first commit

.github/workflows/publish.yml

@@ -22,48 +22,49 @@ jobs:
           registry-url: "https://git.lendry.ru/api/packages/lendry-erp/npm/"
           scope: "@lendry-erp"
 
-      # 1. Устанавливаем Go (нужен для скачивания плагинов генерации)
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.22" # Можно указать нужную тебе версию
+          go-version: "1.22"
 
-      # 2. Устанавливаем плагины генерации для Go и добавляем их в PATH
       - name: Install Go Protoc Plugins
         run: |
           go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
           go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
           echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
 
+      # Используем Action для точного контроля версии protoc (например, 25.x)
       - name: Install protoc
-        run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
+        uses: arduino/setup-protoc@v3
+        with:
+          version: "25.x"
 
       - name: Install deps
         run: npm ci
 
-      - name: Build
-        run: npm run build
-
-      # 3. Исправленный шаг генерации (команды разделены, добавлено создание папки)
+      # 1. СНАЧАЛА генерируем код (до сборки)
       - name: Generate Protobuf
         run: |
           npm install -g ts-proto
-          mkdir -p ./gen/go  # Создаем вложенную папку для Go
-          protoc -I ./proto ./proto/*.proto \
+          mkdir -p ./gen/go
+          protoc -I ./proto \
             --ts_proto_out=nestJs=true,addGrpcMetadata=true,package=omit:./gen \
             --go_out=paths=source_relative:./gen/go \
-            --go-grpc_out=paths=source_relative:./gen/go
+            --go-grpc_out=paths=source_relative:./gen/go \
+            $(find ./proto -name "*.proto")
 
+      # 2. ПОТОМ собираем проект (tsc скомпилирует только что сгенерированные файлы)
+      - name: Build
+        run: npm run build
+
+      # 3. Коммитим изменения в репозиторий
       - name: Commit and push changes
         run: |
-          # Представляемся Git-ботом
           git config --global user.name "github-actions[bot]"
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
-
-          # Добавляем папку gen в индекс
           git add ./gen
-
-          # Проверяем, есть ли изменения. Если есть — коммитим и пушим.
           git diff --quiet && git diff --staged --quiet || (git commit -m "chore: auto-generate protobuf files [skip ci]" && git push)
+
+      # 4. Публикуем пакет (npm возьмет папку dist/ с уже скомпилированными контрактами)
       - name: Publish package
         run: npm publish

gen/account.ts

@@ -11,14 +11,6 @@ import { Observable } from "rxjs";
 
 export const protobufPackage = "account.v1";
 
-export enum Presence {
-  PRESENCE_UNSPECIFIED = 0,
-  OFFLINE = 1,
-  ONLINE = 2,
-  AWAY = 3,
-  UNRECOGNIZED = -1,
-}
-
 export interface GetAccountRequest {
   id: string;
 }
@@ -34,7 +26,7 @@ export interface GetAccountResponse {
   roles: string[];
   avatarUrl: string;
   employeeId?: string | undefined;
-  presence: Presence;
+  presence: string;
   lastActive: string;
   customStatusText: string;
   customStatusEmoji: string;
@@ -44,10 +36,211 @@ export interface GetAccountResponse {
   hasPin: boolean;
 }
 
+export interface ChangePasswordRequest {
+  userId: string;
+  oldPassword: string;
+  newPassword: string;
+  code?: string | undefined;
+  sessionId: string;
+}
+
+export interface ChangePasswordResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface CreateUserRequest {
+  username: string;
+  password: string;
+  roles: string[];
+}
+
+export interface CreateUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteUserRequest {
+  userId: string;
+}
+
+export interface DeleteUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface ChangeDataRequest {
+  userId: string;
+  sessionId: string;
+  email?: string | undefined;
+  phone?: string | undefined;
+  fullName?: string | undefined;
+  avatarUrl?: string | undefined;
+  customStatusText?: string | undefined;
+  customStatusEmoji?: string | undefined;
+  timezone?: string | undefined;
+  language?: string | undefined;
+  isPublic?: boolean | undefined;
+}
+
+export interface ChangeDataResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface AssignRoleRequest {
+  userId: string;
+  /** В gRPC передаем как string, внутри преобразуем в Int */
+  roleId: string;
+}
+
+export interface AssignRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface RevokeRoleRequest {
+  userId: string;
+  roleId: string;
+}
+
+export interface RevokeRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface AdminResetPasswordRequest {
+  userId: string;
+  newPassword: string;
+}
+
+export interface AdminResetPasswordResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface SetPinRequest {
+  userId: string;
+  sessionId: string;
+  pin: string;
+}
+
+export interface SetPinResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnlockPinRequest {
+  userId: string;
+  sessionId: string;
+  pin: string;
+}
+
+export interface UnlockPinResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface GetPinStatusRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetPinStatusResponse {
+  hasPin: boolean;
+  isLocked: boolean;
+  lockUntil: string;
+}
+
+export interface RemovePinRequest {
+  pin: string;
+  userId: string;
+  sessionId: string;
+}
+
+export interface RemovePinResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface BlockUserRequest {
+  /** Кого блокируем */
+  userId: string;
+  /** Кто блокирует */
+  adminId: string;
+  reason?: string | undefined;
+}
+
+export interface BlockUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnblockUserRequest {
+  userId: string;
+  adminId: string;
+}
+
+export interface UnblockUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface BlockIpRequest {
+  ipAddress: string;
+  adminId: string;
+  reason?: string | undefined;
+}
+
+export interface BlockIpResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnblockIpRequest {
+  ipAddress: string;
+  adminId: string;
+}
+
+export interface UnblockIpResponse {
+  success: boolean;
+  message: string;
+}
+
 export const ACCOUNT_V1_PACKAGE_NAME = "account.v1";
 
 export interface AccountServiceClient {
   getAccount(request: GetAccountRequest, metadata?: Metadata): Observable<GetAccountResponse>;
+
+  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<ChangePasswordResponse>;
+
+  adminResetPassword(request: AdminResetPasswordRequest, metadata?: Metadata): Observable<AdminResetPasswordResponse>;
+
+  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<CreateUserResponse>;
+
+  deleteUser(request: DeleteUserRequest, metadata?: Metadata): Observable<DeleteUserResponse>;
+
+  changeData(request: ChangeDataRequest, metadata?: Metadata): Observable<ChangeDataResponse>;
+
+  assignRole(request: AssignRoleRequest, metadata?: Metadata): Observable<AssignRoleResponse>;
+
+  revokeRole(request: RevokeRoleRequest, metadata?: Metadata): Observable<RevokeRoleResponse>;
+
+  setPin(request: SetPinRequest, metadata?: Metadata): Observable<SetPinResponse>;
+
+  unlockPin(request: UnlockPinRequest, metadata?: Metadata): Observable<UnlockPinResponse>;
+
+  getPinStatus(request: GetPinStatusRequest, metadata?: Metadata): Observable<GetPinStatusResponse>;
+
+  removePin(request: RemovePinRequest, metadata?: Metadata): Observable<RemovePinResponse>;
+
+  blockUser(request: BlockUserRequest, metadata?: Metadata): Observable<BlockUserResponse>;
+
+  unblockUser(request: UnblockUserRequest, metadata?: Metadata): Observable<UnblockUserResponse>;
+
+  blockIp(request: BlockIpRequest, metadata?: Metadata): Observable<BlockIpResponse>;
+
+  unblockIp(request: UnblockIpRequest, metadata?: Metadata): Observable<UnblockIpResponse>;
 }
 
 export interface AccountServiceController {
@@ -55,11 +248,103 @@ export interface AccountServiceController {
     request: GetAccountRequest,
     metadata?: Metadata,
   ): Promise<GetAccountResponse> | Observable<GetAccountResponse> | GetAccountResponse;
+
+  changePassword(
+    request: ChangePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<ChangePasswordResponse> | Observable<ChangePasswordResponse> | ChangePasswordResponse;
+
+  adminResetPassword(
+    request: AdminResetPasswordRequest,
+    metadata?: Metadata,
+  ): Promise<AdminResetPasswordResponse> | Observable<AdminResetPasswordResponse> | AdminResetPasswordResponse;
+
+  createUser(
+    request: CreateUserRequest,
+    metadata?: Metadata,
+  ): Promise<CreateUserResponse> | Observable<CreateUserResponse> | CreateUserResponse;
+
+  deleteUser(
+    request: DeleteUserRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteUserResponse> | Observable<DeleteUserResponse> | DeleteUserResponse;
+
+  changeData(
+    request: ChangeDataRequest,
+    metadata?: Metadata,
+  ): Promise<ChangeDataResponse> | Observable<ChangeDataResponse> | ChangeDataResponse;
+
+  assignRole(
+    request: AssignRoleRequest,
+    metadata?: Metadata,
+  ): Promise<AssignRoleResponse> | Observable<AssignRoleResponse> | AssignRoleResponse;
+
+  revokeRole(
+    request: RevokeRoleRequest,
+    metadata?: Metadata,
+  ): Promise<RevokeRoleResponse> | Observable<RevokeRoleResponse> | RevokeRoleResponse;
+
+  setPin(
+    request: SetPinRequest,
+    metadata?: Metadata,
+  ): Promise<SetPinResponse> | Observable<SetPinResponse> | SetPinResponse;
+
+  unlockPin(
+    request: UnlockPinRequest,
+    metadata?: Metadata,
+  ): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
+
+  getPinStatus(
+    request: GetPinStatusRequest,
+    metadata?: Metadata,
+  ): Promise<GetPinStatusResponse> | Observable<GetPinStatusResponse> | GetPinStatusResponse;
+
+  removePin(
+    request: RemovePinRequest,
+    metadata?: Metadata,
+  ): Promise<RemovePinResponse> | Observable<RemovePinResponse> | RemovePinResponse;
+
+  blockUser(
+    request: BlockUserRequest,
+    metadata?: Metadata,
+  ): Promise<BlockUserResponse> | Observable<BlockUserResponse> | BlockUserResponse;
+
+  unblockUser(
+    request: UnblockUserRequest,
+    metadata?: Metadata,
+  ): Promise<UnblockUserResponse> | Observable<UnblockUserResponse> | UnblockUserResponse;
+
+  blockIp(
+    request: BlockIpRequest,
+    metadata?: Metadata,
+  ): Promise<BlockIpResponse> | Observable<BlockIpResponse> | BlockIpResponse;
+
+  unblockIp(
+    request: UnblockIpRequest,
+    metadata?: Metadata,
+  ): Promise<UnblockIpResponse> | Observable<UnblockIpResponse> | UnblockIpResponse;
 }
 
