from typing import Any, Optional, Callable, TypeVar

import aiohttp.web

from .abc import AbstractAuthorizationPolicy as AbstractAuthorizationPolicy
from .abc import AbstractIdentityPolicy as AbstractIdentityPolicy
from .abc import Permission as Permission
from .abc import UserId as UserId
from .abc import OptionalContext as OptionalContext
from .abc import Identity as Identity

IDENTITY_KEY: str
AUTZ_KEY: str

_Fn = TypeVar("_Fn")

async def remember(request: aiohttp.web.Request, response: aiohttp.web.StreamResponse, identity: Identity, **kwargs: Any) -> None: ...
async def forget(request: aiohttp.web.Request, response: aiohttp.web.StreamResponse) -> None: ...
async def authorized_userid(request: aiohttp.web.Request) -> Optional[UserId]: ...
async def permits(request: aiohttp.web.Request, permission: Permission, context: OptionalContext = ...) -> bool: ...
async def is_anonymous(request: aiohttp.web.Request) -> bool: ...
async def check_authorized(request: aiohttp.web.Request) -> UserId: ...
async def check_permission(request: aiohttp.web.Request, permission: Permission, context: OptionalContext = ...) -> None: ...
def setup(app: aiohttp.web.Application, identity_policy: AbstractIdentityPolicy, autz_policy: AbstractAuthorizationPolicy) -> None: ...

# Deprecated since 0.3
def login_required(fn: _Fn) -> _Fn: ...
def has_permission(permission: Permission, context: OptionalContext = ...) -> Callable[[_Fn], _Fn]: ...