fix: change version

.github/workflows/publish.yml

@@ -9,6 +9,8 @@ jobs:
   publish:
     name: Publish Job
     runs-on: ubuntu-latest
+    env:
+      NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -17,18 +19,51 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-          registry-url: "https://registry.npmjs.org/"
+          registry-url: "https://git.lendry.ru/api/packages/lendry-erp/npm/"
+          scope: "@lendry-erp"
+
+      # 1. Устанавливаем Go (нужен для скачивания плагинов генерации)
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22" # Можно указать нужную тебе версию
+
+      # 2. Устанавливаем плагины генерации для Go и добавляем их в PATH
+      - name: Install Go Protoc Plugins
+        run: |
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
 
       - name: Install protoc
         run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
 
       - name: Install deps
-        run: npm install
+        run: npm ci
 
-      - name: Generate TS Protobuf
+      - name: Build
-        run: npm run generate
+        run: npm run build
 
+      # 3. Исправленный шаг генерации (команды разделены, добавлено создание папки)
+      - name: Generate Protobuf
+        run: |
+          npm install -g ts-proto
+          mkdir -p ./gen/go  # Создаем вложенную папку для Go
+          protoc -I ./proto ./proto/*.proto \
+            --ts_proto_out=nestJs=true,package=omit:./gen \
+            --go_out=paths=source_relative:./gen/go \
+            --go-grpc_out=paths=source_relative:./gen/go
+
+      - name: Commit and push changes
+        run: |
+          # Представляемся Git-ботом
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Добавляем папку gen в индекс
+          git add ./gen
+
+          # Проверяем, есть ли изменения. Если есть — коммитим и пушим.
+          git diff --quiet && git diff --staged --quiet || (git commit -m "chore: auto-generate protobuf files [skip ci]" && git push)
       - name: Publish package
         run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.npmrc

@@ -0,0 +1 @@
+@lendry-erp:registry=https://git.lendry.ru/api/packages/lendry-erp/npm/