 export function AccountServiceControllerMethods() {
   return function (constructor: Function) {
-    const grpcMethods: string[] = ["getAccount"];
+    const grpcMethods: string[] = [
+      "getAccount",
+      "changePassword",
+      "adminResetPassword",
+      "createUser",
+      "deleteUser",
+      "changeData",
+      "assignRole",
+      "revokeRole",
+      "setPin",
+      "unlockPin",
+      "getPinStatus",
+      "removePin",
+      "blockUser",
+      "unblockUser",
+      "blockIp",
+      "unblockIp",
+    ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
       GrpcMethod("AccountService", method)(constructor.prototype[method], method, descriptor);

gen/admin/admin-account.ts

@@ -0,0 +1,439 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: admin/admin-account.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "admin.v1";
+
+export interface CreateUserRequest {
+  username: string;
+  password: string;
+  roles: string[];
+}
+
+export interface CreateUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteUserRequest {
+  userId: string;
+}
+
+export interface DeleteUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface BlockUserRequest {
+  /** Кого блокируем */
+  userId: string;
+  /** Кто блокирует */
+  adminId: string;
+  reason?: string | undefined;
+}
+
+export interface BlockUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnblockUserRequest {
+  userId: string;
+  adminId: string;
+}
+
+export interface UnblockUserResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface ChangeDataRequest {
+  userId: string;
+  sessionId: string;
+  email?: string | undefined;
+  phone?: string | undefined;
+  fullName?: string | undefined;
+  avatarUrl?: string | undefined;
+  customStatusText?: string | undefined;
+  customStatusEmoji?: string | undefined;
+  timezone?: string | undefined;
+  language?: string | undefined;
+  isPublic?: boolean | undefined;
+}
+
+export interface ChangeDataResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface AdminResetPasswordRequest {
+  userId: string;
+  newPassword: string;
+}
+
+export interface AdminResetPasswordResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface AssignRoleRequest {
+  userId: string;
+  /** Передаем как string, внутри парсим в Int */
+  roleId: string;
+}
+
+export interface AssignRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface RevokeRoleRequest {
+  userId: string;
+  roleId: string;
+}
+
+export interface RevokeRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface BlockIpRequest {
+  ipAddress: string;
+  adminId: string;
+  reason?: string | undefined;
+}
+
+export interface BlockIpResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnblockIpRequest {
+  ipAddress: string;
+  adminId: string;
+}
+
+export interface UnblockIpResponse {
+  success: boolean;
+  message: string;
+}
+
+/** Пустой запрос, так как параметры не требуются */
+export interface SyncUsersToSearchRequest {
+}
+
+export interface SyncUsersToSearchResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface GetAllPermissionsAdminRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface PermissionAdmin {
+  id: string;
+  code: string;
+  description: string;
+  module: string;
+  roles: string[];
+}
+
+export interface GetAllPermissionsAdminResponse {
+  permissions: PermissionAdmin[];
+}
+
+export interface GetAllRolesAdminRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface RolesAdmin {
+  id: string;
+  name: string;
+  level: number;
+  permissions: string[];
+  ldapMapping: string[];
+  accounts: string[];
+}
+
+export interface GetAllRolesAdminResponse {
+  roles: RolesAdmin[];
+}
+
+export interface CreateRoleAdminRequest {
+  name: string;
+  level: number;
+  permissionCodes: string[];
+}
+
+export interface UpdateRoleAdminRequest {
+  id: string;
+  name?: string | undefined;
+  level?: number | undefined;
+  permissionCodes: string[];
+}
+
+export interface ModifyRoleAdminResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteRoleAdminRequest {
+  id: string;
+}
+
+export interface DeleteRoleAdminResponse {
+  success: boolean;
+  message: string;
+  fallbackRoleName?: string | undefined;
+}
+
+export interface CreatePermissionAdminRequest {
+  code: string;
+  description: string;
+  module: string;
+}
+
+export interface UpdatePermissionAdminRequest {
+  id: string;
+  roleIds: string[];
+}
+
+export interface ModifyPermissionAdminResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface GrafanaAlertRequest {
+  payload: string;
+}
+
+/** Успешно ли обработан алерт */
+export interface GrafanaAlertResponse {
+  success: boolean;
+}
+
+export const ADMIN_V1_PACKAGE_NAME = "admin.v1";
+
+/** Единый сервис для всех административных операций */
+
+export interface AdminServiceClient {
+  /** Управление учетными записями */
+
+  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<CreateUserResponse>;
+
+  deleteUser(request: DeleteUserRequest, metadata?: Metadata): Observable<DeleteUserResponse>;
+
+  blockUser(request: BlockUserRequest, metadata?: Metadata): Observable<BlockUserResponse>;
+
+  unblockUser(request: UnblockUserRequest, metadata?: Metadata): Observable<UnblockUserResponse>;
+
+  /** Управление данными и безопасностью */
+
+  changeData(request: ChangeDataRequest, metadata?: Metadata): Observable<ChangeDataResponse>;
+
+  adminResetPassword(request: AdminResetPasswordRequest, metadata?: Metadata): Observable<AdminResetPasswordResponse>;
+
+  /** Управление ролями (RBAC) */
+
+  assignRole(request: AssignRoleRequest, metadata?: Metadata): Observable<AssignRoleResponse>;
+
+  revokeRole(request: RevokeRoleRequest, metadata?: Metadata): Observable<RevokeRoleResponse>;
+
+  /** Управление черным списком IP */
+
+  blockIp(request: BlockIpRequest, metadata?: Metadata): Observable<BlockIpResponse>;
+
+  unblockIp(request: UnblockIpRequest, metadata?: Metadata): Observable<UnblockIpResponse>;
+
+  /** Синхронизация с поисковым движком (Elasticsearch) */
+
+  syncUsersToSearch(request: SyncUsersToSearchRequest, metadata?: Metadata): Observable<SyncUsersToSearchResponse>;
+
+  handleGrafanaAlert(request: GrafanaAlertRequest, metadata?: Metadata): Observable<GrafanaAlertResponse>;
+
+  /** RBAC */
+
+  getAllPermissions(
+    request: GetAllPermissionsAdminRequest,
+    metadata?: Metadata,
+  ): Observable<GetAllPermissionsAdminResponse>;
+
+  getAllRoles(request: GetAllRolesAdminRequest, metadata?: Metadata): Observable<GetAllRolesAdminResponse>;
+
+  createRole(request: CreateRoleAdminRequest, metadata?: Metadata): Observable<ModifyRoleAdminResponse>;
+
+  updateRole(request: UpdateRoleAdminRequest, metadata?: Metadata): Observable<ModifyRoleAdminResponse>;
+
+  deleteRole(request: DeleteRoleAdminRequest, metadata?: Metadata): Observable<DeleteRoleAdminResponse>;
+
+  createPermission(
+    request: CreatePermissionAdminRequest,
+    metadata?: Metadata,
+  ): Observable<ModifyPermissionAdminResponse>;
+
+  updatePermission(
+    request: UpdatePermissionAdminRequest,
+    metadata?: Metadata,
+  ): Observable<ModifyPermissionAdminResponse>;
+}
+
+/** Единый сервис для всех административных операций */
+
+export interface AdminServiceController {
+  /** Управление учетными записями */
+
+  createUser(
+    request: CreateUserRequest,
+    metadata?: Metadata,
+  ): Promise<CreateUserResponse> | Observable<CreateUserResponse> | CreateUserResponse;
+
+  deleteUser(
+    request: DeleteUserRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteUserResponse> | Observable<DeleteUserResponse> | DeleteUserResponse;
+
+  blockUser(
+    request: BlockUserRequest,
+    metadata?: Metadata,
+  ): Promise<BlockUserResponse> | Observable<BlockUserResponse> | BlockUserResponse;
+
+  unblockUser(
+    request: UnblockUserRequest,
+    metadata?: Metadata,
+  ): Promise<UnblockUserResponse> | Observable<UnblockUserResponse> | UnblockUserResponse;
+
+  /** Управление данными и безопасностью */
+
+  changeData(
+    request: ChangeDataRequest,
+    metadata?: Metadata,
+  ): Promise<ChangeDataResponse> | Observable<ChangeDataResponse> | ChangeDataResponse;
+
+  adminResetPassword(
+    request: AdminResetPasswordRequest,
+    metadata?: Metadata,
+  ): Promise<AdminResetPasswordResponse> | Observable<AdminResetPasswordResponse> | AdminResetPasswordResponse;
+
+  /** Управление ролями (RBAC) */
+
+  assignRole(
+    request: AssignRoleRequest,
+    metadata?: Metadata,
+  ): Promise<AssignRoleResponse> | Observable<AssignRoleResponse> | AssignRoleResponse;
+
+  revokeRole(
+    request: RevokeRoleRequest,
+    metadata?: Metadata,
+  ): Promise<RevokeRoleResponse> | Observable<RevokeRoleResponse> | RevokeRoleResponse;
+
+  /** Управление черным списком IP */
+
+  blockIp(
+    request: BlockIpRequest,
+    metadata?: Metadata,
+  ): Promise<BlockIpResponse> | Observable<BlockIpResponse> | BlockIpResponse;
+
+  unblockIp(
+    request: UnblockIpRequest,
+    metadata?: Metadata,
+  ): Promise<UnblockIpResponse> | Observable<UnblockIpResponse> | UnblockIpResponse;
+
+  /** Синхронизация с поисковым движком (Elasticsearch) */
+
+  syncUsersToSearch(
+    request: SyncUsersToSearchRequest,
+    metadata?: Metadata,
+  ): Promise<SyncUsersToSearchResponse> | Observable<SyncUsersToSearchResponse> | SyncUsersToSearchResponse;
+
+  handleGrafanaAlert(
+    request: GrafanaAlertRequest,
+    metadata?: Metadata,
+  ): Promise<GrafanaAlertResponse> | Observable<GrafanaAlertResponse> | GrafanaAlertResponse;
+
+  /** RBAC */
+
+  getAllPermissions(
+    request: GetAllPermissionsAdminRequest,
+    metadata?: Metadata,
+  ):
+    | Promise<GetAllPermissionsAdminResponse>
+    | Observable<GetAllPermissionsAdminResponse>
+    | GetAllPermissionsAdminResponse;
+
+  getAllRoles(
+    request: GetAllRolesAdminRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllRolesAdminResponse> | Observable<GetAllRolesAdminResponse> | GetAllRolesAdminResponse;
+
+  createRole(
+    request: CreateRoleAdminRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleAdminResponse> | Observable<ModifyRoleAdminResponse> | ModifyRoleAdminResponse;
+
+  updateRole(
+    request: UpdateRoleAdminRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleAdminResponse> | Observable<ModifyRoleAdminResponse> | ModifyRoleAdminResponse;
+
+  deleteRole(
+    request: DeleteRoleAdminRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteRoleAdminResponse> | Observable<DeleteRoleAdminResponse> | DeleteRoleAdminResponse;
+
+  createPermission(
+    request: CreatePermissionAdminRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionAdminResponse> | Observable<ModifyPermissionAdminResponse> | ModifyPermissionAdminResponse;
+
+  updatePermission(
+    request: UpdatePermissionAdminRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionAdminResponse> | Observable<ModifyPermissionAdminResponse> | ModifyPermissionAdminResponse;
+}
+
+export function AdminServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "createUser",
+      "deleteUser",
+      "blockUser",
+      "unblockUser",
+      "changeData",
+      "adminResetPassword",
+      "assignRole",
+      "revokeRole",
+      "blockIp",
+      "unblockIp",
+      "syncUsersToSearch",
+      "handleGrafanaAlert",
+      "getAllPermissions",
+      "getAllRoles",
+      "createRole",
+      "updateRole",
+      "deleteRole",
+      "createPermission",
+      "updatePermission",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("AdminService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("AdminService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const ADMIN_SERVICE_NAME = "AdminService";

