update: package json version

2026-03-30 18:32:23 +03:00
12 changed files with 65 additions and 4574 deletions
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -50,7 +50,7 @@ jobs:
          npm install -g ts-proto
          mkdir -p ./gen/go  # Создаем вложенную папку для Go
          protoc -I ./proto ./proto/*.proto \
-            --ts_proto_out=nestJs=true,addGrpcMetadata=true,package=omit:./gen \
+            --ts_proto_out=nestJs=true,package=omit:./gen \
            --go_out=paths=source_relative:./gen/go \
            --go-grpc_out=paths=source_relative:./gen/go
--- a/gen/go/identity.pb.go
+++ b/gen/go/identity.pb.go
--- a/gen/go/identity_grpc.pb.go
+++ b/gen/go/identity_grpc.pb.go
@@ -1,755 +0,0 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
 // - protoc             v3.21.12
 // source: identity.proto
 package pb
 import (
 	context "context"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
 )
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
 // Requires gRPC-Go v1.64.0 or later.
 const _ = grpc.SupportPackageIsVersion9
 const (
 	AuthService_Login_FullMethodName               = "/identity.AuthService/Login"
 	AuthService_Refresh_FullMethodName             = "/identity.AuthService/Refresh"
 	AuthService_VerifyToken_FullMethodName         = "/identity.AuthService/VerifyToken"
 	AuthService_GetAccountRoleLevel_FullMethodName = "/identity.AuthService/GetAccountRoleLevel"
 	AuthService_Logout_FullMethodName              = "/identity.AuthService/Logout"
 	AuthService_LogoutAll_FullMethodName           = "/identity.AuthService/LogoutAll"
 	AuthService_UnlockPin_FullMethodName           = "/identity.AuthService/UnlockPin"
 	AuthService_Verify2Fa_FullMethodName           = "/identity.AuthService/Verify2Fa"
 )
 // AuthServiceClient is the client API for AuthService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type AuthServiceClient interface {
 	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
 	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
 	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
 	GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error)
 	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
 	LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
 	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
 	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
 }
 type authServiceClient struct {
 	cc grpc.ClientConnInterface
 }
 func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
 	return &authServiceClient{cc}
 }
 func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LoginResponse)
 	err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(RefreshResponse)
 	err := c.cc.Invoke(ctx, AuthService_Refresh_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(VerifyTokenResponse)
 	err := c.cc.Invoke(ctx, AuthService_VerifyToken_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetAccountRoleLevelResponse)
 	err := c.cc.Invoke(ctx, AuthService_GetAccountRoleLevel_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LogoutResponse)
 	err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LogoutResponse)
 	err := c.cc.Invoke(ctx, AuthService_LogoutAll_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(UnlockPinResponse)
 	err := c.cc.Invoke(ctx, AuthService_UnlockPin_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *authServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(Verify2FaResponse)
 	err := c.cc.Invoke(ctx, AuthService_Verify2Fa_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // AuthServiceServer is the server API for AuthService service.
 // All implementations must embed UnimplementedAuthServiceServer
 // for forward compatibility.
 type AuthServiceServer interface {
 	Login(context.Context, *LoginRequest) (*LoginResponse, error)
 	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
 	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
 	GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error)
 	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
 	LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error)
 	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
 	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
 	mustEmbedUnimplementedAuthServiceServer()
 }
 // UnimplementedAuthServiceServer must be embedded to have
 // forward compatible implementations.
 //
 // NOTE: this should be embedded by value instead of pointer to avoid a nil
 // pointer dereference when methods are called.
 type UnimplementedAuthServiceServer struct{}
 func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Login not implemented")
 }
 func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
 }
 func (UnimplementedAuthServiceServer) VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method VerifyToken not implemented")
 }
 func (UnimplementedAuthServiceServer) GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetAccountRoleLevel not implemented")
 }
 func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
 }
 func (UnimplementedAuthServiceServer) LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method LogoutAll not implemented")
 }
 func (UnimplementedAuthServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
 }
 func (UnimplementedAuthServiceServer) Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Verify2Fa not implemented")
 }
 func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
 func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
 // UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to AuthServiceServer will
 // result in compilation errors.
 type UnsafeAuthServiceServer interface {
 	mustEmbedUnimplementedAuthServiceServer()
 }
 func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
 	// If the following call panics, it indicates UnimplementedAuthServiceServer was
 	// embedded by pointer and is nil.  This will cause panics if an
 	// unimplemented method is ever invoked, so we test this at initialization
 	// time to prevent it from happening at runtime later due to I/O.
 	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
 		t.testEmbeddedByValue()
 	}
 	s.RegisterService(&AuthService_ServiceDesc, srv)
 }
 func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LoginRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).Login(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_Login_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(RefreshRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).Refresh(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_Refresh_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).Refresh(ctx, req.(*RefreshRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_VerifyToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(VerifyTokenRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).VerifyToken(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_VerifyToken_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).VerifyToken(ctx, req.(*VerifyTokenRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_GetAccountRoleLevel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetAccountRoleLevelRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_GetAccountRoleLevel_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, req.(*GetAccountRoleLevelRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LogoutRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).Logout(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_Logout_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_LogoutAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LogoutRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).LogoutAll(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_LogoutAll_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).LogoutAll(ctx, req.(*LogoutRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(UnlockPinRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).UnlockPin(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_UnlockPin_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _AuthService_Verify2Fa_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(Verify2FaRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(AuthServiceServer).Verify2Fa(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: AuthService_Verify2Fa_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(AuthServiceServer).Verify2Fa(ctx, req.(*Verify2FaRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 // AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
 var AuthService_ServiceDesc = grpc.ServiceDesc{
 	ServiceName: "identity.AuthService",
 	HandlerType: (*AuthServiceServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "Login",
 			Handler:    _AuthService_Login_Handler,
 		},
 		{
 			MethodName: "Refresh",
 			Handler:    _AuthService_Refresh_Handler,
 		},
 		{
 			MethodName: "VerifyToken",
 			Handler:    _AuthService_VerifyToken_Handler,
 		},
 		{
 			MethodName: "GetAccountRoleLevel",
 			Handler:    _AuthService_GetAccountRoleLevel_Handler,
 		},
 		{
 			MethodName: "Logout",
 			Handler:    _AuthService_Logout_Handler,
 		},
 		{
 			MethodName: "LogoutAll",
 			Handler:    _AuthService_LogoutAll_Handler,
 		},
 		{
 			MethodName: "UnlockPin",
 			Handler:    _AuthService_UnlockPin_Handler,
 		},
 		{
 			MethodName: "Verify2Fa",
 			Handler:    _AuthService_Verify2Fa_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "identity.proto",
 }
 const (
 	TwoFaService_GetTwoFaStatus_FullMethodName            = "/identity.TwoFaService/GetTwoFaStatus"
 	TwoFaService_StartTotpEnrollment_FullMethodName       = "/identity.TwoFaService/StartTotpEnrollment"
 	TwoFaService_ConfirmTotpErollment_FullMethodName      = "/identity.TwoFaService/ConfirmTotpErollment"
 	TwoFaService_CancelTotpEnrollment_FullMethodName      = "/identity.TwoFaService/CancelTotpEnrollment"
 	TwoFaService_DisableTotp_FullMethodName               = "/identity.TwoFaService/DisableTotp"
 	TwoFaService_StartTelegramEnrollment_FullMethodName   = "/identity.TwoFaService/StartTelegramEnrollment"
 	TwoFaService_ConfirmTelegramEnrollment_FullMethodName = "/identity.TwoFaService/ConfirmTelegramEnrollment"
 	TwoFaService_DisableTelegram_FullMethodName           = "/identity.TwoFaService/DisableTelegram"
 )
 // TwoFaServiceClient is the client API for TwoFaService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type TwoFaServiceClient interface {
 	GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error)
 	StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error)
 	ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error)
 	CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error)
 	DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error)
 	StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error)
 	ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error)
 	DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error)
 }
 type twoFaServiceClient struct {
 	cc grpc.ClientConnInterface
 }
 func NewTwoFaServiceClient(cc grpc.ClientConnInterface) TwoFaServiceClient {
 	return &twoFaServiceClient{cc}
 }
 func (c *twoFaServiceClient) GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetTwoFaStatusResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_GetTwoFaStatus_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StartTotpEnrollmentResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_StartTotpEnrollment_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(ConfirmTotpEnrollmentResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTotpErollment_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(CancelTotpEnrollmentResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_CancelTotpEnrollment_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(DisableTotpResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_DisableTotp_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StartTelegramEnrollmentResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_StartTelegramEnrollment_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(ConfirmTelegramEnrollmentResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTelegramEnrollment_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *twoFaServiceClient) DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(DisableTelegramResponse)
 	err := c.cc.Invoke(ctx, TwoFaService_DisableTelegram_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // TwoFaServiceServer is the server API for TwoFaService service.