gen/go/identity_grpc.pb.go

@@ -0,0 +1,641 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: identity.proto
+
+package gen
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AuthService_Login_FullMethodName     = "/identity.AuthService/Login"
+	AuthService_Refresh_FullMethodName   = "/identity.AuthService/Refresh"
+	AuthService_Logout_FullMethodName    = "/identity.AuthService/Logout"
+	AuthService_UnlockPin_FullMethodName = "/identity.AuthService/UnlockPin"
+	AuthService_Verify2Fa_FullMethodName = "/identity.AuthService/Verify2Fa"
+)
+
+// AuthServiceClient is the client API for AuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuthServiceClient interface {
+	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
+	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
+}
+
+type authServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
+	return &authServiceClient{cc}
+}
+
+func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LoginResponse)
+	err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RefreshResponse)
+	err := c.cc.Invoke(ctx, AuthService_Refresh_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnlockPinResponse)
+	err := c.cc.Invoke(ctx, AuthService_UnlockPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(Verify2FaResponse)
+	err := c.cc.Invoke(ctx, AuthService_Verify2Fa_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuthServiceServer is the server API for AuthService service.
+// All implementations must embed UnimplementedAuthServiceServer
+// for forward compatibility.
+type AuthServiceServer interface {
+	Login(context.Context, *LoginRequest) (*LoginResponse, error)
+	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+// UnimplementedAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAuthServiceServer struct{}
+
+func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Login not implemented")
+}
+func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
+}
+func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
+}
+func (UnimplementedAuthServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+}
+func (UnimplementedAuthServiceServer) Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Verify2Fa not implemented")
+}
+func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
+func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuthServiceServer will
+// result in compilation errors.
+type UnsafeAuthServiceServer interface {
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AuthService_ServiceDesc, srv)
+}
+
+func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Login_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RefreshRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Refresh(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Refresh_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Refresh(ctx, req.(*RefreshRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Logout(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Logout_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnlockPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).UnlockPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_UnlockPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Verify2Fa_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Verify2FaRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Verify2Fa(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Verify2Fa_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Verify2Fa(ctx, req.(*Verify2FaRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "identity.AuthService",
+	HandlerType: (*AuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _AuthService_Login_Handler,
+		},
+		{
+			MethodName: "Refresh",
+			Handler:    _AuthService_Refresh_Handler,
+		},
+		{
+			MethodName: "Logout",
+			Handler:    _AuthService_Logout_Handler,
+		},
+		{
+			MethodName: "UnlockPin",
+			Handler:    _AuthService_UnlockPin_Handler,
+		},
+		{
+			MethodName: "Verify2Fa",
+			Handler:    _AuthService_Verify2Fa_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "identity.proto",
+}
+
+const (
+	TwoFaService_GetTwoFaStatus_FullMethodName            = "/identity.TwoFaService/GetTwoFaStatus"
+	TwoFaService_StartTotpEnrollment_FullMethodName       = "/identity.TwoFaService/StartTotpEnrollment"
+	TwoFaService_ConfirmTotpErollment_FullMethodName      = "/identity.TwoFaService/ConfirmTotpErollment"
+	TwoFaService_CancelTotpEnrollment_FullMethodName      = "/identity.TwoFaService/CancelTotpEnrollment"
+	TwoFaService_DisableTotp_FullMethodName               = "/identity.TwoFaService/DisableTotp"
+	TwoFaService_StartTelegramEnrollment_FullMethodName   = "/identity.TwoFaService/StartTelegramEnrollment"
+	TwoFaService_ConfirmTelegramEnrollment_FullMethodName = "/identity.TwoFaService/ConfirmTelegramEnrollment"
+	TwoFaService_DisableTelegram_FullMethodName           = "/identity.TwoFaService/DisableTelegram"
+)
+
+// TwoFaServiceClient is the client API for TwoFaService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type TwoFaServiceClient interface {
+	GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error)
+}
+
+type twoFaServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewTwoFaServiceClient(cc grpc.ClientConnInterface) TwoFaServiceClient {
+	return &twoFaServiceClient{cc}
+}
+
+func (c *twoFaServiceClient) GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetTwoFaStatusResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_GetTwoFaStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTotpErollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CancelTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_CancelTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTotpResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTotp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTelegramResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTelegram_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// TwoFaServiceServer is the server API for TwoFaService service.
+// All implementations must embed UnimplementedTwoFaServiceServer
+// for forward compatibility.
+type TwoFaServiceServer interface {
+	GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error)
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+// UnimplementedTwoFaServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedTwoFaServiceServer struct{}
+
+func (UnimplementedTwoFaServiceServer) GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetTwoFaStatus not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTotpErollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CancelTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTotp not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTelegram not implemented")
+}
+func (UnimplementedTwoFaServiceServer) mustEmbedUnimplementedTwoFaServiceServer() {}
+func (UnimplementedTwoFaServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeTwoFaServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to TwoFaServiceServer will
+// result in compilation errors.
+type UnsafeTwoFaServiceServer interface {
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+func RegisterTwoFaServiceServer(s grpc.ServiceRegistrar, srv TwoFaServiceServer) {
+	// If the following call panics, it indicates UnimplementedTwoFaServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&TwoFaService_ServiceDesc, srv)
+}
+
+func _TwoFaService_GetTwoFaStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTwoFaStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_GetTwoFaStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, req.(*GetTwoFaStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTotpErollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTotpEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTotpErollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, req.(*ConfirmTotpEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_CancelTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_CancelTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTotp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTotpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTotp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, req.(*DisableTotpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTelegramEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, req.(*ConfirmTelegramEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTelegram_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTelegramRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTelegram_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, req.(*DisableTelegramRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// TwoFaService_ServiceDesc is the grpc.ServiceDesc for TwoFaService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var TwoFaService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "identity.TwoFaService",
+	HandlerType: (*TwoFaServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetTwoFaStatus",
+			Handler:    _TwoFaService_GetTwoFaStatus_Handler,
+		},
+		{
+			MethodName: "StartTotpEnrollment",
+			Handler:    _TwoFaService_StartTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTotpErollment",
+			Handler:    _TwoFaService_ConfirmTotpErollment_Handler,
+		},
+		{
+			MethodName: "CancelTotpEnrollment",
+			Handler:    _TwoFaService_CancelTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTotp",
+			Handler:    _TwoFaService_DisableTotp_Handler,
+		},
+		{
+			MethodName: "StartTelegramEnrollment",
+			Handler:    _TwoFaService_StartTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTelegramEnrollment",
+			Handler:    _TwoFaService_ConfirmTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTelegram",
+			Handler:    _TwoFaService_DisableTelegram_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "identity.proto",
+}