gen/admin/audit.ts

@@ -0,0 +1,76 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: admin/audit.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "audit.v1";
+
+export interface GetAuditLogsRequest {
+  accountId?: string | undefined;
+  type?: string | undefined;
+  action?:
+    | string
+    | undefined;
+  /** ISO string */
+  startDate?:
+    | string
+    | undefined;
+  /** ISO string */
+  endDate?: string | undefined;
+  page: number;
+  limit: number;
+}
+
+export interface AuditLogItem {
+  id: string;
+  accountId: string;
+  type: string;
+  action: string;
+  ipAddress: string;
+  userAgent: string;
+  detail: string;
+  createdAt: string;
+}
+
+export interface GetAuditLogsResponse {
+  logs: AuditLogItem[];
+  total: number;
+  page: number;
+  totalPages: number;
+}
+
+export const AUDIT_V1_PACKAGE_NAME = "audit.v1";
+
+export interface AuditServiceClient {
+  getAuditLogs(request: GetAuditLogsRequest, metadata?: Metadata): Observable<GetAuditLogsResponse>;
+}
+
+export interface AuditServiceController {
+  getAuditLogs(
+    request: GetAuditLogsRequest,
+    metadata?: Metadata,
+  ): Promise<GetAuditLogsResponse> | Observable<GetAuditLogsResponse> | GetAuditLogsResponse;
+}
+
+export function AuditServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = ["getAuditLogs"];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("AuditService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("AuditService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const AUDIT_SERVICE_NAME = "AuditService";

gen/admin/rbac.ts

@@ -0,0 +1,245 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: admin/rbac.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "rbac.v1";
+
+export interface GetAllPermissionsRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllPermissionsResponse {
+  permissions: Permission[];
+}
+
+export interface Permission {
+  id: string;
+  code: string;
+  description: string;
+  module: string;
+  roles: string[];
+}
+
+export interface GetAllRolesRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllRolesResponse {
+  roles: Roles[];
+}
+
+export interface CreateRoleRequest {
+  name: string;
+  level: number;
+  permissionCodes: string[];
+}
+
+export interface UpdateRoleRequest {
+  id: string;
+  name?: string | undefined;
+  level?: number | undefined;
+  permissionCodes: string[];
+}
+
+export interface ModifyRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteRoleRequest {
+  id: string;
+}
+
+export interface DeleteRoleResponse {
+  success: boolean;
+  message: string;
+  fallbackRoleName?: string | undefined;
+}
+
+export interface CreatePermissionRequest {
+  code: string;
+  description: string;
+  module: string;
+}
+
+export interface UpdatePermissionRequest {
+  id: string;
+  /** Привязка к конкретным ролям */
+  roleIds: string[];
+}
+
+export interface ModifyPermissionResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface Roles {
+  id: string;
+  name: string;
+  level: number;
+  permissions: string[];
+  ldapMapping: string[];
+  accounts: string[];
+}
+
+export interface GetUserRolesRequest {
+  userId: string;
+}
+
+export interface GetUserRolesResponse {
+  /** например: ["ADMIN", "MANAGER"] */
+  roles: string[];
+  /** например: ["users:read", "billing:write"] */
+  permissions: string[];
+  /** Максимальный уровень роли пользователя */
+  maxRoleLevel: number;
+}
+
+export interface AssignRolesByNameRequest {
+  userId: string;
+  roles: string[];
+}
+
+export interface AssignRoleToUserRequest {
+  userId: string;
+  roleId: number;
+}
+
+export interface RevokeRoleFromUserRequest {
+  userId: string;
+  roleId: number;
+}
+
+export interface SyncLdapRolesRequest {
+  userId: string;
+  ldapGroups: string[];
+}
+
+export const RBAC_V1_PACKAGE_NAME = "rbac.v1";
+
+export interface RbacServiceClient {
+  createRole(request: CreateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  updateRole(request: UpdateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  deleteRole(request: DeleteRoleRequest, metadata?: Metadata): Observable<DeleteRoleResponse>;
+
+  createPermission(request: CreatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  updatePermission(request: UpdatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  getAllPermissions(request: GetAllPermissionsRequest, metadata?: Metadata): Observable<GetAllPermissionsResponse>;
+
+  getAllRoles(request: GetAllRolesRequest, metadata?: Metadata): Observable<GetAllRolesResponse>;
+
+  assignRolesByName(request: AssignRolesByNameRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  getUserRolesAndPermissions(request: GetUserRolesRequest, metadata?: Metadata): Observable<GetUserRolesResponse>;
+
+  assignRoleToUser(request: AssignRoleToUserRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  revokeRoleFromUser(request: RevokeRoleFromUserRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  syncLdapRoles(request: SyncLdapRolesRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+}
+
+export interface RbacServiceController {
+  createRole(
+    request: CreateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  updateRole(
+    request: UpdateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  deleteRole(
+    request: DeleteRoleRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteRoleResponse> | Observable<DeleteRoleResponse> | DeleteRoleResponse;
+
+  createPermission(
+    request: CreatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  updatePermission(
+    request: UpdatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  getAllPermissions(
+    request: GetAllPermissionsRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllPermissionsResponse> | Observable<GetAllPermissionsResponse> | GetAllPermissionsResponse;
+
+  getAllRoles(
+    request: GetAllRolesRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllRolesResponse> | Observable<GetAllRolesResponse> | GetAllRolesResponse;
+
+  assignRolesByName(
+    request: AssignRolesByNameRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  getUserRolesAndPermissions(
+    request: GetUserRolesRequest,
+    metadata?: Metadata,
+  ): Promise<GetUserRolesResponse> | Observable<GetUserRolesResponse> | GetUserRolesResponse;
+
+  assignRoleToUser(
+    request: AssignRoleToUserRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  revokeRoleFromUser(
+    request: RevokeRoleFromUserRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  syncLdapRoles(
+    request: SyncLdapRolesRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+}
+
+export function RbacServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "createRole",
+      "updateRole",
+      "deleteRole",
+      "createPermission",
+      "updatePermission",
+      "getAllPermissions",
+      "getAllRoles",
+      "assignRolesByName",
+      "getUserRolesAndPermissions",
+      "assignRoleToUser",
+      "revokeRoleFromUser",
+      "syncLdapRoles",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const RBAC_SERVICE_NAME = "RbacService";

gen/auth.ts

@@ -36,7 +36,8 @@ export interface RefreshResponse {
 }
 
 export interface LogoutRequest {
-  accessToken: string;
+  userId: string;
+  sessionId: string;
 }
 
 export interface LogoutResponse {
@@ -68,12 +69,33 @@ export interface GetAccountRoleLevelResponse {
   roleLevel: number;
 }
 
-export interface UnlockPinRequest {
-  accessToken: string;
-  pinCode: string;
+export interface GetSessionRequest {
+  userId: string;
+  currentSessionId: string;
 }
 
-export interface UnlockPinResponse {
+export interface SessionItem {
+  /** Здесь будет лежать захэшированный ID */
+  id: string;
+  ipAddress: string;
+  userAgent: string;
+  /** Unix timestamp в миллисекундах */
+  lastActivity: number;
+  /** Флаг текущей сессии */
+  isCurrent: boolean;
+}
+
+export interface GetSessionsResponse {
+  sessions: SessionItem[];
+}
+
+export interface TerminateSessionRequest {
+  userId: string;
+  /** Хэш сессии, которую нужно убить */
+  targetHash: string;
+}
+
+export interface TerminateSessionResponse {
   success: boolean;
   message: string;
 }
@@ -94,9 +116,11 @@ export interface AuthServiceClient {
 
   logout(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
 
-  logoutAll(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+  logoutOther(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
 
-  unlockPin(request: UnlockPinRequest, metadata?: Metadata): Observable<UnlockPinResponse>;
+  getSessions(request: GetSessionRequest, metadata?: Metadata): Observable<GetSessionsResponse>;
+
+  terminateSession(request: TerminateSessionRequest, metadata?: Metadata): Observable<TerminateSessionResponse>;
 }
 
 export interface AuthServiceController {
@@ -122,15 +146,20 @@ export interface AuthServiceController {
     metadata?: Metadata,
   ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
 
-  logoutAll(
+  logoutOther(
     request: LogoutRequest,
     metadata?: Metadata,
   ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
 