 // All implementations must embed UnimplementedTwoFaServiceServer
 // for forward compatibility.
 type TwoFaServiceServer interface {
 	GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error)
 	StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error)
 	ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error)
 	CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error)
 	DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error)
 	StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error)
 	ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error)
 	DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error)
 	mustEmbedUnimplementedTwoFaServiceServer()
 }
 // UnimplementedTwoFaServiceServer must be embedded to have
 // forward compatible implementations.
 //
 // NOTE: this should be embedded by value instead of pointer to avoid a nil
 // pointer dereference when methods are called.
 type UnimplementedTwoFaServiceServer struct{}
 func (UnimplementedTwoFaServiceServer) GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetTwoFaStatus not implemented")
 }
 func (UnimplementedTwoFaServiceServer) StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method StartTotpEnrollment not implemented")
 }
 func (UnimplementedTwoFaServiceServer) ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method ConfirmTotpErollment not implemented")
 }
 func (UnimplementedTwoFaServiceServer) CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method CancelTotpEnrollment not implemented")
 }
 func (UnimplementedTwoFaServiceServer) DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method DisableTotp not implemented")
 }
 func (UnimplementedTwoFaServiceServer) StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method StartTelegramEnrollment not implemented")
 }
 func (UnimplementedTwoFaServiceServer) ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method ConfirmTelegramEnrollment not implemented")
 }
 func (UnimplementedTwoFaServiceServer) DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method DisableTelegram not implemented")
 }
 func (UnimplementedTwoFaServiceServer) mustEmbedUnimplementedTwoFaServiceServer() {}
 func (UnimplementedTwoFaServiceServer) testEmbeddedByValue()                      {}
 // UnsafeTwoFaServiceServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to TwoFaServiceServer will
 // result in compilation errors.
 type UnsafeTwoFaServiceServer interface {
 	mustEmbedUnimplementedTwoFaServiceServer()
 }
 func RegisterTwoFaServiceServer(s grpc.ServiceRegistrar, srv TwoFaServiceServer) {
 	// If the following call panics, it indicates UnimplementedTwoFaServiceServer was
 	// embedded by pointer and is nil.  This will cause panics if an
 	// unimplemented method is ever invoked, so we test this at initialization
 	// time to prevent it from happening at runtime later due to I/O.
 	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
 		t.testEmbeddedByValue()
 	}
 	s.RegisterService(&TwoFaService_ServiceDesc, srv)
 }
 func _TwoFaService_GetTwoFaStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GetTwoFaStatusRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_GetTwoFaStatus_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, req.(*GetTwoFaStatusRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_StartTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AuthenticatedAccessRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_StartTotpEnrollment_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_ConfirmTotpErollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ConfirmTotpEnrollmentRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_ConfirmTotpErollment_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, req.(*ConfirmTotpEnrollmentRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_CancelTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AuthenticatedAccessRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_CancelTotpEnrollment_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_DisableTotp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(DisableTotpRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).DisableTotp(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_DisableTotp_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).DisableTotp(ctx, req.(*DisableTotpRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_StartTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(AuthenticatedAccessRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_StartTelegramEnrollment_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, req.(*AuthenticatedAccessRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_ConfirmTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ConfirmTelegramEnrollmentRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_ConfirmTelegramEnrollment_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, req.(*ConfirmTelegramEnrollmentRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _TwoFaService_DisableTelegram_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(DisableTelegramRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(TwoFaServiceServer).DisableTelegram(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: TwoFaService_DisableTelegram_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(TwoFaServiceServer).DisableTelegram(ctx, req.(*DisableTelegramRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 // TwoFaService_ServiceDesc is the grpc.ServiceDesc for TwoFaService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
 var TwoFaService_ServiceDesc = grpc.ServiceDesc{
 	ServiceName: "identity.TwoFaService",
 	HandlerType: (*TwoFaServiceServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "GetTwoFaStatus",
 			Handler:    _TwoFaService_GetTwoFaStatus_Handler,
 		},
 		{
 			MethodName: "StartTotpEnrollment",
 			Handler:    _TwoFaService_StartTotpEnrollment_Handler,
 		},
 		{
 			MethodName: "ConfirmTotpErollment",
 			Handler:    _TwoFaService_ConfirmTotpErollment_Handler,
 		},
 		{
 			MethodName: "CancelTotpEnrollment",
 			Handler:    _TwoFaService_CancelTotpEnrollment_Handler,
 		},
 		{
 			MethodName: "DisableTotp",
 			Handler:    _TwoFaService_DisableTotp_Handler,
 		},
 		{
 			MethodName: "StartTelegramEnrollment",
 			Handler:    _TwoFaService_StartTelegramEnrollment_Handler,
 		},
 		{
 			MethodName: "ConfirmTelegramEnrollment",
 			Handler:    _TwoFaService_ConfirmTelegramEnrollment_Handler,
 		},
 		{
 			MethodName: "DisableTelegram",
 			Handler:    _TwoFaService_DisableTelegram_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "identity.proto",
 }
--- a/gen/go/ldap.pb.go
+++ b/gen/go/ldap.pb.go
@@ -1,965 +0,0 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.36.11
 // 	protoc        v3.21.12
 // source: ldap.proto
 package pb
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 	unsafe "unsafe"
 )
 const (
 	// Verify that this generated code is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
 	// Verify that runtime/protoimpl is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 // ==========================================
 // БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
 // ==========================================
 type EmptyRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *EmptyRequest) Reset() {
 	*x = EmptyRequest{}
 	mi := &file_ldap_proto_msgTypes[0]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *EmptyRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*EmptyRequest) ProtoMessage() {}
 func (x *EmptyRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[0]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use EmptyRequest.ProtoReflect.Descriptor instead.
 func (*EmptyRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{0}
 }
 // Стандартный ответ для мутаций (создание, обновление, удаление)
 type StatusResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
 	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *StatusResponse) Reset() {
 	*x = StatusResponse{}
 	mi := &file_ldap_proto_msgTypes[1]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *StatusResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*StatusResponse) ProtoMessage() {}
 func (x *StatusResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[1]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use StatusResponse.ProtoReflect.Descriptor instead.
 func (*StatusResponse) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{1}
 }
 func (x *StatusResponse) GetSuccess() bool {
 	if x != nil {
 		return x.Success
 	}
 	return false
 }
 func (x *StatusResponse) GetErrorMessage() string {
 	if x != nil {
 		return x.ErrorMessage
 	}
 	return ""
 }
 // Полная модель пользователя
 type UserData struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
 	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
 	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
 	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
 	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
 	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
 	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
 	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *UserData) Reset() {
 	*x = UserData{}
 	mi := &file_ldap_proto_msgTypes[2]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *UserData) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*UserData) ProtoMessage() {}
 func (x *UserData) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[2]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use UserData.ProtoReflect.Descriptor instead.
 func (*UserData) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{2}
 }
 func (x *UserData) GetDn() string {
 	if x != nil {
 		return x.Dn
 	}
 	return ""
 }
 func (x *UserData) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *UserData) GetDisplayName() string {
 	if x != nil {
 		return x.DisplayName
 	}
 	return ""
 }
 func (x *UserData) GetEmail() string {
 	if x != nil {
 		return x.Email
 	}
 	return ""
 }
 func (x *UserData) GetDescription() string {
 	if x != nil {
 		return x.Description
 	}
 	return ""
 }
 func (x *UserData) GetAvatar() []byte {
 	if x != nil {
 		return x.Avatar
 	}
 	return nil
 }
 func (x *UserData) GetGroups() []string {
 	if x != nil {
 		return x.Groups
 	}
 	return nil
 }
 func (x *UserData) GetIsActive() bool {
 	if x != nil {
 		return x.IsActive
 	}
 	return false
 }
 // Модель группы
 type GroupData struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
 	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Короткое имя группы (cn)
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *GroupData) Reset() {
 	*x = GroupData{}
 	mi := &file_ldap_proto_msgTypes[3]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *GroupData) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*GroupData) ProtoMessage() {}
 func (x *GroupData) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[3]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use GroupData.ProtoReflect.Descriptor instead.