gen/go/ldap.pb.go

@@ -0,0 +1,277 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: ldap.proto
+
+package ldap_service
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type VerifyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyRequest) Reset() {
+	*x = VerifyRequest{}
+	mi := &file_ldap_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyRequest) ProtoMessage() {}
+
+func (x *VerifyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
+func (*VerifyRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *VerifyRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *VerifyRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+type VerifyResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	User          *UserData              `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyResponse) Reset() {
+	*x = VerifyResponse{}
+	mi := &file_ldap_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyResponse) ProtoMessage() {}
+
+func (x *VerifyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
+func (*VerifyResponse) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *VerifyResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *VerifyResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *VerifyResponse) GetUser() *UserData {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+type UserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
+	DisplayName   string                 `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
+	Groups        []string               `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
+	IsActive      bool                   `protobuf:"varint,4,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserData) Reset() {
+	*x = UserData{}
+	mi := &file_ldap_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserData) ProtoMessage() {}
+
+func (x *UserData) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserData.ProtoReflect.Descriptor instead.
+func (*UserData) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *UserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *UserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *UserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+var File_ldap_proto protoreflect.FileDescriptor
+
+const file_ldap_proto_rawDesc = "" +
+	"\n" +
+	"\n" +
+	"ldap.proto\x12\fldap_service\"G\n" +
+	"\rVerifyRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\"{\n" +
+	"\x0eVerifyResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
+	"\x04user\x18\x03 \x01(\v2\x16.ldap_service.UserDataR\x04user\"r\n" +
+	"\bUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12!\n" +
+	"\fdisplay_name\x18\x02 \x01(\tR\vdisplayName\x12\x16\n" +
+	"\x06groups\x18\x03 \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\x04 \x01(\bR\bisActive2S\n" +
+	"\bLdapAuth\x12G\n" +
+	"\n" +
+	"VerifyUser\x12\x1b.ldap_service.VerifyRequest\x1a\x1c.ldap_service.VerifyResponseB<Z:git.lendry.ru/lendry-erp/contracts.git/gen/go;ldap_serviceb\x06proto3"
+
+var (
+	file_ldap_proto_rawDescOnce sync.Once
+	file_ldap_proto_rawDescData []byte
+)
+
+func file_ldap_proto_rawDescGZIP() []byte {
+	file_ldap_proto_rawDescOnce.Do(func() {
+		file_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)))
+	})
+	return file_ldap_proto_rawDescData
+}
+
+var file_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_ldap_proto_goTypes = []any{
+	(*VerifyRequest)(nil),  // 0: ldap_service.VerifyRequest
+	(*VerifyResponse)(nil), // 1: ldap_service.VerifyResponse
+	(*UserData)(nil),       // 2: ldap_service.UserData
+}
+var file_ldap_proto_depIdxs = []int32{
+	2, // 0: ldap_service.VerifyResponse.user:type_name -> ldap_service.UserData
+	0, // 1: ldap_service.LdapAuth.VerifyUser:input_type -> ldap_service.VerifyRequest
+	1, // 2: ldap_service.LdapAuth.VerifyUser:output_type -> ldap_service.VerifyResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_ldap_proto_init() }
+func file_ldap_proto_init() {
+	if File_ldap_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_ldap_proto_goTypes,
+		DependencyIndexes: file_ldap_proto_depIdxs,
+		MessageInfos:      file_ldap_proto_msgTypes,
+	}.Build()
+	File_ldap_proto = out.File
+	file_ldap_proto_goTypes = nil
+	file_ldap_proto_depIdxs = nil
+}