-  unlockPin(
-    request: UnlockPinRequest,
+  getSessions(
+    request: GetSessionRequest,
     metadata?: Metadata,
-  ): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
+  ): Promise<GetSessionsResponse> | Observable<GetSessionsResponse> | GetSessionsResponse;
+
+  terminateSession(
+    request: TerminateSessionRequest,
+    metadata?: Metadata,
+  ): Promise<TerminateSessionResponse> | Observable<TerminateSessionResponse> | TerminateSessionResponse;
 }
 
 export function AuthServiceControllerMethods() {
@@ -141,8 +170,9 @@ export function AuthServiceControllerMethods() {
       "verifyToken",
       "getAccountRoleLevel",
       "logout",
-      "logoutAll",
-      "unlockPin",
+      "logoutOther",
+      "getSessions",
+      "terminateSession",
     ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);

gen/chat/chat.ts

@@ -0,0 +1,326 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: chat/chat.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "chat.v1";
+
+export interface MessageDto {
+  id: string;
+  chatId: string;
+  senderId: string;
+  /** TEXT, VOICE, VIDEO_NOTE, STICKER, IMAGE */
+  type: string;
+  /** Для текста - сам текст. Для медиа - URL S3! */
+  content: string;
+  /** Ширина/высота картинки, длительность войса (JSON string) */
+  metadata: string;
+  replyToId: string;
+  isEdited: boolean;
+  createdAt: string;
+}
+
+export interface ChatMemberDto {
+  accountId: string;
+  /** OWNER, ADMIN, MEMBER */
+  role: string;
+  isMuted: boolean;
+  joinedAt: string;
+}
+
+export interface ChatDto {
+  id: string;
+  /** DIRECT, GROUP, CHANNEL */
+  type: string;
+  title: string;
+  avatarUrl: string;
+  unreadCount: number;
+  lastMessage:
+    | MessageDto
+    | undefined;
+  /** Полезно для рендера иконки перечеркнутого колокольчика */
+  isMuted: boolean;
+}
+
+export interface CreateChatRequest {
+  creatorId: string;
+  type: string;
+  title: string;
+  participantIds: string[];
+}
+
+export interface CreateChatResponse {
+  chat: ChatDto | undefined;
+}
+
+export interface GetUserChatsRequest {
+  userId: string;
+  offset: number;
+  limit: number;
+}
+
+export interface GetUserChatsResponse {
+  chats: ChatDto[];
+}
+
+/** Получаем профили всех участников и ссылку-приглашение (join_hash) */
+export interface GetChatDetailsRequest {
+  userId: string;
+  chatId: string;
+}
+
+export interface GetChatDetailsResponse {
+  chat:
+    | ChatDto
+    | undefined;
+  /** Для ссылки-приглашения (t.me/join/...) */
+  joinHash: string;
+  members: ChatMemberDto[];
+}
+
+export interface JoinChatRequest {
+  userId: string;
+  /** Передаем либо chat_id, либо вытаскиваем его из join_hash */
+  chatId: string;
+}
+
+export interface JoinChatResponse {
+  success: boolean;
+}
+
+export interface LeaveChatRequest {
+  userId: string;
+  chatId: string;
+}
+
+export interface LeaveChatResponse {
+  success: boolean;
+}
+
+export interface RemoveMemberRequest {
+  /** Кто кикает (нужно проверить права) */
+  adminId: string;
+  /** Кого кикают */
+  targetUserId: string;
+  chatId: string;
+}
+
+export interface RemoveMemberResponse {
+  success: boolean;
+}
+
+export interface MuteChatRequest {
+  userId: string;
+  chatId: string;
+  /** true = выключить звук, false = включить */
+  isMuted: boolean;
+}
+
+export interface MuteChatResponse {
+  success: boolean;
+}
+
+export interface GetMessagesRequest {
+  userId: string;
+  chatId: string;
+  limit: number;
+  beforeMsgId: string;
+}
+
+export interface GetMessagesResponse {
+  messages: MessageDto[];
+}
+
+export interface SendMessageRequest {
+  chatId: string;
+  senderId: string;
+  type: string;
+  content: string;
+  replyToId: string;
+}
+
+export interface EditMessageRequest {
+  userId: string;
+  messageId: string;
+  newContent: string;
+}
+
+export interface DeleteMessageRequest {
+  userId: string;
+  messageId: string;
+  /** "Удалить только у себя" или "Удалить для всех" */
+  forEveryone: boolean;
+}
+
+export interface DeleteMessageResponse {
+  success: boolean;
+}
+
+export interface MarkAsReadRequest {
+  userId: string;
+  chatId: string;
+  /** ID последнего видимого сообщения */
+  messageId: string;
+}
+
+export interface MarkAsReadResponse {
+  success: boolean;
+}
+
+export const CHAT_V1_PACKAGE_NAME = "chat.v1";
+
+export interface ChatServiceClient {
+  /** Управление чатами (левая панель) */
+
+  createChat(request: CreateChatRequest, metadata?: Metadata): Observable<CreateChatResponse>;
+
+  getUserChats(request: GetUserChatsRequest, metadata?: Metadata): Observable<GetUserChatsResponse>;
+
+  /** Открытие инфы о группе/собеседнике */
+
+  getChatDetails(request: GetChatDetailsRequest, metadata?: Metadata): Observable<GetChatDetailsResponse>;
+
+  /** Управление участниками группы */
+
+  joinChat(request: JoinChatRequest, metadata?: Metadata): Observable<JoinChatResponse>;
+
+  leaveChat(request: LeaveChatRequest, metadata?: Metadata): Observable<LeaveChatResponse>;
+
+  /** Админ кикает пользователя */
+
+  removeMember(request: RemoveMemberRequest, metadata?: Metadata): Observable<RemoveMemberResponse>;
+
+  /** Выключить/включить пуши для чата */
+
+  muteChat(request: MuteChatRequest, metadata?: Metadata): Observable<MuteChatResponse>;
+
+  /** Управление сообщениями (правое окно) */
+
+  getMessages(request: GetMessagesRequest, metadata?: Metadata): Observable<GetMessagesResponse>;
+
+  sendMessage(request: SendMessageRequest, metadata?: Metadata): Observable<MessageDto>;
+
+  /** Новое */
+
+  editMessage(request: EditMessageRequest, metadata?: Metadata): Observable<MessageDto>;
+
+  deleteMessage(request: DeleteMessageRequest, metadata?: Metadata): Observable<DeleteMessageResponse>;
+
+  /** Статусы */
+
+  markAsRead(request: MarkAsReadRequest, metadata?: Metadata): Observable<MarkAsReadResponse>;
+}
+
+export interface ChatServiceController {
+  /** Управление чатами (левая панель) */
+
+  createChat(
+    request: CreateChatRequest,
+    metadata?: Metadata,
+  ): Promise<CreateChatResponse> | Observable<CreateChatResponse> | CreateChatResponse;
+
+  getUserChats(
+    request: GetUserChatsRequest,
+    metadata?: Metadata,
+  ): Promise<GetUserChatsResponse> | Observable<GetUserChatsResponse> | GetUserChatsResponse;
+
+  /** Открытие инфы о группе/собеседнике */
+
+  getChatDetails(
+    request: GetChatDetailsRequest,
+    metadata?: Metadata,
+  ): Promise<GetChatDetailsResponse> | Observable<GetChatDetailsResponse> | GetChatDetailsResponse;
+
+  /** Управление участниками группы */
+
+  joinChat(
+    request: JoinChatRequest,
+    metadata?: Metadata,
+  ): Promise<JoinChatResponse> | Observable<JoinChatResponse> | JoinChatResponse;
+
+  leaveChat(
+    request: LeaveChatRequest,
+    metadata?: Metadata,
+  ): Promise<LeaveChatResponse> | Observable<LeaveChatResponse> | LeaveChatResponse;
+
+  /** Админ кикает пользователя */
+
+  removeMember(
+    request: RemoveMemberRequest,
+    metadata?: Metadata,
+  ): Promise<RemoveMemberResponse> | Observable<RemoveMemberResponse> | RemoveMemberResponse;
+
+  /** Выключить/включить пуши для чата */
+
+  muteChat(
+    request: MuteChatRequest,
+    metadata?: Metadata,
+  ): Promise<MuteChatResponse> | Observable<MuteChatResponse> | MuteChatResponse;
+
+  /** Управление сообщениями (правое окно) */
+
+  getMessages(
+    request: GetMessagesRequest,
+    metadata?: Metadata,
+  ): Promise<GetMessagesResponse> | Observable<GetMessagesResponse> | GetMessagesResponse;
+
+  sendMessage(
+    request: SendMessageRequest,
+    metadata?: Metadata,
+  ): Promise<MessageDto> | Observable<MessageDto> | MessageDto;
+
+  /** Новое */
+
+  editMessage(
+    request: EditMessageRequest,
+    metadata?: Metadata,
+  ): Promise<MessageDto> | Observable<MessageDto> | MessageDto;
+
+  deleteMessage(
+    request: DeleteMessageRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteMessageResponse> | Observable<DeleteMessageResponse> | DeleteMessageResponse;
+
+  /** Статусы */
+
+  markAsRead(
+    request: MarkAsReadRequest,
+    metadata?: Metadata,
+  ): Promise<MarkAsReadResponse> | Observable<MarkAsReadResponse> | MarkAsReadResponse;
+}
+
+export function ChatServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "createChat",
+      "getUserChats",
+      "getChatDetails",
+      "joinChat",
+      "leaveChat",
+      "removeMember",
+      "muteChat",
+      "getMessages",
+      "sendMessage",
+      "editMessage",
+      "deleteMessage",
+      "markAsRead",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("ChatService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("ChatService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const CHAT_SERVICE_NAME = "ChatService";

gen/go/account_grpc.pb.go

@@ -20,6 +20,21 @@ const _ = grpc.SupportPackageIsVersion9
 
 const (
 	AccountService_GetAccount_FullMethodName         = "/account.v1.AccountService/GetAccount"
+	AccountService_ChangePassword_FullMethodName     = "/account.v1.AccountService/ChangePassword"
+	AccountService_AdminResetPassword_FullMethodName = "/account.v1.AccountService/AdminResetPassword"
+	AccountService_CreateUser_FullMethodName         = "/account.v1.AccountService/CreateUser"
+	AccountService_DeleteUser_FullMethodName         = "/account.v1.AccountService/DeleteUser"
+	AccountService_ChangeData_FullMethodName         = "/account.v1.AccountService/ChangeData"
+	AccountService_AssignRole_FullMethodName         = "/account.v1.AccountService/AssignRole"
+	AccountService_RevokeRole_FullMethodName         = "/account.v1.AccountService/RevokeRole"
+	AccountService_SetPin_FullMethodName             = "/account.v1.AccountService/SetPin"
+	AccountService_UnlockPin_FullMethodName          = "/account.v1.AccountService/UnlockPin"
+	AccountService_GetPinStatus_FullMethodName       = "/account.v1.AccountService/GetPinStatus"
+	AccountService_RemovePin_FullMethodName          = "/account.v1.AccountService/RemovePin"
+	AccountService_BlockUser_FullMethodName          = "/account.v1.AccountService/BlockUser"
+	AccountService_UnblockUser_FullMethodName        = "/account.v1.AccountService/UnblockUser"
+	AccountService_BlockIp_FullMethodName            = "/account.v1.AccountService/BlockIp"
+	AccountService_UnblockIp_FullMethodName          = "/account.v1.AccountService/UnblockIp"
 )
 
 // AccountServiceClient is the client API for AccountService service.
@@ -27,6 +42,21 @@ const (
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type AccountServiceClient interface {
 	GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error)
+	AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error)
+	DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error)
+	ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error)
+	AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error)
+	RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error)
+	SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error)
+	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error)
+	RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error)
+	BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error)
+	UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error)
+	BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error)
+	UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error)
 }
 
 type accountServiceClient struct {
@@ -47,11 +77,176 @@ func (c *accountServiceClient) GetAccount(ctx context.Context, in *GetAccountReq
 	return out, nil
 }
 
