export interface AuthResolver { readonly name?: string; resolve(context: TContext): Promise | TResolved | null; } export interface BearerAuthContext { authHeader: string | undefined; token: string; } export interface SessionResolverResult { account: TAccount; session: TSession; } export interface ExternalAccountInput { providerUserId: string; username: string; displayName: string; } export interface ExternalAccountResult { account: TAccount; } export interface CreateSessionAuthResolverOptions { name?: string; resolveSessionToken: (token: string) => Promise | undefined>; mapResolvedSession: (resolved: SessionResolverResult) => TResolved; } export interface CreateDevBearerAuthResolverOptions { name?: string; enabled?: boolean; prefix?: string; decodeUserId?: (rawId: string) => string; createUsername?: (providerUserId: string) => string; createDisplayName?: (providerUserId: string) => string; ensureAccount: (input: ExternalAccountInput) => Promise>; mapResolvedAccount: (resolved: ExternalAccountInput & { account: TAccount; }) => TResolved; } export interface CreateHeaderProfileAuthResolverOptions { name?: string; resolveProfile: (authHeader: string | undefined) => Promise; ensureAccount: (input: ExternalAccountInput) => Promise>; getProviderUserId: (profile: TProfile) => string; getUsername: (profile: TProfile) => string; getDisplayName: (profile: TProfile) => string; mapResolvedAccount: (resolved: { account: TAccount; profile: TProfile; providerUserId: string; username: string; displayName: string; }) => TResolved; } /** Normalized error passed to {@link AuthRequestHandlerFactoryOptions.sendError} after auth handler catches a thrown value. */ export interface NormalizedAuthHandlerError { readonly status: number; readonly message: string; } /** * Superset of values commonly thrown or passed through auth handlers. * (Catch clauses still infer `unknown`; cast at the boundary: `error as AuthHandlerThrown`.) */ export type AuthHandlerThrown = string | number | bigint | boolean | symbol | null | undefined | object; /** Converts a thrown catch value into a stable shape for HTTP responses. */ export declare const normalizeAuthHandlerError: (error: AuthHandlerThrown) => NormalizedAuthHandlerError; export interface AuthRequestHandlerFactoryOptions { resolvers: readonly AuthResolver[]; invalidMessage?: string; getAuthHeader: (request: TRequest) => string | undefined; sendError: (response: TResponse, error: NormalizedAuthHandlerError) => void | Promise; } export type RequiredAuthHandler = (request: TRequest, response: TResponse, resolved: TResolved) => void | Promise; export type OptionalAuthHandler = (request: TRequest, response: TResponse, resolved: TResolved | null) => void | Promise; export declare const createBearerAuthContext: (authHeader: string | undefined) => BearerAuthContext; export declare const resolveWithAuthResolvers: (context: TContext, resolvers: readonly AuthResolver[]) => Promise; export declare const createSessionAuthResolver: (options: CreateSessionAuthResolverOptions) => AuthResolver; export declare const createDevBearerAuthResolver: (options: CreateDevBearerAuthResolverOptions) => AuthResolver; export declare const createHeaderProfileAuthResolver: (options: CreateHeaderProfileAuthResolverOptions) => AuthResolver; export declare const resolveRequiredWithAuthResolvers: (authHeader: string | undefined, resolvers: readonly AuthResolver[], invalidMessage?: string) => Promise; export declare const resolveOptionalWithAuthResolvers: (authHeader: string | undefined, resolvers: readonly AuthResolver[], invalidMessage?: string) => Promise; export declare const createRequiredAuthHandler: (options: AuthRequestHandlerFactoryOptions, handler: RequiredAuthHandler) => ((request: TRequest, response: TResponse) => Promise); export declare const createOptionalAuthHandler: (options: AuthRequestHandlerFactoryOptions, handler: OptionalAuthHandler) => ((request: TRequest, response: TResponse) => Promise);