gen/go/ldap_grpc.pb.go

@@ -0,0 +1,121 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: ldap.proto
+
+package ldap_service
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapAuth_VerifyUser_FullMethodName = "/ldap_service.LdapAuth/VerifyUser"
+)
+
+// LdapAuthClient is the client API for LdapAuth service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapAuthClient interface {
+	VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
+}
+
+type ldapAuthClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapAuthClient(cc grpc.ClientConnInterface) LdapAuthClient {
+	return &ldapAuthClient{cc}
+}
+
+func (c *ldapAuthClient) VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_VerifyUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapAuthServer is the server API for LdapAuth service.
+// All implementations must embed UnimplementedLdapAuthServer
+// for forward compatibility.
+type LdapAuthServer interface {
+	VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error)
+	mustEmbedUnimplementedLdapAuthServer()
+}
+
+// UnimplementedLdapAuthServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapAuthServer struct{}
+
+func (UnimplementedLdapAuthServer) VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyUser not implemented")
+}
+func (UnimplementedLdapAuthServer) mustEmbedUnimplementedLdapAuthServer() {}
+func (UnimplementedLdapAuthServer) testEmbeddedByValue()                  {}
+
+// UnsafeLdapAuthServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapAuthServer will
+// result in compilation errors.
+type UnsafeLdapAuthServer interface {
+	mustEmbedUnimplementedLdapAuthServer()
+}
+
+func RegisterLdapAuthServer(s grpc.ServiceRegistrar, srv LdapAuthServer) {
+	// If the following call panics, it indicates UnimplementedLdapAuthServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapAuth_ServiceDesc, srv)
+}
+
+func _LdapAuth_VerifyUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).VerifyUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_VerifyUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).VerifyUser(ctx, req.(*VerifyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapAuth_ServiceDesc is the grpc.ServiceDesc for LdapAuth service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapAuth_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap_service.LdapAuth",
+	HandlerType: (*LdapAuthServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "VerifyUser",
+			Handler:    _LdapAuth_VerifyUser_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "ldap.proto",
+}

gen/google/protobuf/any.ts

@@ -1,16 +0,0 @@
-// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
-// versions:
-//   protoc-gen-ts_proto  v2.11.6
-//   protoc               v7.34.1
-// source: google/protobuf/any.proto
-
-/* eslint-disable */
-
-export const protobufPackage = "google.protobuf";
-
-export interface Any {
-  typeUrl: string;
-  value: Uint8Array;
-}
-
-export const GOOGLE_PROTOBUF_PACKAGE_NAME = "google.protobuf";

gen/google/rpc/status.ts

@@ -1,18 +0,0 @@
-// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
-// versions:
-//   protoc-gen-ts_proto  v2.11.6
-//   protoc               v7.34.1
-// source: google/rpc/status.proto
-
-/* eslint-disable */
-import { Any } from "../protobuf/any";
-
-export const protobufPackage = "google.rpc";
-
-export interface Status {
-  code: number;
-  message: string;
-  details: Any[];
-}
-
-export const GOOGLE_RPC_PACKAGE_NAME = "google.rpc";

gen/identity.ts

@@ -1,15 +1,14 @@
 // Code generated by protoc-gen-ts_proto. DO NOT EDIT.
 // versions:
 //   protoc-gen-ts_proto  v2.11.6
-//   protoc               v7.34.1
+//   protoc               v3.21.12
-// source: auth.proto
+// source: identity.proto
 
 /* eslint-disable */
 import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
 import { Observable } from "rxjs";
-import { Status } from "./google/rpc/status";
 
-export const protobufPackage = "auth.v1";
+export const protobufPackage = "identity";
 
 export interface LoginRequest {
   username: string;
@@ -18,34 +17,51 @@ export interface LoginRequest {
 
 export interface LoginResponse {
   accessToken: string;
+  refreshToken: string;
   status: string;
   need2fa: boolean;
-  tempToken: string;
+  tempToken?: string | undefined;
+  message?: string | undefined;
+  errorCode?: string | undefined;
+}
+
+export interface RefreshRequest {
+  refreshToken: string;
+}
+
+export interface RefreshResponse {
+  accessToken: string;
+  refreshToken: string;
+}
+
+export interface LogoutRequest {
+  accessToken: string;
+}
+
+export interface LogoutResponse {
+  success: boolean;
   message: string;
-  errorCode: string;
-  error: Status | undefined;
 }
 