+func (c *accountServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangePasswordResponse)
+	err := c.cc.Invoke(ctx, AccountService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AdminResetPasswordResponse)
+	err := c.cc.Invoke(ctx, AccountService_AdminResetPassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_DeleteUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangeDataResponse)
+	err := c.cc.Invoke(ctx, AccountService_ChangeData_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AssignRoleResponse)
+	err := c.cc.Invoke(ctx, AccountService_AssignRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RevokeRoleResponse)
+	err := c.cc.Invoke(ctx, AccountService_RevokeRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SetPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_SetPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnlockPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnlockPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetPinStatusResponse)
+	err := c.cc.Invoke(ctx, AccountService_GetPinStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RemovePinResponse)
+	err := c.cc.Invoke(ctx, AccountService_RemovePin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_BlockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockUserResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnblockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockIpResponse)
+	err := c.cc.Invoke(ctx, AccountService_BlockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockIpResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnblockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // AccountServiceServer is the server API for AccountService service.
 // All implementations must embed UnimplementedAccountServiceServer
 // for forward compatibility.
 type AccountServiceServer interface {
 	GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error)
+	AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error)
+	DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error)
+	ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error)
+	AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error)
+	RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error)
+	SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error)
+	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error)
+	RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error)
+	BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error)
+	UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error)
+	BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error)
+	UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error)
 	mustEmbedUnimplementedAccountServiceServer()
 }
 
@@ -65,6 +260,51 @@ type UnimplementedAccountServiceServer struct{}
 func (UnimplementedAccountServiceServer) GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetAccount not implemented")
 }
+func (UnimplementedAccountServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedAccountServiceServer) AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AdminResetPassword not implemented")
+}
+func (UnimplementedAccountServiceServer) CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedAccountServiceServer) DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteUser not implemented")
+}
+func (UnimplementedAccountServiceServer) ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangeData not implemented")
+}
+func (UnimplementedAccountServiceServer) AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRole not implemented")
+}
+func (UnimplementedAccountServiceServer) RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RevokeRole not implemented")
+}
+func (UnimplementedAccountServiceServer) SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SetPin not implemented")
+}
+func (UnimplementedAccountServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+}
+func (UnimplementedAccountServiceServer) GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetPinStatus not implemented")
+}
+func (UnimplementedAccountServiceServer) RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemovePin not implemented")
+}
+func (UnimplementedAccountServiceServer) BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockUser not implemented")
+}
+func (UnimplementedAccountServiceServer) UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockUser not implemented")
+}
+func (UnimplementedAccountServiceServer) BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockIp not implemented")
+}
+func (UnimplementedAccountServiceServer) UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockIp not implemented")
+}
 func (UnimplementedAccountServiceServer) mustEmbedUnimplementedAccountServiceServer() {}
 func (UnimplementedAccountServiceServer) testEmbeddedByValue()                        {}
 
@@ -104,6 +344,276 @@ func _AccountService_GetAccount_Handler(srv interface{}, ctx context.Context, de
 	return interceptor(ctx, in, info, handler)
 }
 
+func _AccountService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_AdminResetPassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AdminResetPasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).AdminResetPassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_AdminResetPassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).AdminResetPassword(ctx, req.(*AdminResetPasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).DeleteUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_DeleteUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).DeleteUser(ctx, req.(*DeleteUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_ChangeData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangeDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).ChangeData(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_ChangeData_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).ChangeData(ctx, req.(*ChangeDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_AssignRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).AssignRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_AssignRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).AssignRole(ctx, req.(*AssignRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_RevokeRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RevokeRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).RevokeRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_RevokeRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).RevokeRole(ctx, req.(*RevokeRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_SetPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SetPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).SetPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_SetPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).SetPin(ctx, req.(*SetPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnlockPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnlockPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnlockPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_GetPinStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetPinStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_GetPinStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, req.(*GetPinStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_RemovePin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemovePinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).RemovePin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_RemovePin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).RemovePin(ctx, req.(*RemovePinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_BlockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).BlockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_BlockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).BlockUser(ctx, req.(*BlockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnblockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnblockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnblockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnblockUser(ctx, req.(*UnblockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_BlockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).BlockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_BlockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).BlockIp(ctx, req.(*BlockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnblockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnblockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnblockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnblockIp(ctx, req.(*UnblockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // AccountService_ServiceDesc is the grpc.ServiceDesc for AccountService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -115,6 +625,66 @@ var AccountService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetAccount",
 			Handler:    _AccountService_GetAccount_Handler,
 		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _AccountService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "AdminResetPassword",
+			Handler:    _AccountService_AdminResetPassword_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _AccountService_CreateUser_Handler,
+		},
+		{
+			MethodName: "DeleteUser",
+			Handler:    _AccountService_DeleteUser_Handler,
+		},
+		{
+			MethodName: "ChangeData",
+			Handler:    _AccountService_ChangeData_Handler,
+		},
+		{
+			MethodName: "AssignRole",
+			Handler:    _AccountService_AssignRole_Handler,
+		},
+		{
+			MethodName: "RevokeRole",
+			Handler:    _AccountService_RevokeRole_Handler,
+		},
+		{
+			MethodName: "SetPin",
+			Handler:    _AccountService_SetPin_Handler,
+		},
+		{
+			MethodName: "UnlockPin",
+			Handler:    _AccountService_UnlockPin_Handler,
+		},
+		{
+			MethodName: "GetPinStatus",
+			Handler:    _AccountService_GetPinStatus_Handler,
+		},
+		{
+			MethodName: "RemovePin",
+			Handler:    _AccountService_RemovePin_Handler,
+		},
+		{
+			MethodName: "BlockUser",
+			Handler:    _AccountService_BlockUser_Handler,
+		},
+		{
+			MethodName: "UnblockUser",
+			Handler:    _AccountService_UnblockUser_Handler,
+		},
+		{
+			MethodName: "BlockIp",
+			Handler:    _AccountService_BlockIp_Handler,
+		},
+		{
+			MethodName: "UnblockIp",
+			Handler:    _AccountService_UnblockIp_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "account.proto",