 func (*GroupData) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{3}
 }
 func (x *GroupData) GetDn() string {
 	if x != nil {
 		return x.Dn
 	}
 	return ""
 }
 func (x *GroupData) GetName() string {
 	if x != nil {
 		return x.Name
 	}
 	return ""
 }
 // --- Авторизация ---
 type VerifyRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *VerifyRequest) Reset() {
 	*x = VerifyRequest{}
 	mi := &file_ldap_proto_msgTypes[4]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *VerifyRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*VerifyRequest) ProtoMessage() {}
 func (x *VerifyRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[4]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
 func (*VerifyRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{4}
 }
 func (x *VerifyRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *VerifyRequest) GetPassword() string {
 	if x != nil {
 		return x.Password
 	}
 	return ""
 }
 type VerifyResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
 	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
 	User          *UserData              `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // Отдаем полные данные при успешном входе
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *VerifyResponse) Reset() {
 	*x = VerifyResponse{}
 	mi := &file_ldap_proto_msgTypes[5]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *VerifyResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*VerifyResponse) ProtoMessage() {}
 func (x *VerifyResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[5]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
 func (*VerifyResponse) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{5}
 }
 func (x *VerifyResponse) GetSuccess() bool {
 	if x != nil {
 		return x.Success
 	}
 	return false
 }
 func (x *VerifyResponse) GetErrorMessage() string {
 	if x != nil {
 		return x.ErrorMessage
 	}
 	return ""
 }
 func (x *VerifyResponse) GetUser() *UserData {
 	if x != nil {
 		return x.User
 	}
 	return nil
 }
 // --- Списки ---
 type UserListResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
 	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
 	Users         []*UserData            `protobuf:"bytes,3,rep,name=users,proto3" json:"users,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *UserListResponse) Reset() {
 	*x = UserListResponse{}
 	mi := &file_ldap_proto_msgTypes[6]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *UserListResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*UserListResponse) ProtoMessage() {}
 func (x *UserListResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[6]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use UserListResponse.ProtoReflect.Descriptor instead.
 func (*UserListResponse) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{6}
 }
 func (x *UserListResponse) GetSuccess() bool {
 	if x != nil {
 		return x.Success
 	}
 	return false
 }
 func (x *UserListResponse) GetErrorMessage() string {
 	if x != nil {
 		return x.ErrorMessage
 	}
 	return ""
 }
 func (x *UserListResponse) GetUsers() []*UserData {
 	if x != nil {
 		return x.Users
 	}
 	return nil
 }
 type GroupListResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
 	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
 	Groups        []*GroupData           `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *GroupListResponse) Reset() {
 	*x = GroupListResponse{}
 	mi := &file_ldap_proto_msgTypes[7]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *GroupListResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*GroupListResponse) ProtoMessage() {}
 func (x *GroupListResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[7]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use GroupListResponse.ProtoReflect.Descriptor instead.
 func (*GroupListResponse) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{7}
 }
 func (x *GroupListResponse) GetSuccess() bool {
 	if x != nil {
 		return x.Success
 	}
 	return false
 }
 func (x *GroupListResponse) GetErrorMessage() string {
 	if x != nil {
 		return x.ErrorMessage
 	}
 	return ""
 }
 func (x *GroupListResponse) GetGroups() []*GroupData {
 	if x != nil {
 		return x.Groups
 	}
 	return nil
 }
 // --- Управление профилем ---
 type CreateUserRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	FullName      string                 `protobuf:"bytes,2,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
 	Password      string                 `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
 	Email         *string                `protobuf:"bytes,4,opt,name=email,proto3,oneof" json:"email,omitempty"` // Сразу при создании можно задать почту
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *CreateUserRequest) Reset() {
 	*x = CreateUserRequest{}
 	mi := &file_ldap_proto_msgTypes[8]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *CreateUserRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*CreateUserRequest) ProtoMessage() {}
 func (x *CreateUserRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[8]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.
 func (*CreateUserRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{8}
 }
 func (x *CreateUserRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *CreateUserRequest) GetFullName() string {
 	if x != nil {
 		return x.FullName
 	}
 	return ""
 }
 func (x *CreateUserRequest) GetPassword() string {
 	if x != nil {
 		return x.Password
 	}
 	return ""
 }
 func (x *CreateUserRequest) GetEmail() string {
 	if x != nil && x.Email != nil {
 		return *x.Email
 	}
 	return ""
 }
 // Запрос на обновление. Используем optional для частичного обновления.
 type UpdateUserRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`                                // Обязательное поле: кого обновляем
 	DisplayName   *string                `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"` // Новое ФИО (повлечет Rename CN)
 	Email         *string                `protobuf:"bytes,3,opt,name=email,proto3,oneof" json:"email,omitempty"`                                // Новая почта
 	Description   *string                `protobuf:"bytes,4,opt,name=description,proto3,oneof" json:"description,omitempty"`                    // Новое описание
 	Avatar        []byte                 `protobuf:"bytes,5,opt,name=avatar,proto3,oneof" json:"avatar,omitempty"`                              // Новая аватарка (бинарник картинки)
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *UpdateUserRequest) Reset() {
 	*x = UpdateUserRequest{}
 	mi := &file_ldap_proto_msgTypes[9]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *UpdateUserRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*UpdateUserRequest) ProtoMessage() {}
 func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[9]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead.
 func (*UpdateUserRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{9}
 }
 func (x *UpdateUserRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *UpdateUserRequest) GetDisplayName() string {
 	if x != nil && x.DisplayName != nil {
 		return *x.DisplayName
 	}
 	return ""
 }
 func (x *UpdateUserRequest) GetEmail() string {
 	if x != nil && x.Email != nil {
 		return *x.Email
 	}
 	return ""
 }
 func (x *UpdateUserRequest) GetDescription() string {
 	if x != nil && x.Description != nil {
 		return *x.Description
 	}
 	return ""
 }
 func (x *UpdateUserRequest) GetAvatar() []byte {
 	if x != nil {
 		return x.Avatar
 	}
 	return nil
 }
 type ChangePasswordRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	NewPassword   string                 `protobuf:"bytes,2,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *ChangePasswordRequest) Reset() {
 	*x = ChangePasswordRequest{}
 	mi := &file_ldap_proto_msgTypes[10]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *ChangePasswordRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*ChangePasswordRequest) ProtoMessage() {}
 func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[10]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
 func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{10}
 }
 func (x *ChangePasswordRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *ChangePasswordRequest) GetNewPassword() string {
 	if x != nil {
 		return x.NewPassword
 	}
 	return ""
 }
 type ToggleStatusRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	SetActive     bool                   `protobuf:"varint,2,opt,name=set_active,json=setActive,proto3" json:"set_active,omitempty"` // true - включить (512), false - отключить (514)
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *ToggleStatusRequest) Reset() {
 	*x = ToggleStatusRequest{}
 	mi := &file_ldap_proto_msgTypes[11]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *ToggleStatusRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*ToggleStatusRequest) ProtoMessage() {}
 func (x *ToggleStatusRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[11]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use ToggleStatusRequest.ProtoReflect.Descriptor instead.
 func (*ToggleStatusRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{11}
 }
 func (x *ToggleStatusRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *ToggleStatusRequest) GetSetActive() bool {
 	if x != nil {
 		return x.SetActive
 	}
 	return false
 }
 // --- Управление членством в группах ---
 type GroupMemberRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`              // Логин пользователя
 	GroupDn       string                 `protobuf:"bytes,2,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty"` // Полный путь группы (в которую добавляем / из которой удаляем)
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 func (x *GroupMemberRequest) Reset() {
 	*x = GroupMemberRequest{}
 	mi := &file_ldap_proto_msgTypes[12]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 func (x *GroupMemberRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 func (*GroupMemberRequest) ProtoMessage() {}
 func (x *GroupMemberRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_ldap_proto_msgTypes[12]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
 		}
 		return ms
 	}
 	return mi.MessageOf(x)
 }
 // Deprecated: Use GroupMemberRequest.ProtoReflect.Descriptor instead.