-export interface RegisterRequest {
+export interface UnlockPinRequest {
-  username: string;
+  accessToken: string;
-  password: string;
+  pinCode: string;
 }
 
-export interface RegisterResponse {
+export interface UnlockPinResponse {
-  userId: string;
+  success: boolean;
-  status: string;
   message: string;
 }
 
 export interface Verify2FaRequest {
   tempToken: string;
-  totpCode: string;
+  totpCode?: string | undefined;
-  telegramCode: string;
+  telegramCode?: string | undefined;
-  reserveCode: string;
 }
 
 export interface Verify2FaResponse {
   accessToken: string;
+  refreshToken: string;
   status: string;
   message: string;
   reserveCodes: string[];
@@ -130,12 +146,16 @@ export interface DisableTelegramResponse {
   message: string;
 }
 
-export const AUTH_V1_PACKAGE_NAME = "auth.v1";
+export const IDENTITY_PACKAGE_NAME = "identity";
 
 export interface AuthServiceClient {
   login(request: LoginRequest): Observable<LoginResponse>;
 
-  register(request: RegisterRequest): Observable<RegisterResponse>;
+  refresh(request: RefreshRequest): Observable<RefreshResponse>;
+
+  logout(request: LogoutRequest): Observable<LogoutResponse>;
+
+  unlockPin(request: UnlockPinRequest): Observable<UnlockPinResponse>;
 
   verify2Fa(request: Verify2FaRequest): Observable<Verify2FaResponse>;
 }
@@ -143,14 +163,18 @@ export interface AuthServiceClient {
 export interface AuthServiceController {
   login(request: LoginRequest): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
 
-  register(request: RegisterRequest): Promise<RegisterResponse> | Observable<RegisterResponse> | RegisterResponse;
+  refresh(request: RefreshRequest): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
+
+  logout(request: LogoutRequest): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+
+  unlockPin(request: UnlockPinRequest): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
 
   verify2Fa(request: Verify2FaRequest): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
 }
 
 export function AuthServiceControllerMethods() {
   return function (constructor: Function) {
-    const grpcMethods: string[] = ["login", "register", "verify2Fa"];
+    const grpcMethods: string[] = ["login", "refresh", "logout", "unlockPin", "verify2Fa"];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
       GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
@@ -165,7 +189,7 @@ export function AuthServiceControllerMethods() {
 
 export const AUTH_SERVICE_NAME = "AuthService";
 
-export interface TwoFaSrviceClient {
+export interface TwoFaServiceClient {
   getTwoFaStatus(request: GetTwoFaStatusRequest): Observable<GetTwoFaStatusResponse>;
 
   startTotpEnrollment(request: AuthenticatedAccessRequest): Observable<StartTotpEnrollmentResponse>;
@@ -183,7 +207,7 @@ export interface TwoFaSrviceClient {
   disableTelegram(request: DisableTelegramRequest): Observable<DisableTelegramResponse>;
 }
 
-export interface TwoFaSrviceController {
+export interface TwoFaServiceController {
   getTwoFaStatus(
     request: GetTwoFaStatusRequest,
   ): Promise<GetTwoFaStatusResponse> | Observable<GetTwoFaStatusResponse> | GetTwoFaStatusResponse;
@@ -223,7 +247,7 @@ export interface TwoFaSrviceController {
   ): Promise<DisableTelegramResponse> | Observable<DisableTelegramResponse> | DisableTelegramResponse;
 }
 
-export function TwoFaSrviceControllerMethods() {
+export function TwoFaServiceControllerMethods() {
   return function (constructor: Function) {
     const grpcMethods: string[] = [
       "getTwoFaStatus",
@@ -237,14 +261,14 @@ export function TwoFaSrviceControllerMethods() {
     ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcMethod("TwoFaSrvice", method)(constructor.prototype[method], method, descriptor);
+      GrpcMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
     }
     const grpcStreamMethods: string[] = [];
     for (const method of grpcStreamMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcStreamMethod("TwoFaSrvice", method)(constructor.prototype[method], method, descriptor);
+      GrpcStreamMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
     }
   };
 }
 