gen/go/admin/admin-account_grpc.pb.go

@@ -0,0 +1,821 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: admin/admin-account.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AdminService_CreateUser_FullMethodName         = "/admin.v1.AdminService/CreateUser"
+	AdminService_DeleteUser_FullMethodName         = "/admin.v1.AdminService/DeleteUser"
+	AdminService_BlockUser_FullMethodName          = "/admin.v1.AdminService/BlockUser"
+	AdminService_UnblockUser_FullMethodName        = "/admin.v1.AdminService/UnblockUser"
+	AdminService_ChangeData_FullMethodName         = "/admin.v1.AdminService/ChangeData"
+	AdminService_AdminResetPassword_FullMethodName = "/admin.v1.AdminService/AdminResetPassword"
+	AdminService_AssignRole_FullMethodName         = "/admin.v1.AdminService/AssignRole"
+	AdminService_RevokeRole_FullMethodName         = "/admin.v1.AdminService/RevokeRole"
+	AdminService_BlockIp_FullMethodName            = "/admin.v1.AdminService/BlockIp"
+	AdminService_UnblockIp_FullMethodName          = "/admin.v1.AdminService/UnblockIp"
+	AdminService_SyncUsersToSearch_FullMethodName  = "/admin.v1.AdminService/SyncUsersToSearch"
+	AdminService_HandleGrafanaAlert_FullMethodName = "/admin.v1.AdminService/HandleGrafanaAlert"
+	AdminService_GetAllPermissions_FullMethodName  = "/admin.v1.AdminService/GetAllPermissions"
+	AdminService_GetAllRoles_FullMethodName        = "/admin.v1.AdminService/GetAllRoles"
+	AdminService_CreateRole_FullMethodName         = "/admin.v1.AdminService/CreateRole"
+	AdminService_UpdateRole_FullMethodName         = "/admin.v1.AdminService/UpdateRole"
+	AdminService_DeleteRole_FullMethodName         = "/admin.v1.AdminService/DeleteRole"
+	AdminService_CreatePermission_FullMethodName   = "/admin.v1.AdminService/CreatePermission"
+	AdminService_UpdatePermission_FullMethodName   = "/admin.v1.AdminService/UpdatePermission"
+)
+
+// AdminServiceClient is the client API for AdminService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// Единый сервис для всех административных операций
+type AdminServiceClient interface {
+	// Управление учетными записями
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error)
+	DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error)
+	BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error)
+	UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error)
+	// Управление данными и безопасностью
+	ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error)
+	AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error)
+	// Управление ролями (RBAC)
+	AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error)
+	RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error)
+	// Управление черным списком IP
+	BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error)
+	UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error)
+	// Синхронизация с поисковым движком (Elasticsearch)
+	SyncUsersToSearch(ctx context.Context, in *SyncUsersToSearchRequest, opts ...grpc.CallOption) (*SyncUsersToSearchResponse, error)
+	HandleGrafanaAlert(ctx context.Context, in *GrafanaAlertRequest, opts ...grpc.CallOption) (*GrafanaAlertResponse, error)
+	// RBAC
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsAdminRequest, opts ...grpc.CallOption) (*GetAllPermissionsAdminResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesAdminRequest, opts ...grpc.CallOption) (*GetAllRolesAdminResponse, error)
+	CreateRole(ctx context.Context, in *CreateRoleAdminRequest, opts ...grpc.CallOption) (*ModifyRoleAdminResponse, error)
+	UpdateRole(ctx context.Context, in *UpdateRoleAdminRequest, opts ...grpc.CallOption) (*ModifyRoleAdminResponse, error)
+	DeleteRole(ctx context.Context, in *DeleteRoleAdminRequest, opts ...grpc.CallOption) (*DeleteRoleAdminResponse, error)
+	CreatePermission(ctx context.Context, in *CreatePermissionAdminRequest, opts ...grpc.CallOption) (*ModifyPermissionAdminResponse, error)
+	UpdatePermission(ctx context.Context, in *UpdatePermissionAdminRequest, opts ...grpc.CallOption) (*ModifyPermissionAdminResponse, error)
+}
+
+type adminServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAdminServiceClient(cc grpc.ClientConnInterface) AdminServiceClient {
+	return &adminServiceClient{cc}
+}
+
+func (c *adminServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateUserResponse)
+	err := c.cc.Invoke(ctx, AdminService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) DeleteUser(ctx context.Context, in *DeleteUserRequest, opts ...grpc.CallOption) (*DeleteUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteUserResponse)
+	err := c.cc.Invoke(ctx, AdminService_DeleteUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockUserResponse)
+	err := c.cc.Invoke(ctx, AdminService_BlockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockUserResponse)
+	err := c.cc.Invoke(ctx, AdminService_UnblockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) ChangeData(ctx context.Context, in *ChangeDataRequest, opts ...grpc.CallOption) (*ChangeDataResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangeDataResponse)
+	err := c.cc.Invoke(ctx, AdminService_ChangeData_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) AdminResetPassword(ctx context.Context, in *AdminResetPasswordRequest, opts ...grpc.CallOption) (*AdminResetPasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AdminResetPasswordResponse)
+	err := c.cc.Invoke(ctx, AdminService_AdminResetPassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) AssignRole(ctx context.Context, in *AssignRoleRequest, opts ...grpc.CallOption) (*AssignRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AssignRoleResponse)
+	err := c.cc.Invoke(ctx, AdminService_AssignRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) RevokeRole(ctx context.Context, in *RevokeRoleRequest, opts ...grpc.CallOption) (*RevokeRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RevokeRoleResponse)
+	err := c.cc.Invoke(ctx, AdminService_RevokeRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) BlockIp(ctx context.Context, in *BlockIpRequest, opts ...grpc.CallOption) (*BlockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockIpResponse)
+	err := c.cc.Invoke(ctx, AdminService_BlockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) UnblockIp(ctx context.Context, in *UnblockIpRequest, opts ...grpc.CallOption) (*UnblockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockIpResponse)
+	err := c.cc.Invoke(ctx, AdminService_UnblockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) SyncUsersToSearch(ctx context.Context, in *SyncUsersToSearchRequest, opts ...grpc.CallOption) (*SyncUsersToSearchResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SyncUsersToSearchResponse)
+	err := c.cc.Invoke(ctx, AdminService_SyncUsersToSearch_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) HandleGrafanaAlert(ctx context.Context, in *GrafanaAlertRequest, opts ...grpc.CallOption) (*GrafanaAlertResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GrafanaAlertResponse)
+	err := c.cc.Invoke(ctx, AdminService_HandleGrafanaAlert_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsAdminRequest, opts ...grpc.CallOption) (*GetAllPermissionsAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesAdminRequest, opts ...grpc.CallOption) (*GetAllRolesAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) CreateRole(ctx context.Context, in *CreateRoleAdminRequest, opts ...grpc.CallOption) (*ModifyRoleAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_CreateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleAdminRequest, opts ...grpc.CallOption) (*ModifyRoleAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_UpdateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleAdminRequest, opts ...grpc.CallOption) (*DeleteRoleAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteRoleAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_DeleteRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) CreatePermission(ctx context.Context, in *CreatePermissionAdminRequest, opts ...grpc.CallOption) (*ModifyPermissionAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_CreatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *adminServiceClient) UpdatePermission(ctx context.Context, in *UpdatePermissionAdminRequest, opts ...grpc.CallOption) (*ModifyPermissionAdminResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionAdminResponse)
+	err := c.cc.Invoke(ctx, AdminService_UpdatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AdminServiceServer is the server API for AdminService service.
+// All implementations must embed UnimplementedAdminServiceServer
+// for forward compatibility.
+//
+// Единый сервис для всех административных операций
+type AdminServiceServer interface {
+	// Управление учетными записями
+	CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error)
+	DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error)
+	BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error)
+	UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error)
+	// Управление данными и безопасностью
+	ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error)
+	AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error)
+	// Управление ролями (RBAC)
+	AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error)
+	RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error)
+	// Управление черным списком IP
+	BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error)
+	UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error)
+	// Синхронизация с поисковым движком (Elasticsearch)
+	SyncUsersToSearch(context.Context, *SyncUsersToSearchRequest) (*SyncUsersToSearchResponse, error)
+	HandleGrafanaAlert(context.Context, *GrafanaAlertRequest) (*GrafanaAlertResponse, error)
+	// RBAC
+	GetAllPermissions(context.Context, *GetAllPermissionsAdminRequest) (*GetAllPermissionsAdminResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesAdminRequest) (*GetAllRolesAdminResponse, error)
+	CreateRole(context.Context, *CreateRoleAdminRequest) (*ModifyRoleAdminResponse, error)
+	UpdateRole(context.Context, *UpdateRoleAdminRequest) (*ModifyRoleAdminResponse, error)
+	DeleteRole(context.Context, *DeleteRoleAdminRequest) (*DeleteRoleAdminResponse, error)
+	CreatePermission(context.Context, *CreatePermissionAdminRequest) (*ModifyPermissionAdminResponse, error)
+	UpdatePermission(context.Context, *UpdatePermissionAdminRequest) (*ModifyPermissionAdminResponse, error)
+	mustEmbedUnimplementedAdminServiceServer()
+}
+
+// UnimplementedAdminServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAdminServiceServer struct{}
+
+func (UnimplementedAdminServiceServer) CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedAdminServiceServer) DeleteUser(context.Context, *DeleteUserRequest) (*DeleteUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteUser not implemented")
+}
+func (UnimplementedAdminServiceServer) BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockUser not implemented")
+}
+func (UnimplementedAdminServiceServer) UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockUser not implemented")
+}
+func (UnimplementedAdminServiceServer) ChangeData(context.Context, *ChangeDataRequest) (*ChangeDataResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangeData not implemented")
+}
+func (UnimplementedAdminServiceServer) AdminResetPassword(context.Context, *AdminResetPasswordRequest) (*AdminResetPasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AdminResetPassword not implemented")
+}
+func (UnimplementedAdminServiceServer) AssignRole(context.Context, *AssignRoleRequest) (*AssignRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRole not implemented")
+}
+func (UnimplementedAdminServiceServer) RevokeRole(context.Context, *RevokeRoleRequest) (*RevokeRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RevokeRole not implemented")
+}
+func (UnimplementedAdminServiceServer) BlockIp(context.Context, *BlockIpRequest) (*BlockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockIp not implemented")
+}
+func (UnimplementedAdminServiceServer) UnblockIp(context.Context, *UnblockIpRequest) (*UnblockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockIp not implemented")
+}
+func (UnimplementedAdminServiceServer) SyncUsersToSearch(context.Context, *SyncUsersToSearchRequest) (*SyncUsersToSearchResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SyncUsersToSearch not implemented")
+}
+func (UnimplementedAdminServiceServer) HandleGrafanaAlert(context.Context, *GrafanaAlertRequest) (*GrafanaAlertResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method HandleGrafanaAlert not implemented")
+}
+func (UnimplementedAdminServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsAdminRequest) (*GetAllPermissionsAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedAdminServiceServer) GetAllRoles(context.Context, *GetAllRolesAdminRequest) (*GetAllRolesAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedAdminServiceServer) CreateRole(context.Context, *CreateRoleAdminRequest) (*ModifyRoleAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateRole not implemented")
+}
+func (UnimplementedAdminServiceServer) UpdateRole(context.Context, *UpdateRoleAdminRequest) (*ModifyRoleAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateRole not implemented")
+}
+func (UnimplementedAdminServiceServer) DeleteRole(context.Context, *DeleteRoleAdminRequest) (*DeleteRoleAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteRole not implemented")
+}
+func (UnimplementedAdminServiceServer) CreatePermission(context.Context, *CreatePermissionAdminRequest) (*ModifyPermissionAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreatePermission not implemented")
+}
+func (UnimplementedAdminServiceServer) UpdatePermission(context.Context, *UpdatePermissionAdminRequest) (*ModifyPermissionAdminResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdatePermission not implemented")
+}
+func (UnimplementedAdminServiceServer) mustEmbedUnimplementedAdminServiceServer() {}
+func (UnimplementedAdminServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeAdminServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AdminServiceServer will
+// result in compilation errors.
+type UnsafeAdminServiceServer interface {
+	mustEmbedUnimplementedAdminServiceServer()
+}
+
+func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) {
+	// If the following call panics, it indicates UnimplementedAdminServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AdminService_ServiceDesc, srv)
+}
+
+func _AdminService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).DeleteUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_DeleteUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).DeleteUser(ctx, req.(*DeleteUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_BlockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).BlockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_BlockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).BlockUser(ctx, req.(*BlockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_UnblockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).UnblockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_UnblockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).UnblockUser(ctx, req.(*UnblockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_ChangeData_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangeDataRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).ChangeData(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_ChangeData_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).ChangeData(ctx, req.(*ChangeDataRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_AdminResetPassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AdminResetPasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).AdminResetPassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_AdminResetPassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).AdminResetPassword(ctx, req.(*AdminResetPasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_AssignRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).AssignRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_AssignRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).AssignRole(ctx, req.(*AssignRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_RevokeRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RevokeRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).RevokeRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_RevokeRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).RevokeRole(ctx, req.(*RevokeRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_BlockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).BlockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_BlockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).BlockIp(ctx, req.(*BlockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_UnblockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).UnblockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_UnblockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).UnblockIp(ctx, req.(*UnblockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_SyncUsersToSearch_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SyncUsersToSearchRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).SyncUsersToSearch(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_SyncUsersToSearch_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).SyncUsersToSearch(ctx, req.(*SyncUsersToSearchRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_HandleGrafanaAlert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GrafanaAlertRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).HandleGrafanaAlert(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_HandleGrafanaAlert_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).HandleGrafanaAlert(ctx, req.(*GrafanaAlertRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).GetAllRoles(ctx, req.(*GetAllRolesAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_CreateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRoleAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).CreateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_CreateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).CreateRole(ctx, req.(*CreateRoleAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_UpdateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRoleAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).UpdateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_UpdateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).UpdateRole(ctx, req.(*UpdateRoleAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRoleAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).DeleteRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_DeleteRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).DeleteRole(ctx, req.(*DeleteRoleAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_CreatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreatePermissionAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).CreatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_CreatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).CreatePermission(ctx, req.(*CreatePermissionAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AdminService_UpdatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdatePermissionAdminRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AdminServiceServer).UpdatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AdminService_UpdatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AdminServiceServer).UpdatePermission(ctx, req.(*UpdatePermissionAdminRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AdminService_ServiceDesc is the grpc.ServiceDesc for AdminService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AdminService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "admin.v1.AdminService",
+	HandlerType: (*AdminServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateUser",
+			Handler:    _AdminService_CreateUser_Handler,
+		},
+		{
+			MethodName: "DeleteUser",
+			Handler:    _AdminService_DeleteUser_Handler,
+		},
+		{
+			MethodName: "BlockUser",
+			Handler:    _AdminService_BlockUser_Handler,
+		},
+		{
+			MethodName: "UnblockUser",
+			Handler:    _AdminService_UnblockUser_Handler,
+		},
+		{
+			MethodName: "ChangeData",
+			Handler:    _AdminService_ChangeData_Handler,
+		},
+		{
+			MethodName: "AdminResetPassword",
+			Handler:    _AdminService_AdminResetPassword_Handler,
+		},
+		{
+			MethodName: "AssignRole",
+			Handler:    _AdminService_AssignRole_Handler,
+		},
+		{
+			MethodName: "RevokeRole",
+			Handler:    _AdminService_RevokeRole_Handler,
+		},
+		{
+			MethodName: "BlockIp",
+			Handler:    _AdminService_BlockIp_Handler,
+		},
+		{
+			MethodName: "UnblockIp",
+			Handler:    _AdminService_UnblockIp_Handler,
+		},
+		{
+			MethodName: "SyncUsersToSearch",
+			Handler:    _AdminService_SyncUsersToSearch_Handler,
+		},
+		{
+			MethodName: "HandleGrafanaAlert",
+			Handler:    _AdminService_HandleGrafanaAlert_Handler,
+		},
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _AdminService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _AdminService_GetAllRoles_Handler,
+		},
+		{
+			MethodName: "CreateRole",
+			Handler:    _AdminService_CreateRole_Handler,
+		},
+		{
+			MethodName: "UpdateRole",
+			Handler:    _AdminService_UpdateRole_Handler,
+		},
+		{
+			MethodName: "DeleteRole",
+			Handler:    _AdminService_DeleteRole_Handler,
+		},
+		{
+			MethodName: "CreatePermission",
+			Handler:    _AdminService_CreatePermission_Handler,
+		},
+		{
+			MethodName: "UpdatePermission",
+			Handler:    _AdminService_UpdatePermission_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "admin/admin-account.proto",
+}

