/**
 * Remember Me Handler
 *
 * P1 - Persistent session management
 *
 * Supports:
 * - Generating secure remember me tokens
 * - Validating persistent tokens
 * - Token rotation for security
 * - Configurable token expiration
 *
 * @see https://cheatsheetseries.owasp.org/cheatsheets/Remember_Me_Cheat_Sheet.html
 */
export interface RememberMeConfig {
    /** Token expiration time in days (default: 30) */
    expiresInDays?: number;
    /** Token length in bytes (default: 32) */
    tokenLength?: number;
    /** Secret key for signing tokens */
    secret: string;
    /** Cookie name */
    cookieName?: string;
    /** Cookie path */
    cookiePath?: string;
    /** Cookie domain */
    cookieDomain?: string;
    /** Secure flag for cookies */
    secure?: boolean;
    /** HttpOnly flag for cookies */
    httpOnly?: boolean;
    /** SameSite attribute */
    sameSite?: 'Strict' | 'Lax' | 'None';
}
export interface RememberMeToken {
    /** Token value (selector) */
    selector: string;
    /** Validator (hashed token) */
    validator: string;
    /** User ID associated with token */
    userId: string;
    /** Token expiration timestamp */
    expiresAt: Date;
}
export interface RememberMeResult {
    success: boolean;
    token?: RememberMeToken;
    userId?: string;
    error?: string;
}
/**
 * Remember Me Handler class
 */
export declare class RememberMeHandler {
    private config;
    private tokens;
    /** Store raw validators for testing purposes (in production, only send to client via cookie) */
    private rawValidators;
    constructor(config: RememberMeConfig);
    /**
     * Generate a new remember me token
     * Creates a secure random token pair (selector + validator)
     */
    generateToken(userId: string): RememberMeToken;
    /**
     * Validate a remember me token
     * Checks selector and validator against stored tokens
     */
    validateToken(selector: string, rawValidator: string): RememberMeResult;
    /**
     * Rotate a remember me token
     * Generates a new token while invalidating the old one
     */
    rotateToken(selector: string, rawValidator: string): RememberMeResult;
    /**
     * Revoke (invalidate) a remember me token
     */
    revokeToken(selector: string): boolean;
    /**
     * Revoke all tokens for a user
     */
    revokeAllUserTokens(userId: string): number;
    /**
     * Clean up expired tokens
     */
    cleanupExpiredTokens(): number;
    /**
     * Get cookie configuration for setting remember me cookie
     */
    getCookieConfig(token: RememberMeToken): {
        name: string;
        value: string;
        options: {
            expires: Date;
            path: string;
            domain?: string;
            secure: boolean;
            httpOnly: boolean;
            sameSite: 'Strict' | 'Lax' | 'None';
        };
    };
    /**
     * Parse cookie value to extract selector and validator
     */
    parseCookieValue(cookieValue: string): {
        selector: string;
        validator: string;
    } | null;
    /**
     * Check if a token is expired
     */
    isTokenExpired(token: RememberMeToken): boolean;
    /**
     * Get token by selector
     */
    getToken(selector: string): RememberMeToken | undefined;
    /**
     * Get all tokens
     */
    getAllTokens(): RememberMeToken[];
    /**
     * Clear all tokens
     */
    clearAllTokens(): void;
    /**
     * Set custom secret (for testing)
     */
    setSecret(secret: string): void;
    /**
     * Get raw validator for a selector (testing only)
     * In production, the raw validator is only sent to the client via cookie
     */
    getRawValidator(selector: string): string | undefined;
    /**
     * Get number of active tokens
     */
    get tokenCount(): number;
}
/**
 * Factory function to create Remember Me handler
 */
export declare function createRememberMeHandler(config: RememberMeConfig): RememberMeHandler;
export default RememberMeHandler;