-export const TWO_FA_SRVICE_SERVICE_NAME = "TwoFaSrvice";
+export const TWO_FA_SERVICE_NAME = "TwoFaService";

gen/ldap.ts

@@ -0,0 +1,56 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v3.21.12
+// source: ldap.proto
+
+/* eslint-disable */
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "ldap_service";
+
+export interface VerifyRequest {
+  username: string;
+  password: string;
+}
+
+export interface VerifyResponse {
+  success: boolean;
+  errorMessage: string;
+  user: UserData | undefined;
+}
+
+export interface UserData {
+  dn: string;
+  displayName: string;
+  groups: string[];
+  isActive: boolean;
+}
+
+export const LDAP_SERVICE_PACKAGE_NAME = "ldap_service";
+
+export interface LdapAuthClient {
+  verifyUser(request: VerifyRequest): Observable<VerifyResponse>;
+}
+
+export interface LdapAuthController {
+  verifyUser(request: VerifyRequest): Promise<VerifyResponse> | Observable<VerifyResponse> | VerifyResponse;
+}
+
+export function LdapAuthControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = ["verifyUser"];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const LDAP_AUTH_SERVICE_NAME = "LdapAuth";

go.mod

@@ -0,0 +1,3 @@
+module git.lendry.ru/lendry-erp/proto
+
+go 1.26.1

package-lock.json

@@ -1,16 +1,21 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@lendry-erp/contracts",
-      "version": "1.0.0",
+      "version": "1.0.2",
       "dependencies": {
+        "@lendry-erp/contracts": "^1.0.2",
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
+      },
+      "devDependencies": {
+        "@types/node": "^25.5.0",
+        "typescript": "^6.0.2"
       }
     },
     "node_modules/@borewit/text-codec": {
@@ -30,6 +35,16 @@
       "integrity": "sha512-sBXGT13cpmPR5BMgHE6UEEfEaShh5Ror6rfN3yEK5si7QVrtZg8LEPQb0VVhiLRUslD2yLnXtnRzG035J/mZXQ==",
       "license": "(Apache-2.0 AND BSD-3-Clause)"
     },
+    "node_modules/@lendry-erp/contracts": {
+      "version": "1.0.2",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.2/contracts-1.0.2.tgz",
+      "integrity": "sha512-39NulQ6mn3dmrX/GXwzYYPyX/rE+4gO1En+uJJR9bHXZ3awWi0U3drIvgwM25gyi829Ae0U8vVtzMaP3gON90A==",
+      "dependencies": {
+        "@nestjs/microservices": "^11.1.17",
+        "rxjs": "^7.8.2",
+        "ts-proto": "^2.11.6"
+      }
+    },
     "node_modules/@lukeed/csprng": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
@@ -214,6 +229,16 @@
       "license": "MIT",
       "peer": true
     },
+    "node_modules/@types/node": {
+      "version": "25.5.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+      "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~7.18.0"
+      }
+    },
     "node_modules/case-anything": {
       "version": "2.1.13",
       "resolved": "https://registry.npmjs.org/case-anything/-/case-anything-2.1.13.tgz",
@@ -460,6 +485,20 @@
       "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==",
       "license": "0BSD"
     },
+    "node_modules/typescript": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+      "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
     "node_modules/uid": {
       "version": "2.0.2",
       "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
@@ -485,6 +524,13 @@
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
+    },
+    "node_modules/undici-types": {
+      "version": "7.18.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+      "dev": true,
+      "license": "MIT"
     }
   }
 }

package.json

@@ -1,12 +1,15 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.2",
+  "version": "1.0.17",
   "description": "Protobuf definitions and generated TypeScript types",
   "type": "commonjs",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "scripts": {
-    "generate": "protoc -I ./proto ./proto/*.proto --ts_proto_out=./gen --ts_proto_opt=nestJs=true,package=omit"
+    "build": "tsc -p tsconfig.build.json"
   },
   "files": [
+    "dist",
     "proto",
     "gen"
   ],
@@ -17,5 +20,9 @@
     "@nestjs/microservices": "^11.1.17",
     "rxjs": "^7.8.2",
     "ts-proto": "^2.11.6"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.0",
+    "typescript": "^6.0.2"
   }
 }