 func (*GroupMemberRequest) Descriptor() ([]byte, []int) {
 	return file_ldap_proto_rawDescGZIP(), []int{12}
 }
 func (x *GroupMemberRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 func (x *GroupMemberRequest) GetGroupDn() string {
 	if x != nil {
 		return x.GroupDn
 	}
 	return ""
 }
 var File_ldap_proto protoreflect.FileDescriptor
 const file_ldap_proto_rawDesc = "" +
 	"\n" +
 	"\n" +
 	"ldap.proto\x12\fldap_service\"\x0e\n" +
 	"\fEmptyRequest\"O\n" +
 	"\x0eStatusResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
 	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xde\x01\n" +
 	"\bUserData\x12\x0e\n" +
 	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
 	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
 	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
 	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
 	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
 	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
 	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
 	"\tis_active\x18\b \x01(\bR\bisActive\"/\n" +
 	"\tGroupData\x12\x0e\n" +
 	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x12\n" +
 	"\x04name\x18\x02 \x01(\tR\x04name\"G\n" +
 	"\rVerifyRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
 	"\bpassword\x18\x02 \x01(\tR\bpassword\"{\n" +
 	"\x0eVerifyResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
 	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
 	"\x04user\x18\x03 \x01(\v2\x16.ldap_service.UserDataR\x04user\"\x7f\n" +
 	"\x10UserListResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
 	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12,\n" +
 	"\x05users\x18\x03 \x03(\v2\x16.ldap_service.UserDataR\x05users\"\x83\x01\n" +
 	"\x11GroupListResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
 	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12/\n" +
 	"\x06groups\x18\x03 \x03(\v2\x17.ldap_service.GroupDataR\x06groups\"\x8d\x01\n" +
 	"\x11CreateUserRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" +
 	"\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x1a\n" +
 	"\bpassword\x18\x03 \x01(\tR\bpassword\x12\x19\n" +
 	"\x05email\x18\x04 \x01(\tH\x00R\x05email\x88\x01\x01B\b\n" +
 	"\x06_email\"\xec\x01\n" +
 	"\x11UpdateUserRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12&\n" +
 	"\fdisplay_name\x18\x02 \x01(\tH\x00R\vdisplayName\x88\x01\x01\x12\x19\n" +
 	"\x05email\x18\x03 \x01(\tH\x01R\x05email\x88\x01\x01\x12%\n" +
 	"\vdescription\x18\x04 \x01(\tH\x02R\vdescription\x88\x01\x01\x12\x1b\n" +
 	"\x06avatar\x18\x05 \x01(\fH\x03R\x06avatar\x88\x01\x01B\x0f\n" +
 	"\r_display_nameB\b\n" +
 	"\x06_emailB\x0e\n" +
 	"\f_descriptionB\t\n" +
 	"\a_avatar\"V\n" +
 	"\x15ChangePasswordRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12!\n" +
 	"\fnew_password\x18\x02 \x01(\tR\vnewPassword\"P\n" +
 	"\x13ToggleStatusRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12\x1d\n" +
 	"\n" +
 	"set_active\x18\x02 \x01(\bR\tsetActive\"K\n" +
 	"\x12GroupMemberRequest\x12\x1a\n" +
 	"\busername\x18\x01 \x01(\tR\busername\x12\x19\n" +
 	"\bgroup_dn\x18\x02 \x01(\tR\agroupDn2\xd2\x05\n" +
 	"\bLdapAuth\x12G\n" +
 	"\n" +
 	"VerifyUser\x12\x1b.ldap_service.VerifyRequest\x1a\x1c.ldap_service.VerifyResponse\x12F\n" +
 	"\bGetUsers\x12\x1a.ldap_service.EmptyRequest\x1a\x1e.ldap_service.UserListResponse\x12K\n" +
 	"\n" +
 	"CreateUser\x12\x1f.ldap_service.CreateUserRequest\x1a\x1c.ldap_service.StatusResponse\x12K\n" +
 	"\n" +
 	"UpdateUser\x12\x1f.ldap_service.UpdateUserRequest\x1a\x1c.ldap_service.StatusResponse\x12S\n" +
 	"\x0eChangePassword\x12#.ldap_service.ChangePasswordRequest\x1a\x1c.ldap_service.StatusResponse\x12S\n" +
 	"\x10ToggleUserStatus\x12!.ldap_service.ToggleStatusRequest\x1a\x1c.ldap_service.StatusResponse\x12H\n" +
 	"\tGetGroups\x12\x1a.ldap_service.EmptyRequest\x1a\x1f.ldap_service.GroupListResponse\x12P\n" +
 	"\x0eAddUserToGroup\x12 .ldap_service.GroupMemberRequest\x1a\x1c.ldap_service.StatusResponse\x12U\n" +
 	"\x13RemoveUserFromGroup\x12 .ldap_service.GroupMemberRequest\x1a\x1c.ldap_service.StatusResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
 var (
 	file_ldap_proto_rawDescOnce sync.Once
 	file_ldap_proto_rawDescData []byte
 )
 func file_ldap_proto_rawDescGZIP() []byte {
 	file_ldap_proto_rawDescOnce.Do(func() {
 		file_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)))
 	})
 	return file_ldap_proto_rawDescData
 }
 var file_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
 var file_ldap_proto_goTypes = []any{
 	(*EmptyRequest)(nil),          // 0: ldap_service.EmptyRequest
 	(*StatusResponse)(nil),        // 1: ldap_service.StatusResponse
 	(*UserData)(nil),              // 2: ldap_service.UserData
 	(*GroupData)(nil),             // 3: ldap_service.GroupData
 	(*VerifyRequest)(nil),         // 4: ldap_service.VerifyRequest
 	(*VerifyResponse)(nil),        // 5: ldap_service.VerifyResponse
 	(*UserListResponse)(nil),      // 6: ldap_service.UserListResponse
 	(*GroupListResponse)(nil),     // 7: ldap_service.GroupListResponse
 	(*CreateUserRequest)(nil),     // 8: ldap_service.CreateUserRequest
 	(*UpdateUserRequest)(nil),     // 9: ldap_service.UpdateUserRequest
 	(*ChangePasswordRequest)(nil), // 10: ldap_service.ChangePasswordRequest
 	(*ToggleStatusRequest)(nil),   // 11: ldap_service.ToggleStatusRequest
 	(*GroupMemberRequest)(nil),    // 12: ldap_service.GroupMemberRequest
 }
 var file_ldap_proto_depIdxs = []int32{
 	2,  // 0: ldap_service.VerifyResponse.user:type_name -> ldap_service.UserData
 	2,  // 1: ldap_service.UserListResponse.users:type_name -> ldap_service.UserData
 	3,  // 2: ldap_service.GroupListResponse.groups:type_name -> ldap_service.GroupData
 	4,  // 3: ldap_service.LdapAuth.VerifyUser:input_type -> ldap_service.VerifyRequest
 	0,  // 4: ldap_service.LdapAuth.GetUsers:input_type -> ldap_service.EmptyRequest
 	8,  // 5: ldap_service.LdapAuth.CreateUser:input_type -> ldap_service.CreateUserRequest
 	9,  // 6: ldap_service.LdapAuth.UpdateUser:input_type -> ldap_service.UpdateUserRequest
 	10, // 7: ldap_service.LdapAuth.ChangePassword:input_type -> ldap_service.ChangePasswordRequest
 	11, // 8: ldap_service.LdapAuth.ToggleUserStatus:input_type -> ldap_service.ToggleStatusRequest
 	0,  // 9: ldap_service.LdapAuth.GetGroups:input_type -> ldap_service.EmptyRequest
 	12, // 10: ldap_service.LdapAuth.AddUserToGroup:input_type -> ldap_service.GroupMemberRequest
 	12, // 11: ldap_service.LdapAuth.RemoveUserFromGroup:input_type -> ldap_service.GroupMemberRequest
 	5,  // 12: ldap_service.LdapAuth.VerifyUser:output_type -> ldap_service.VerifyResponse
 	6,  // 13: ldap_service.LdapAuth.GetUsers:output_type -> ldap_service.UserListResponse
 	1,  // 14: ldap_service.LdapAuth.CreateUser:output_type -> ldap_service.StatusResponse
 	1,  // 15: ldap_service.LdapAuth.UpdateUser:output_type -> ldap_service.StatusResponse
 	1,  // 16: ldap_service.LdapAuth.ChangePassword:output_type -> ldap_service.StatusResponse
 	1,  // 17: ldap_service.LdapAuth.ToggleUserStatus:output_type -> ldap_service.StatusResponse
 	7,  // 18: ldap_service.LdapAuth.GetGroups:output_type -> ldap_service.GroupListResponse
 	1,  // 19: ldap_service.LdapAuth.AddUserToGroup:output_type -> ldap_service.StatusResponse
 	1,  // 20: ldap_service.LdapAuth.RemoveUserFromGroup:output_type -> ldap_service.StatusResponse
 	12, // [12:21] is the sub-list for method output_type
 	3,  // [3:12] is the sub-list for method input_type
 	3,  // [3:3] is the sub-list for extension type_name
 	3,  // [3:3] is the sub-list for extension extendee
 	0,  // [0:3] is the sub-list for field type_name
 }
 func init() { file_ldap_proto_init() }
 func file_ldap_proto_init() {
 	if File_ldap_proto != nil {
 		return
 	}
 	file_ldap_proto_msgTypes[8].OneofWrappers = []any{}
 	file_ldap_proto_msgTypes[9].OneofWrappers = []any{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)),
 			NumEnums:      0,
 			NumMessages:   13,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
 		GoTypes:           file_ldap_proto_goTypes,
 		DependencyIndexes: file_ldap_proto_depIdxs,
 		MessageInfos:      file_ldap_proto_msgTypes,
 	}.Build()
 	File_ldap_proto = out.File
 	file_ldap_proto_goTypes = nil
 	file_ldap_proto_depIdxs = nil
 }
--- a/gen/go/ldap_grpc.pb.go
+++ b/gen/go/ldap_grpc.pb.go
@@ -1,439 +0,0 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.6.1
 // - protoc             v3.21.12
 // source: ldap.proto
 package pb
 import (
 	context "context"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
 )
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
 // Requires gRPC-Go v1.64.0 or later.
