request is authenticated (any valid user).
 * Returns true if authenticated, false otherwise.
 *
 * @deprecated Use getAuthenticatedUser() instead to get the actual username
 */
export declare function requestIsAuthenticated(req: VueClientRequest): Promise<boolean>;
/**
 * Check if the request is authenticated as an admin user.
 * Returns true only if the session has _admin role.
 *
 * SECURITY FIX: No longer trusts req.body.user - only checks session role.
 *
 * @deprecated Use getAuthenticatedUser() and check isAdmin instead
 */
export declare function requestIsAdminAuthenticated(req: VueClientRequest): Promise<boolean>;
//# sourceMappingURL=authentication.d.ts.map