proto/google/protobuf/any.proto

@@ -1,9 +0,0 @@
-syntax = "proto3";
-
-package google.protobuf;
-
-message Any {
-  string type_url = 1;
-  bytes value = 2;
-}
-

proto/google/rpc/status.proto

@@ -1,12 +0,0 @@
-syntax = "proto3";
-
-package google.rpc;
-
-import "google/protobuf/any.proto";
-
-message Status {
-  int32 code = 1;
-  string message = 2;
-  repeated google.protobuf.Any details = 3;
-}
-

proto/identity.proto

@@ -1,12 +1,14 @@
 syntax = "proto3";
 
 package identity;
-import "google/rpc/status.proto";
 
+option go_package = "./gen";
 
 service AuthService {
     rpc Login (LoginRequest) returns (LoginResponse);
-    rpc Register (RegisterRequest) returns (RegisterResponse);
+    rpc Refresh (RefreshRequest) returns (RefreshResponse);
+    rpc Logout (LogoutRequest) returns (LogoutResponse);
+    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
     rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
 }
 
@@ -31,28 +33,44 @@ message LoginResponse {
   string refresh_token = 2;
   string status = 3;
   bool need2fa = 4;
-  string temp_token = 5;
+  optional string temp_token = 5;
-  string message = 6;
+  optional string message = 6;
-  string error_code = 7;
+  optional string error_code = 7;
-  google.rpc.Status error = 8;
 }
 
-message RegisterRequest {
+message RefreshRequest {
-  string username = 1;
+  string refresh_token = 1;
-  string password = 2;
 }
 
-message RegisterResponse {
+message RefreshResponse {
-  string user_id = 1;
+  string access_token = 1;
-  string status = 2;
+  string refresh_token = 2;
-  string message = 3;
 }
 
+message LogoutRequest {
+  string access_token = 1;
+}
+
+message LogoutResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message UnlockPinRequest {
+  string access_token = 1;
+  string pin_code = 2;
+}
+
+message UnlockPinResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+
 message Verify2FaRequest {
     string temp_token = 1;
-    string totp_code = 2;  
+    optional string totp_code = 2;  
-    string telegram_code = 3;
+    optional string telegram_code = 3;
-    string reserve_code = 4;
 }
 
 message Verify2FaResponse {

proto/ldap.proto

@@ -0,0 +1,28 @@
+syntax = "proto3";
+
+package ldap_service;
+
+option go_package = "git.lendry.ru/lendry-erp/contracts.git/gen/go;ldap_service";
+
+service LdapAuth {
+    rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
+}
+
+message VerifyRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message VerifyResponse {
+  bool success = 1;
+  string error_message = 2;
+  UserData user = 3;
+}
+
+message UserData {
+  string dn = 1;
+  string display_name = 2;
+  repeated string groups = 3;
+  bool is_active = 4;
+}
+

src/index.ts

@@ -0,0 +1 @@
+export * from "./proto";

src/proto/index.ts

@@ -0,0 +1 @@
+export * from "./paths";

src/proto/paths.ts

@@ -0,0 +1,6 @@
+import { join } from "path";
+
+export const PROTO_PATHS = {
+  AUTH: join(__dirname, "../../proto/identity.proto"),
+  LDAP: join(__dirname, "../../proto/ldap.proto"),
+} as const;

tsconfig.build.json

@@ -0,0 +1,11 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "declaration": true,
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "types": ["node"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_module", "dist", "test"]
+}

tsconfig.json

@@ -0,0 +1,11 @@
+{
+	"compilerOptions": {
+		"module": "commonjs",
+		"target": "es2024",
+		"strict": true,
+		"esModuleInterop": true,
+		"skipLibCheck": true,
+		"forceConsistentCasingInFileNames": true,
+		"strictNullChecks": false
+	}
+}