 const _ = grpc.SupportPackageIsVersion9
 const (
 	LdapAuth_VerifyUser_FullMethodName          = "/ldap_service.LdapAuth/VerifyUser"
 	LdapAuth_GetUsers_FullMethodName            = "/ldap_service.LdapAuth/GetUsers"
 	LdapAuth_CreateUser_FullMethodName          = "/ldap_service.LdapAuth/CreateUser"
 	LdapAuth_UpdateUser_FullMethodName          = "/ldap_service.LdapAuth/UpdateUser"
 	LdapAuth_ChangePassword_FullMethodName      = "/ldap_service.LdapAuth/ChangePassword"
 	LdapAuth_ToggleUserStatus_FullMethodName    = "/ldap_service.LdapAuth/ToggleUserStatus"
 	LdapAuth_GetGroups_FullMethodName           = "/ldap_service.LdapAuth/GetGroups"
 	LdapAuth_AddUserToGroup_FullMethodName      = "/ldap_service.LdapAuth/AddUserToGroup"
 	LdapAuth_RemoveUserFromGroup_FullMethodName = "/ldap_service.LdapAuth/RemoveUserFromGroup"
 )
 // LdapAuthClient is the client API for LdapAuth service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 //
 // ==========================================
 // ГЛАВНЫЙ СЕРВИС
 // ==========================================
 type LdapAuthClient interface {
 	// --- Вектор 1: Авторизация (Bind от имени пользователя) ---
 	VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
 	// --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
 	GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error)
 	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 	UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 	ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 	// --- Вектор 3: Управление Группами ---
 	GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error)
 	AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 	RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
 }
 type ldapAuthClient struct {
 	cc grpc.ClientConnInterface
 }
 func NewLdapAuthClient(cc grpc.ClientConnInterface) LdapAuthClient {
 	return &ldapAuthClient{cc}
 }
 func (c *ldapAuthClient) VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(VerifyResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_VerifyUser_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(UserListResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_GetUsers_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_CreateUser_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_UpdateUser_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_ChangePassword_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_ToggleUserStatus_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GroupListResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_GetGroups_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_AddUserToGroup_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *ldapAuthClient) RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(StatusResponse)
 	err := c.cc.Invoke(ctx, LdapAuth_RemoveUserFromGroup_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // LdapAuthServer is the server API for LdapAuth service.
 // All implementations must embed UnimplementedLdapAuthServer
 // for forward compatibility.
 //
 // ==========================================
 // ГЛАВНЫЙ СЕРВИС
 // ==========================================
 type LdapAuthServer interface {
 	// --- Вектор 1: Авторизация (Bind от имени пользователя) ---
 	VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error)
 	// --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
 	GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error)
 	CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error)
 	UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error)
 	ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error)
 	ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error)
 	// --- Вектор 3: Управление Группами ---
 	GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error)
 	AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
 	RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
 	mustEmbedUnimplementedLdapAuthServer()
 }
 // UnimplementedLdapAuthServer must be embedded to have
 // forward compatible implementations.
 //
 // NOTE: this should be embedded by value instead of pointer to avoid a nil
 // pointer dereference when methods are called.
 type UnimplementedLdapAuthServer struct{}
 func (UnimplementedLdapAuthServer) VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method VerifyUser not implemented")
 }
 func (UnimplementedLdapAuthServer) GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetUsers not implemented")
 }
 func (UnimplementedLdapAuthServer) CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
 }
 func (UnimplementedLdapAuthServer) UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented")
 }
 func (UnimplementedLdapAuthServer) ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
 }
 func (UnimplementedLdapAuthServer) ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method ToggleUserStatus not implemented")
 }
 func (UnimplementedLdapAuthServer) GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetGroups not implemented")
 }
 func (UnimplementedLdapAuthServer) AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method AddUserToGroup not implemented")
 }
 func (UnimplementedLdapAuthServer) RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method RemoveUserFromGroup not implemented")
 }
 func (UnimplementedLdapAuthServer) mustEmbedUnimplementedLdapAuthServer() {}
 func (UnimplementedLdapAuthServer) testEmbeddedByValue()                  {}
 // UnsafeLdapAuthServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to LdapAuthServer will
 // result in compilation errors.
 type UnsafeLdapAuthServer interface {
 	mustEmbedUnimplementedLdapAuthServer()
 }
 func RegisterLdapAuthServer(s grpc.ServiceRegistrar, srv LdapAuthServer) {
 	// If the following call panics, it indicates UnimplementedLdapAuthServer was
 	// embedded by pointer and is nil.  This will cause panics if an
 	// unimplemented method is ever invoked, so we test this at initialization
 	// time to prevent it from happening at runtime later due to I/O.
 	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
 		t.testEmbeddedByValue()
 	}
 	s.RegisterService(&LdapAuth_ServiceDesc, srv)
 }
 func _LdapAuth_VerifyUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(VerifyRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).VerifyUser(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_VerifyUser_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).VerifyUser(ctx, req.(*VerifyRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_GetUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(EmptyRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).GetUsers(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_GetUsers_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).GetUsers(ctx, req.(*EmptyRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CreateUserRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).CreateUser(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_CreateUser_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).CreateUser(ctx, req.(*CreateUserRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(UpdateUserRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).UpdateUser(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_UpdateUser_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).UpdateUser(ctx, req.(*UpdateUserRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ChangePasswordRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).ChangePassword(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_ChangePassword_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_ToggleUserStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ToggleStatusRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).ToggleUserStatus(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_ToggleUserStatus_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).ToggleUserStatus(ctx, req.(*ToggleStatusRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_GetGroups_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(EmptyRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).GetGroups(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_GetGroups_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).GetGroups(ctx, req.(*EmptyRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_AddUserToGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GroupMemberRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).AddUserToGroup(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_AddUserToGroup_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).AddUserToGroup(ctx, req.(*GroupMemberRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _LdapAuth_RemoveUserFromGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(GroupMemberRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(LdapAuthServer).RemoveUserFromGroup(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: LdapAuth_RemoveUserFromGroup_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(LdapAuthServer).RemoveUserFromGroup(ctx, req.(*GroupMemberRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 // LdapAuth_ServiceDesc is the grpc.ServiceDesc for LdapAuth service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
 var LdapAuth_ServiceDesc = grpc.ServiceDesc{
 	ServiceName: "ldap_service.LdapAuth",
 	HandlerType: (*LdapAuthServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "VerifyUser",
 			Handler:    _LdapAuth_VerifyUser_Handler,
 		},
 		{
 			MethodName: "GetUsers",
 			Handler:    _LdapAuth_GetUsers_Handler,
 		},
 		{
 			MethodName: "CreateUser",
 			Handler:    _LdapAuth_CreateUser_Handler,
 		},
 		{
 			MethodName: "UpdateUser",
 			Handler:    _LdapAuth_UpdateUser_Handler,
 		},
 		{
 			MethodName: "ChangePassword",
 			Handler:    _LdapAuth_ChangePassword_Handler,
 		},
 		{
 			MethodName: "ToggleUserStatus",
 			Handler:    _LdapAuth_ToggleUserStatus_Handler,
 		},
 		{
 			MethodName: "GetGroups",
 			Handler:    _LdapAuth_GetGroups_Handler,
 		},
 		{
 			MethodName: "AddUserToGroup",
 			Handler:    _LdapAuth_AddUserToGroup_Handler,
 		},
 		{
 			MethodName: "RemoveUserFromGroup",
 			Handler:    _LdapAuth_RemoveUserFromGroup_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "ldap.proto",
 }
--- a/gen/identity.ts
+++ b/gen/identity.ts
@@ -1,13 +1,13 @@
 // Code generated by protoc-gen-ts_proto. DO NOT EDIT.