gen/go/admin/audit.pb.go

@@ -0,0 +1,378 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: admin/audit.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAuditLogsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	AccountId     *string                `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3,oneof" json:"account_id,omitempty"`
+	Type          *string                `protobuf:"bytes,2,opt,name=type,proto3,oneof" json:"type,omitempty"`
+	Action        *string                `protobuf:"bytes,3,opt,name=action,proto3,oneof" json:"action,omitempty"`
+	StartDate     *string                `protobuf:"bytes,4,opt,name=start_date,json=startDate,proto3,oneof" json:"start_date,omitempty"` // ISO string
+	EndDate       *string                `protobuf:"bytes,5,opt,name=end_date,json=endDate,proto3,oneof" json:"end_date,omitempty"`       // ISO string
+	Page          int32                  `protobuf:"varint,6,opt,name=page,proto3" json:"page,omitempty"`
+	Limit         int32                  `protobuf:"varint,7,opt,name=limit,proto3" json:"limit,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAuditLogsRequest) Reset() {
+	*x = GetAuditLogsRequest{}
+	mi := &file_admin_audit_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAuditLogsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAuditLogsRequest) ProtoMessage() {}
+
+func (x *GetAuditLogsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_audit_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAuditLogsRequest.ProtoReflect.Descriptor instead.
+func (*GetAuditLogsRequest) Descriptor() ([]byte, []int) {
+	return file_admin_audit_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAuditLogsRequest) GetAccountId() string {
+	if x != nil && x.AccountId != nil {
+		return *x.AccountId
+	}
+	return ""
+}
+
+func (x *GetAuditLogsRequest) GetType() string {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return ""
+}
+
+func (x *GetAuditLogsRequest) GetAction() string {
+	if x != nil && x.Action != nil {
+		return *x.Action
+	}
+	return ""
+}
+
+func (x *GetAuditLogsRequest) GetStartDate() string {
+	if x != nil && x.StartDate != nil {
+		return *x.StartDate
+	}
+	return ""
+}
+
+func (x *GetAuditLogsRequest) GetEndDate() string {
+	if x != nil && x.EndDate != nil {
+		return *x.EndDate
+	}
+	return ""
+}
+
+func (x *GetAuditLogsRequest) GetPage() int32 {
+	if x != nil {
+		return x.Page
+	}
+	return 0
+}
+
+func (x *GetAuditLogsRequest) GetLimit() int32 {
+	if x != nil {
+		return x.Limit
+	}
+	return 0
+}
+
+type AuditLogItem struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	AccountId     string                 `protobuf:"bytes,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
+	Type          string                 `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`
+	Action        string                 `protobuf:"bytes,4,opt,name=action,proto3" json:"action,omitempty"`
+	IpAddress     string                 `protobuf:"bytes,5,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
+	UserAgent     string                 `protobuf:"bytes,6,opt,name=user_agent,json=userAgent,proto3" json:"user_agent,omitempty"`
+	Detail        string                 `protobuf:"bytes,7,opt,name=detail,proto3" json:"detail,omitempty"`
+	CreatedAt     string                 `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AuditLogItem) Reset() {
+	*x = AuditLogItem{}
+	mi := &file_admin_audit_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AuditLogItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuditLogItem) ProtoMessage() {}
+
+func (x *AuditLogItem) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_audit_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuditLogItem.ProtoReflect.Descriptor instead.
+func (*AuditLogItem) Descriptor() ([]byte, []int) {
+	return file_admin_audit_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *AuditLogItem) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetAccountId() string {
+	if x != nil {
+		return x.AccountId
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetAction() string {
+	if x != nil {
+		return x.Action
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetIpAddress() string {
+	if x != nil {
+		return x.IpAddress
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetUserAgent() string {
+	if x != nil {
+		return x.UserAgent
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetDetail() string {
+	if x != nil {
+		return x.Detail
+	}
+	return ""
+}
+
+func (x *AuditLogItem) GetCreatedAt() string {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return ""
+}
+
+type GetAuditLogsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Logs          []*AuditLogItem        `protobuf:"bytes,1,rep,name=logs,proto3" json:"logs,omitempty"`
+	Total         int32                  `protobuf:"varint,2,opt,name=total,proto3" json:"total,omitempty"`
+	Page          int32                  `protobuf:"varint,3,opt,name=page,proto3" json:"page,omitempty"`
+	TotalPages    int32                  `protobuf:"varint,4,opt,name=total_pages,json=totalPages,proto3" json:"total_pages,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAuditLogsResponse) Reset() {
+	*x = GetAuditLogsResponse{}
+	mi := &file_admin_audit_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAuditLogsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAuditLogsResponse) ProtoMessage() {}
+
+func (x *GetAuditLogsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_audit_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAuditLogsResponse.ProtoReflect.Descriptor instead.
+func (*GetAuditLogsResponse) Descriptor() ([]byte, []int) {
+	return file_admin_audit_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GetAuditLogsResponse) GetLogs() []*AuditLogItem {
+	if x != nil {
+		return x.Logs
+	}
+	return nil
+}
+
+func (x *GetAuditLogsResponse) GetTotal() int32 {
+	if x != nil {
+		return x.Total
+	}
+	return 0
+}
+
+func (x *GetAuditLogsResponse) GetPage() int32 {
+	if x != nil {
+		return x.Page
+	}
+	return 0
+}
+
+func (x *GetAuditLogsResponse) GetTotalPages() int32 {
+	if x != nil {
+		return x.TotalPages
+	}
+	return 0
+}
+
+var File_admin_audit_proto protoreflect.FileDescriptor
+
+const file_admin_audit_proto_rawDesc = "" +
+	"\n" +
+	"\x11admin/audit.proto\x12\baudit.v1\"\x9c\x02\n" +
+	"\x13GetAuditLogsRequest\x12\"\n" +
+	"\n" +
+	"account_id\x18\x01 \x01(\tH\x00R\taccountId\x88\x01\x01\x12\x17\n" +
+	"\x04type\x18\x02 \x01(\tH\x01R\x04type\x88\x01\x01\x12\x1b\n" +
+	"\x06action\x18\x03 \x01(\tH\x02R\x06action\x88\x01\x01\x12\"\n" +
+	"\n" +
+	"start_date\x18\x04 \x01(\tH\x03R\tstartDate\x88\x01\x01\x12\x1e\n" +
+	"\bend_date\x18\x05 \x01(\tH\x04R\aendDate\x88\x01\x01\x12\x12\n" +
+	"\x04page\x18\x06 \x01(\x05R\x04page\x12\x14\n" +
+	"\x05limit\x18\a \x01(\x05R\x05limitB\r\n" +
+	"\v_account_idB\a\n" +
+	"\x05_typeB\t\n" +
+	"\a_actionB\r\n" +
+	"\v_start_dateB\v\n" +
+	"\t_end_date\"\xde\x01\n" +
+	"\fAuditLogItem\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1d\n" +
+	"\n" +
+	"account_id\x18\x02 \x01(\tR\taccountId\x12\x12\n" +
+	"\x04type\x18\x03 \x01(\tR\x04type\x12\x16\n" +
+	"\x06action\x18\x04 \x01(\tR\x06action\x12\x1d\n" +
+	"\n" +
+	"ip_address\x18\x05 \x01(\tR\tipAddress\x12\x1d\n" +
+	"\n" +
+	"user_agent\x18\x06 \x01(\tR\tuserAgent\x12\x16\n" +
+	"\x06detail\x18\a \x01(\tR\x06detail\x12\x1d\n" +
+	"\n" +
+	"created_at\x18\b \x01(\tR\tcreatedAt\"\x8d\x01\n" +
+	"\x14GetAuditLogsResponse\x12*\n" +
+	"\x04logs\x18\x01 \x03(\v2\x16.audit.v1.AuditLogItemR\x04logs\x12\x14\n" +
+	"\x05total\x18\x02 \x01(\x05R\x05total\x12\x12\n" +
+	"\x04page\x18\x03 \x01(\x05R\x04page\x12\x1f\n" +
+	"\vtotal_pages\x18\x04 \x01(\x05R\n" +
+	"totalPages2]\n" +
+	"\fAuditService\x12M\n" +
+	"\fGetAuditLogs\x12\x1d.audit.v1.GetAuditLogsRequest\x1a\x1e.audit.v1.GetAuditLogsResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_admin_audit_proto_rawDescOnce sync.Once
+	file_admin_audit_proto_rawDescData []byte
+)
+
+func file_admin_audit_proto_rawDescGZIP() []byte {
+	file_admin_audit_proto_rawDescOnce.Do(func() {
+		file_admin_audit_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_admin_audit_proto_rawDesc), len(file_admin_audit_proto_rawDesc)))
+	})
+	return file_admin_audit_proto_rawDescData
+}
+
+var file_admin_audit_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_admin_audit_proto_goTypes = []any{
+	(*GetAuditLogsRequest)(nil),  // 0: audit.v1.GetAuditLogsRequest
+	(*AuditLogItem)(nil),         // 1: audit.v1.AuditLogItem
+	(*GetAuditLogsResponse)(nil), // 2: audit.v1.GetAuditLogsResponse
+}
+var file_admin_audit_proto_depIdxs = []int32{
+	1, // 0: audit.v1.GetAuditLogsResponse.logs:type_name -> audit.v1.AuditLogItem
+	0, // 1: audit.v1.AuditService.GetAuditLogs:input_type -> audit.v1.GetAuditLogsRequest
+	2, // 2: audit.v1.AuditService.GetAuditLogs:output_type -> audit.v1.GetAuditLogsResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_admin_audit_proto_init() }
+func file_admin_audit_proto_init() {
+	if File_admin_audit_proto != nil {
+		return
+	}
+	file_admin_audit_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_admin_audit_proto_rawDesc), len(file_admin_audit_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_admin_audit_proto_goTypes,
+		DependencyIndexes: file_admin_audit_proto_depIdxs,
+		MessageInfos:      file_admin_audit_proto_msgTypes,
+	}.Build()
+	File_admin_audit_proto = out.File
+	file_admin_audit_proto_goTypes = nil
+	file_admin_audit_proto_depIdxs = nil
+}