 // versions:
 //   protoc-gen-ts_proto  v2.11.6
-//   protoc               v3.21.12
+//   protoc               v7.34.1
 // source: identity.proto
 /* eslint-disable */
 import type { Metadata } from "@grpc/grpc-js";
 import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
 import { Observable } from "rxjs";
 import { Status } from "./google/rpc/status";
 export const protobufPackage = "identity";
@@ -24,6 +24,7 @@ export interface LoginResponse {
  tempToken?: string | undefined;
  message?: string | undefined;
  errorCode?: string | undefined;
  error?: Status | undefined;
 }
 export interface RefreshRequest {
@@ -44,30 +45,6 @@ export interface LogoutResponse {
  message: string;
 }
 export interface VerifyTokenRequest {
  token: string;
 }
 export interface VerifyTokenResponse {
  isValid: boolean;
  errorMessage?: string | undefined;
  id?: string | undefined;
  username?: string | undefined;
  roleLevel?: number | undefined;
  permissions: string[];
  sessionId?: string | undefined;
  requiresPin?: boolean | undefined;
 }
 export interface GetAccountRoleLevelRequest {
  accountId: string;
 }
 export interface GetAccountRoleLevelResponse {
  found: boolean;
  roleLevel: number;
 }
 export interface UnlockPinRequest {
  accessToken: string;
  pinCode: string;
@@ -174,77 +151,32 @@ export interface DisableTelegramResponse {
 export const IDENTITY_PACKAGE_NAME = "identity";
 export interface AuthServiceClient {
-  login(request: LoginRequest, metadata?: Metadata): Observable<LoginResponse>;
+  login(request: LoginRequest): Observable<LoginResponse>;
-  refresh(request: RefreshRequest, metadata?: Metadata): Observable<RefreshResponse>;
+  refresh(request: RefreshRequest): Observable<RefreshResponse>;
-  verifyToken(request: VerifyTokenRequest, metadata?: Metadata): Observable<VerifyTokenResponse>;
+  logout(request: LogoutRequest): Observable<LogoutResponse>;
-  getAccountRoleLevel(
+  unlockPin(request: UnlockPinRequest): Observable<UnlockPinResponse>;
    request: GetAccountRoleLevelRequest,
    metadata?: Metadata,
  ): Observable<GetAccountRoleLevelResponse>;
-  logout(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+  verify2Fa(request: Verify2FaRequest): Observable<Verify2FaResponse>;
  logoutAll(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
  unlockPin(request: UnlockPinRequest, metadata?: Metadata): Observable<UnlockPinResponse>;
  verify2Fa(request: Verify2FaRequest, metadata?: Metadata): Observable<Verify2FaResponse>;
 }
 export interface AuthServiceController {
-  login(request: LoginRequest, metadata?: Metadata): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
+  login(request: LoginRequest): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
-  refresh(
+  refresh(request: RefreshRequest): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
    request: RefreshRequest,
    metadata?: Metadata,
  ): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
-  verifyToken(
+  logout(request: LogoutRequest): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
    request: VerifyTokenRequest,
    metadata?: Metadata,
  ): Promise<VerifyTokenResponse> | Observable<VerifyTokenResponse> | VerifyTokenResponse;
-  getAccountRoleLevel(
+  unlockPin(request: UnlockPinRequest): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
    request: GetAccountRoleLevelRequest,
    metadata?: Metadata,
  ): Promise<GetAccountRoleLevelResponse> | Observable<GetAccountRoleLevelResponse> | GetAccountRoleLevelResponse;
-  logout(
+  verify2Fa(request: Verify2FaRequest): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
    request: LogoutRequest,
    metadata?: Metadata,
  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
  logoutAll(
    request: LogoutRequest,
    metadata?: Metadata,
  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
  unlockPin(
    request: UnlockPinRequest,
    metadata?: Metadata,
  ): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
  verify2Fa(
    request: Verify2FaRequest,
    metadata?: Metadata,
  ): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
 }
 export function AuthServiceControllerMethods() {
  return function (constructor: Function) {
-    const grpcMethods: string[] = [
+    const grpcMethods: string[] = ["login", "refresh", "logout", "unlockPin", "verify2Fa"];
      "login",
      "refresh",
      "verifyToken",
      "getAccountRoleLevel",
      "logout",
      "logoutAll",
      "unlockPin",
      "verify2Fa",
    ];
    for (const method of grpcMethods) {
      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
      GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
@@ -260,67 +192,46 @@ export function AuthServiceControllerMethods() {
 export const AUTH_SERVICE_NAME = "AuthService";
 export interface TwoFaServiceClient {
-  getTwoFaStatus(request: GetTwoFaStatusRequest, metadata?: Metadata): Observable<GetTwoFaStatusResponse>;
+  getTwoFaStatus(request: GetTwoFaStatusRequest): Observable<GetTwoFaStatusResponse>;
-  startTotpEnrollment(
+  startTotpEnrollment(request: AuthenticatedAccessRequest): Observable<StartTotpEnrollmentResponse>;
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ): Observable<StartTotpEnrollmentResponse>;
-  confirmTotpErollment(
+  confirmTotpErollment(request: ConfirmTotpEnrollmentRequest): Observable<ConfirmTotpEnrollmentResponse>;
    request: ConfirmTotpEnrollmentRequest,
    metadata?: Metadata,
  ): Observable<ConfirmTotpEnrollmentResponse>;
-  cancelTotpEnrollment(
+  cancelTotpEnrollment(request: AuthenticatedAccessRequest): Observable<CancelTotpEnrollmentResponse>;
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ): Observable<CancelTotpEnrollmentResponse>;
-  disableTotp(request: DisableTotpRequest, metadata?: Metadata): Observable<DisableTotpResponse>;
+  disableTotp(request: DisableTotpRequest): Observable<DisableTotpResponse>;
-  startTelegramEnrollment(
+  startTelegramEnrollment(request: AuthenticatedAccessRequest): Observable<StartTelegramEnrollmentResponse>;
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ): Observable<StartTelegramEnrollmentResponse>;
-  confirmTelegramEnrollment(
+  confirmTelegramEnrollment(request: ConfirmTelegramEnrollmentRequest): Observable<ConfirmTelegramEnrollmentResponse>;
    request: ConfirmTelegramEnrollmentRequest,
    metadata?: Metadata,
  ): Observable<ConfirmTelegramEnrollmentResponse>;
-  disableTelegram(request: DisableTelegramRequest, metadata?: Metadata): Observable<DisableTelegramResponse>;
+  disableTelegram(request: DisableTelegramRequest): Observable<DisableTelegramResponse>;
 }
 export interface TwoFaServiceController {
  getTwoFaStatus(
    request: GetTwoFaStatusRequest,
    metadata?: Metadata,
  ): Promise<GetTwoFaStatusResponse> | Observable<GetTwoFaStatusResponse> | GetTwoFaStatusResponse;
  startTotpEnrollment(
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ): Promise<StartTotpEnrollmentResponse> | Observable<StartTotpEnrollmentResponse> | StartTotpEnrollmentResponse;
  confirmTotpErollment(
    request: ConfirmTotpEnrollmentRequest,
    metadata?: Metadata,
  ): Promise<ConfirmTotpEnrollmentResponse> | Observable<ConfirmTotpEnrollmentResponse> | ConfirmTotpEnrollmentResponse;
  cancelTotpEnrollment(
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ): Promise<CancelTotpEnrollmentResponse> | Observable<CancelTotpEnrollmentResponse> | CancelTotpEnrollmentResponse;
  disableTotp(
    request: DisableTotpRequest,
    metadata?: Metadata,
  ): Promise<DisableTotpResponse> | Observable<DisableTotpResponse> | DisableTotpResponse;
  startTelegramEnrollment(
    request: AuthenticatedAccessRequest,
    metadata?: Metadata,
  ):
    | Promise<StartTelegramEnrollmentResponse>
    | Observable<StartTelegramEnrollmentResponse>
@@ -328,7 +239,6 @@ export interface TwoFaServiceController {
  confirmTelegramEnrollment(
    request: ConfirmTelegramEnrollmentRequest,
    metadata?: Metadata,
  ):
    | Promise<ConfirmTelegramEnrollmentResponse>
    | Observable<ConfirmTelegramEnrollmentResponse>
@@ -336,7 +246,6 @@ export interface TwoFaServiceController {
  disableTelegram(
    request: DisableTelegramRequest,
    metadata?: Metadata,
  ): Promise<DisableTelegramResponse> | Observable<DisableTelegramResponse> | DisableTelegramResponse;
 }
--- a/gen/ldap.ts
+++ b/gen/ldap.ts
@@ -1,247 +0,0 @@
 // Code generated by protoc-gen-ts_proto. DO NOT EDIT.
 // versions:
 //   protoc-gen-ts_proto  v2.11.6
 //   protoc               v3.21.12
 // source: ldap.proto
 /* eslint-disable */
 import type { Metadata } from "@grpc/grpc-js";
 import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
 import { Observable } from "rxjs";
 export const protobufPackage = "ldap_service";
 /**
 * ==========================================
 * БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
 * ==========================================
 */
 export interface EmptyRequest {
 }
 /** Стандартный ответ для мутаций (создание, обновление, удаление) */
 export interface StatusResponse {
  success: boolean;
  errorMessage: string;
 }
 /** Полная модель пользователя */
 export interface UserData {
  /** Полный путь в AD (Distinguished Name) */
  dn: string;
  /** Логин (sAMAccountName) */
  username: string;
  /** ФИО (displayName) */
  displayName: string;
  /** Почта (mail) */
  email: string;
  /** Описание/Должность (description) */
  description: string;
  /** Аватарка в байтах (thumbnailPhoto) */
  avatar: Uint8Array;
  /** Список групп */
  groups: string[];
  /** Статус аккаунта */
  isActive: boolean;
 }
 /** Модель группы */
 export interface GroupData {
  dn: string;
  /** Короткое имя группы (cn) */
  name: string;
 }
 /** --- Авторизация --- */
 export interface VerifyRequest {
  username: string;
  password: string;
 }
 export interface VerifyResponse {
  success: boolean;
  errorMessage: string;
  /** Отдаем полные данные при успешном входе */
  user: UserData | undefined;
 }
 /** --- Списки --- */
 export interface UserListResponse {
  success: boolean;
  errorMessage: string;
  users: UserData[];
 }
 export interface GroupListResponse {
  success: boolean;
  errorMessage: string;
  groups: GroupData[];
 }
 /** --- Управление профилем --- */
 export interface CreateUserRequest {
  username: string;
  fullName: string;
  password: string;
  /** Сразу при создании можно задать почту */
  email?: string | undefined;
 }
 /** Запрос на обновление. Используем optional для частичного обновления. */
 export interface UpdateUserRequest {
  /** Обязательное поле: кого обновляем */
  username: string;
  /** Новое ФИО (повлечет Rename CN) */
  displayName?:
    | string
    | undefined;
  /** Новая почта */
  email?:
    | string
    | undefined;
  /** Новое описание */
  description?:
    | string
    | undefined;
  /** Новая аватарка (бинарник картинки) */
  avatar?: Uint8Array | undefined;
 }
 export interface ChangePasswordRequest {
  username: string;
  newPassword: string;
 }
 export interface ToggleStatusRequest {
  username: string;
  /** true - включить (512), false - отключить (514) */
  setActive: boolean;
 }
 /** --- Управление членством в группах --- */
 export interface GroupMemberRequest {
  /** Логин пользователя */
  username: string;
  /** Полный путь группы (в которую добавляем / из которой удаляем) */
  groupDn: string;
 }
 export const LDAP_SERVICE_PACKAGE_NAME = "ldap_service";
 /**
 * ==========================================
 * ГЛАВНЫЙ СЕРВИС
 * ==========================================
 */
 export interface LdapAuthClient {
  /** --- Вектор 1: Авторизация (Bind от имени пользователя) --- */
  verifyUser(request: VerifyRequest, metadata?: Metadata): Observable<VerifyResponse>;
  /** --- Вектор 2: Управление Пользователями (Bind системного аккаунта) --- */
  getUsers(request: EmptyRequest, metadata?: Metadata): Observable<UserListResponse>;
  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
  updateUser(request: UpdateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<StatusResponse>;
  toggleUserStatus(request: ToggleStatusRequest, metadata?: Metadata): Observable<StatusResponse>;
  /** --- Вектор 3: Управление Группами --- */
  getGroups(request: EmptyRequest, metadata?: Metadata): Observable<GroupListResponse>;
  addUserToGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
  removeUserFromGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
 }
 /**
 * ==========================================
 * ГЛАВНЫЙ СЕРВИС
 * ==========================================
 */
 export interface LdapAuthController {
  /** --- Вектор 1: Авторизация (Bind от имени пользователя) --- */
  verifyUser(
    request: VerifyRequest,
    metadata?: Metadata,
  ): Promise<VerifyResponse> | Observable<VerifyResponse> | VerifyResponse;
  /** --- Вектор 2: Управление Пользователями (Bind системного аккаунта) --- */
  getUsers(
    request: EmptyRequest,
    metadata?: Metadata,
  ): Promise<UserListResponse> | Observable<UserListResponse> | UserListResponse;
  createUser(
    request: CreateUserRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
  updateUser(
    request: UpdateUserRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
  changePassword(
    request: ChangePasswordRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
  toggleUserStatus(
    request: ToggleStatusRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
  /** --- Вектор 3: Управление Группами --- */
  getGroups(
    request: EmptyRequest,
    metadata?: Metadata,
  ): Promise<GroupListResponse> | Observable<GroupListResponse> | GroupListResponse;
  addUserToGroup(
    request: GroupMemberRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
  removeUserFromGroup(
    request: GroupMemberRequest,
    metadata?: Metadata,
  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
 }
 export function LdapAuthControllerMethods() {
  return function (constructor: Function) {
    const grpcMethods: string[] = [
      "verifyUser",
      "getUsers",
      "createUser",
      "updateUser",
      "changePassword",
      "toggleUserStatus",
      "getGroups",
      "addUserToGroup",
      "removeUserFromGroup",
    ];
    for (const method of grpcMethods) {
      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
      GrpcMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
    }
    const grpcStreamMethods: string[] = [];
    for (const method of grpcStreamMethods) {
      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
      GrpcStreamMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
    }
  };
 }
 export const LDAP_AUTH_SERVICE_NAME = "LdapAuth";
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,3 @@
-module git.lendry.ru/lendry-erp/contracts.git
+module git.lendry.ru/lendry-erp/proto
 go 1.26.1
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,15 +1,14 @@
 {
  "name": "@lendry-erp/contracts",
-  "version": "1.0.24",
+  "version": "1.0.2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@lendry-erp/contracts",
-      "version": "1.0.24",
+      "version": "1.0.2",
      "dependencies": {
-        "@lendry-erp/contracts": "^1.0.24",
+        "@lendry-erp/contracts": "^1.0.2",
        "@lendry-erp/passport": "^1.0.3",
        "@nestjs/microservices": "^11.1.17",
        "rxjs": "^7.8.2",
        "ts-proto": "^2.11.6"
@@ -24,6 +23,7 @@
      "resolved": "https://registry.npmjs.org/@borewit/text-codec/-/text-codec-0.2.2.tgz",
      "integrity": "sha512-DDaRehssg1aNrH4+2hnj1B7vnUGEjU6OIlyRdkMd0aUdIUvKXrJfXsy8LVtXAy7DRvYVluWbMspsRhz2lcW0mQ==",
      "license": "MIT",
      "peer": true,
      "funding": {
        "type": "github",
        "url": "https://github.com/sponsors/Borewit"
@@ -36,32 +36,21 @@
      "license": "(Apache-2.0 AND BSD-3-Clause)"
    },
    "node_modules/@lendry-erp/contracts": {
-      "version": "1.0.24",
+      "version": "1.0.2",
-      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.24/contracts-1.0.24.tgz",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.2/contracts-1.0.2.tgz",
-      "integrity": "sha512-Bn4RgU22O6IDFhYEbQicBLpRtSGHrEgqOSAljQh4lT5shMeLedlE0V3jFxzFu9xpyTzcM/o+C96vpsAHab0tbg==",
+      "integrity": "sha512-39NulQ6mn3dmrX/GXwzYYPyX/rE+4gO1En+uJJR9bHXZ3awWi0U3drIvgwM25gyi829Ae0U8vVtzMaP3gON90A==",
      "dependencies": {
        "@nestjs/microservices": "^11.1.17",
        "rxjs": "^7.8.2",
        "ts-proto": "^2.11.6"
      }
    },
    "node_modules/@lendry-erp/passport": {
      "version": "1.0.3",
      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fpassport/-/1.0.3/passport-1.0.3.tgz",
      "integrity": "sha512-gaPdlZahkXmOUnLBlzNdk41nJ1BI6TPZY5xUaCmlIkpqZKr8D5TSBBkFrw4Vlw+TLImqL2Y1JUT4k60gHHtjiw==",
      "license": "ISC",
      "dependencies": {
        "@nestjs/common": "^11.1.17",
        "@nestjs/core": "^11.1.17",
        "reflect-metadata": "^0.2.2",
        "rxjs": "^7.8.2"
      }
    },
    "node_modules/@lukeed/csprng": {
      "version": "1.1.0",
      "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
      "integrity": "sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA==",
      "license": "MIT",
      "peer": true,
      "engines": {
        "node": ">=8"
      }
@@ -71,6 +60,7 @@
      "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz",
      "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "file-type": "21.3.2",
        "iterare": "1.2.1",
@@ -103,6 +93,7 @@
      "integrity": "sha512-lD5mAYekTTurF3vDaa8C2OKPnjiz4tsfxIc5XlcSUzOhkwWf6Ay3HKvt6FmvuWQam6uIIHX52Clg+e6tAvf/cg==",
      "hasInstallScript": true,
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "@nuxt/opencollective": "0.4.1",
        "fast-safe-stringify": "2.1.1",
@@ -201,6 +192,7 @@
      "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.4.1.tgz",
      "integrity": "sha512-GXD3wy50qYbxCJ652bDrDzgMr3NFEkIS374+IgFQKkCvk9yiYcLvX2XDYr7UyQxf4wK0e+yqDYRubZ0DtOxnmQ==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "consola": "^3.2.3"
      },
@@ -217,6 +209,7 @@
      "resolved": "https://registry.npmjs.org/@tokenizer/inflate/-/inflate-0.4.1.tgz",
      "integrity": "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "debug": "^4.4.3",
        "token-types": "^6.1.1"
@@ -233,7 +226,8 @@
      "version": "0.3.0",
      "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
      "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==",
-      "license": "MIT"
+      "license": "MIT",
      "peer": true
    },
    "node_modules/@types/node": {
      "version": "25.5.0",
@@ -262,6 +256,7 @@
      "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz",
      "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==",
      "license": "MIT",
      "peer": true,
      "engines": {
        "node": "^14.18.0 || >=16.10.0"
      }
@@ -271,6 +266,7 @@
      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
      "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "ms": "^2.1.3"
      },
@@ -308,13 +304,15 @@
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
      "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
-      "license": "MIT"
+      "license": "MIT",
      "peer": true
    },
    "node_modules/file-type": {
      "version": "21.3.2",
      "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz",
      "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "@tokenizer/inflate": "^0.4.1",
        "strtok3": "^10.3.4",
@@ -346,7 +344,8 @@
          "url": "https://feross.org/support"
        }
      ],
-      "license": "BSD-3-Clause"
+      "license": "BSD-3-Clause",
      "peer": true
    },
    "node_modules/iterare": {
      "version": "1.2.1",
@@ -372,6 +371,7 @@
        }
      ],
      "license": "MIT",
      "peer": true,
      "engines": {
        "node": ">=13.2.0"
      }
@@ -380,13 +380,15 @@
      "version": "2.1.3",
      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT"
+      "license": "MIT",
      "peer": true
    },
    "node_modules/path-to-regexp": {
      "version": "8.3.0",
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
      "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
      "license": "MIT",
      "peer": true,
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/express"
@@ -396,7 +398,8 @@
      "version": "0.2.2",
      "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
      "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
-      "license": "Apache-2.0"
+      "license": "Apache-2.0",
      "peer": true
    },
    "node_modules/rxjs": {
      "version": "7.8.2",
@@ -412,6 +415,7 @@
      "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz",
      "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "@tokenizer/token": "^0.3.0"
      },
@@ -428,6 +432,7 @@
      "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.1.2.tgz",
      "integrity": "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "@borewit/text-codec": "^0.2.1",
        "@tokenizer/token": "^0.3.0",
@@ -499,6 +504,7 @@
      "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
      "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
      "license": "MIT",
      "peer": true,
      "dependencies": {
        "@lukeed/csprng": "^1.0.0"
      },
@@ -511,6 +517,7 @@
      "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",
      "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==",
      "license": "MIT",
      "peer": true,
      "engines": {
        "node": ">=18"
      },
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@lendry-erp/contracts",
-  "version": "1.0.27",
+  "version": "1.0.12",
  "description": "Protobuf definitions and generated TypeScript types",
  "type": "commonjs",
  "main": "./dist/index.js",
@@ -17,8 +17,6 @@
    "access": "public"
  },
  "dependencies": {
    "@lendry-erp/contracts": "^1.0.24",
    "@lendry-erp/passport": "^1.0.3",
    "@nestjs/microservices": "^11.1.17",
    "rxjs": "^7.8.2",
    "ts-proto": "^2.11.6"
--- a/proto/identity.proto
+++ b/proto/identity.proto
@@ -2,15 +2,12 @@ syntax = "proto3";
 package identity;
-option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+option go_package = './gen';
 service AuthService {
    rpc Login (LoginRequest) returns (LoginResponse);
    rpc Refresh (RefreshRequest) returns (RefreshResponse);
    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
    rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
    rpc Logout (LogoutRequest) returns (LogoutResponse);
    rpc LogoutAll (LogoutRequest) returns (LogoutResponse);
    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
    rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
 }
@@ -59,30 +56,6 @@ message LogoutResponse {
  string message = 2;
 }
 message VerifyTokenRequest {
  string token = 1;
 }
 message VerifyTokenResponse {
  bool is_valid = 1;
  optional string error_message = 2;
  optional string id = 3;
  optional string username = 4;
  optional int32 role_level = 5;
  repeated string permissions = 6;
  optional string session_id = 7;
  optional bool requires_pin = 8;
 }
 message GetAccountRoleLevelRequest {
  string account_id = 1;
 }
 message GetAccountRoleLevelResponse {
  bool found = 1;
  int32 role_level = 2;
 }
 message UnlockPinRequest {
  string access_token = 1;
  string pin_code = 2;
--- a/proto/ldap.proto
+++ b/proto/ldap.proto
@@ -2,62 +2,12 @@ syntax = "proto3";
 package ldap_service;
-option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+option go_package = "git.lendry.ru/lendry-erp/gen;ldap_service";
 // ==========================================
 // ГЛАВНЫЙ СЕРВИС
 // ==========================================
 service LdapAuth {
  // --- Вектор 1: Авторизация (Bind от имени пользователя) ---
    rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
  // --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
  rpc GetUsers (EmptyRequest) returns (UserListResponse);
  rpc CreateUser (CreateUserRequest) returns (StatusResponse);
  rpc UpdateUser (UpdateUserRequest) returns (StatusResponse);
  rpc ChangePassword (ChangePasswordRequest) returns (StatusResponse);
  rpc ToggleUserStatus (ToggleStatusRequest) returns (StatusResponse);
  // --- Вектор 3: Управление Группами ---
  rpc GetGroups (EmptyRequest) returns (GroupListResponse);
  rpc AddUserToGroup (GroupMemberRequest) returns (StatusResponse);
  rpc RemoveUserFromGroup (GroupMemberRequest) returns (StatusResponse);
 }
 // ==========================================
 // БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
 // ==========================================
 message EmptyRequest {}
 // Стандартный ответ для мутаций (создание, обновление, удаление)
 message StatusResponse {
  bool success = 1;
  string error_message = 2;
 }
 // Полная модель пользователя
 message UserData {
  string dn = 1; // Полный путь в AD (Distinguished Name)
  string username = 2; // Логин (sAMAccountName)
  string display_name = 3; // ФИО (displayName)
  string email = 4; // Почта (mail)
  string description = 5; // Описание/Должность (description)
  bytes avatar = 6; // Аватарка в байтах (thumbnailPhoto)
  repeated string groups = 7; // Список групп
  bool is_active = 8; // Статус аккаунта
 }
 // Модель группы
 message GroupData {
  string dn = 1;
  string name = 2; // Короткое имя группы (cn)
 }
 // ==========================================
 // ЗАПРОСЫ И ОТВЕТЫ (REQUESTS / RESPONSES)
 // ==========================================
 // --- Авторизация ---
 message VerifyRequest {
  string username = 1;
  string password = 2;
@@ -66,51 +16,13 @@ message VerifyRequest {
 message VerifyResponse {
  bool success = 1;
  string error_message = 2;
-  UserData user = 3; // Отдаем полные данные при успешном входе
+  UserData user = 3;
 }
-// --- Списки ---
+message UserData {
-message UserListResponse {
+  string dn = 1;
-  bool success = 1;
+  string display_name = 2;
-  string error_message = 2;
+  repeated string groups = 3;
-  repeated UserData users = 3;
+  bool is_active = 4;
 }
 message GroupListResponse {
  bool success = 1;
  string error_message = 2;
  repeated GroupData groups = 3;
 }
 // --- Управление профилем ---
 message CreateUserRequest {
  string username = 1;
  string full_name = 2;
  string password = 3;
  optional string email = 4; // Сразу при создании можно задать почту
 }
 // Запрос на обновление. Используем optional для частичного обновления.
 message UpdateUserRequest {
  string username = 1; // Обязательное поле: кого обновляем
  optional string display_name = 2; // Новое ФИО (повлечет Rename CN)
  optional string email = 3;        // Новая почта
  optional string description = 4;  // Новое описание
  optional bytes avatar = 5;        // Новая аватарка (бинарник картинки)
 }
 message ChangePasswordRequest {
  string username = 1;
  string new_password = 2;
 }
 message ToggleStatusRequest {
  string username = 1;
  bool set_active = 2; // true - включить (512), false - отключить (514)
 }
 // --- Управление членством в группах ---
 message GroupMemberRequest {
  string username = 1; // Логин пользователя
  string group_dn = 2; // Полный путь группы (в которую добавляем / из которой удаляем)
 }
`@@ -1,3 +1,3 @@`
	`module git.lendry.ru/lendry-erp/contracts.git`	`module git.lendry.ru/lendry-erp/proto`

	`go 1.26.1`	`go 1.26.1`