gen/go/admin/audit_grpc.pb.go

@@ -0,0 +1,121 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: admin/audit.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AuditService_GetAuditLogs_FullMethodName = "/audit.v1.AuditService/GetAuditLogs"
+)
+
+// AuditServiceClient is the client API for AuditService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuditServiceClient interface {
+	GetAuditLogs(ctx context.Context, in *GetAuditLogsRequest, opts ...grpc.CallOption) (*GetAuditLogsResponse, error)
+}
+
+type auditServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAuditServiceClient(cc grpc.ClientConnInterface) AuditServiceClient {
+	return &auditServiceClient{cc}
+}
+
+func (c *auditServiceClient) GetAuditLogs(ctx context.Context, in *GetAuditLogsRequest, opts ...grpc.CallOption) (*GetAuditLogsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAuditLogsResponse)
+	err := c.cc.Invoke(ctx, AuditService_GetAuditLogs_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuditServiceServer is the server API for AuditService service.
+// All implementations must embed UnimplementedAuditServiceServer
+// for forward compatibility.
+type AuditServiceServer interface {
+	GetAuditLogs(context.Context, *GetAuditLogsRequest) (*GetAuditLogsResponse, error)
+	mustEmbedUnimplementedAuditServiceServer()
+}
+
+// UnimplementedAuditServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAuditServiceServer struct{}
+
+func (UnimplementedAuditServiceServer) GetAuditLogs(context.Context, *GetAuditLogsRequest) (*GetAuditLogsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAuditLogs not implemented")
+}
+func (UnimplementedAuditServiceServer) mustEmbedUnimplementedAuditServiceServer() {}
+func (UnimplementedAuditServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeAuditServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuditServiceServer will
+// result in compilation errors.
+type UnsafeAuditServiceServer interface {
+	mustEmbedUnimplementedAuditServiceServer()
+}
+
+func RegisterAuditServiceServer(s grpc.ServiceRegistrar, srv AuditServiceServer) {
+	// If the following call panics, it indicates UnimplementedAuditServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AuditService_ServiceDesc, srv)
+}
+
+func _AuditService_GetAuditLogs_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAuditLogsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuditServiceServer).GetAuditLogs(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuditService_GetAuditLogs_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuditServiceServer).GetAuditLogs(ctx, req.(*GetAuditLogsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AuditService_ServiceDesc is the grpc.ServiceDesc for AuditService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuditService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "audit.v1.AuditService",
+	HandlerType: (*AuditServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetAuditLogs",
+			Handler:    _AuditService_GetAuditLogs_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "admin/audit.proto",
+}

gen/go/admin/rbac_grpc.pb.go

@@ -0,0 +1,539 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: admin/rbac.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	RbacService_CreateRole_FullMethodName                 = "/rbac.v1.RbacService/CreateRole"
+	RbacService_UpdateRole_FullMethodName                 = "/rbac.v1.RbacService/UpdateRole"
+	RbacService_DeleteRole_FullMethodName                 = "/rbac.v1.RbacService/DeleteRole"
+	RbacService_CreatePermission_FullMethodName           = "/rbac.v1.RbacService/CreatePermission"
+	RbacService_UpdatePermission_FullMethodName           = "/rbac.v1.RbacService/UpdatePermission"
+	RbacService_GetAllPermissions_FullMethodName          = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName                = "/rbac.v1.RbacService/GetAllRoles"
+	RbacService_AssignRolesByName_FullMethodName          = "/rbac.v1.RbacService/AssignRolesByName"
+	RbacService_GetUserRolesAndPermissions_FullMethodName = "/rbac.v1.RbacService/GetUserRolesAndPermissions"
+	RbacService_AssignRoleToUser_FullMethodName           = "/rbac.v1.RbacService/AssignRoleToUser"
+	RbacService_RevokeRoleFromUser_FullMethodName         = "/rbac.v1.RbacService/RevokeRoleFromUser"
+	RbacService_SyncLdapRoles_FullMethodName              = "/rbac.v1.RbacService/SyncLdapRoles"
+)
+
+// RbacServiceClient is the client API for RbacService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type RbacServiceClient interface {
+	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error)
+	CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+	AssignRolesByName(ctx context.Context, in *AssignRolesByNameRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	GetUserRolesAndPermissions(ctx context.Context, in *GetUserRolesRequest, opts ...grpc.CallOption) (*GetUserRolesResponse, error)
+	AssignRoleToUser(ctx context.Context, in *AssignRoleToUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	RevokeRoleFromUser(ctx context.Context, in *RevokeRoleFromUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	SyncLdapRoles(ctx context.Context, in *SyncLdapRolesRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+}
+
+type rbacServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewRbacServiceClient(cc grpc.ClientConnInterface) RbacServiceClient {
+	return &rbacServiceClient{cc}
+}
+
+func (c *rbacServiceClient) CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_DeleteRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) AssignRolesByName(ctx context.Context, in *AssignRolesByNameRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_AssignRolesByName_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetUserRolesAndPermissions(ctx context.Context, in *GetUserRolesRequest, opts ...grpc.CallOption) (*GetUserRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetUserRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetUserRolesAndPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) AssignRoleToUser(ctx context.Context, in *AssignRoleToUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_AssignRoleToUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) RevokeRoleFromUser(ctx context.Context, in *RevokeRoleFromUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_RevokeRoleFromUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) SyncLdapRoles(ctx context.Context, in *SyncLdapRolesRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_SyncLdapRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RbacServiceServer is the server API for RbacService service.
+// All implementations must embed UnimplementedRbacServiceServer
+// for forward compatibility.
+type RbacServiceServer interface {
+	CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error)
+	UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error)
+	DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error)
+	CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error)
+	UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error)
+	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	AssignRolesByName(context.Context, *AssignRolesByNameRequest) (*ModifyRoleResponse, error)
+	GetUserRolesAndPermissions(context.Context, *GetUserRolesRequest) (*GetUserRolesResponse, error)
+	AssignRoleToUser(context.Context, *AssignRoleToUserRequest) (*ModifyRoleResponse, error)
+	RevokeRoleFromUser(context.Context, *RevokeRoleFromUserRequest) (*ModifyRoleResponse, error)
+	SyncLdapRoles(context.Context, *SyncLdapRolesRequest) (*ModifyRoleResponse, error)
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+// UnimplementedRbacServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedRbacServiceServer struct{}
+
+func (UnimplementedRbacServiceServer) CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteRole not implemented")
+}
+func (UnimplementedRbacServiceServer) CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) AssignRolesByName(context.Context, *AssignRolesByNameRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRolesByName not implemented")
+}
+func (UnimplementedRbacServiceServer) GetUserRolesAndPermissions(context.Context, *GetUserRolesRequest) (*GetUserRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUserRolesAndPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) AssignRoleToUser(context.Context, *AssignRoleToUserRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRoleToUser not implemented")
+}
+func (UnimplementedRbacServiceServer) RevokeRoleFromUser(context.Context, *RevokeRoleFromUserRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RevokeRoleFromUser not implemented")
+}
+func (UnimplementedRbacServiceServer) SyncLdapRoles(context.Context, *SyncLdapRolesRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SyncLdapRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
+func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeRbacServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to RbacServiceServer will
+// result in compilation errors.
+type UnsafeRbacServiceServer interface {
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+func RegisterRbacServiceServer(s grpc.ServiceRegistrar, srv RbacServiceServer) {
+	// If the following call panics, it indicates UnimplementedRbacServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&RbacService_ServiceDesc, srv)
+}
+
+func _RbacService_CreateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreateRole(ctx, req.(*CreateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdateRole(ctx, req.(*UpdateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).DeleteRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_DeleteRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_CreatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreatePermission(ctx, req.(*CreatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, req.(*UpdatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, req.(*GetAllRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_AssignRolesByName_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRolesByNameRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).AssignRolesByName(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_AssignRolesByName_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).AssignRolesByName(ctx, req.(*AssignRolesByNameRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetUserRolesAndPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetUserRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetUserRolesAndPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetUserRolesAndPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetUserRolesAndPermissions(ctx, req.(*GetUserRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_AssignRoleToUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRoleToUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).AssignRoleToUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_AssignRoleToUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).AssignRoleToUser(ctx, req.(*AssignRoleToUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_RevokeRoleFromUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RevokeRoleFromUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).RevokeRoleFromUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_RevokeRoleFromUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).RevokeRoleFromUser(ctx, req.(*RevokeRoleFromUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_SyncLdapRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SyncLdapRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).SyncLdapRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_SyncLdapRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).SyncLdapRoles(ctx, req.(*SyncLdapRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var RbacService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "rbac.v1.RbacService",
+	HandlerType: (*RbacServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateRole",
+			Handler:    _RbacService_CreateRole_Handler,
+		},
+		{
+			MethodName: "UpdateRole",
+			Handler:    _RbacService_UpdateRole_Handler,
+		},
+		{
+			MethodName: "DeleteRole",
+			Handler:    _RbacService_DeleteRole_Handler,
+		},
+		{
+			MethodName: "CreatePermission",
+			Handler:    _RbacService_CreatePermission_Handler,
+		},
+		{
+			MethodName: "UpdatePermission",
+			Handler:    _RbacService_UpdatePermission_Handler,
+		},
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _RbacService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _RbacService_GetAllRoles_Handler,
+		},
+		{
+			MethodName: "AssignRolesByName",
+			Handler:    _RbacService_AssignRolesByName_Handler,
+		},
+		{
+			MethodName: "GetUserRolesAndPermissions",
+			Handler:    _RbacService_GetUserRolesAndPermissions_Handler,
+		},
+		{
+			MethodName: "AssignRoleToUser",
+			Handler:    _RbacService_AssignRoleToUser_Handler,
+		},
+		{
+			MethodName: "RevokeRoleFromUser",
+			Handler:    _RbacService_RevokeRoleFromUser_Handler,
+		},
+		{
+			MethodName: "SyncLdapRoles",
+			Handler:    _RbacService_SyncLdapRoles_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "admin/rbac.proto",
+}

gen/go/auth.pb.go

@@ -263,7 +263,8 @@ func (x *RefreshResponse) GetRefreshToken() string {
 
 type LogoutRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
-	AccessToken   string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
@@ -298,9 +299,16 @@ func (*LogoutRequest) Descriptor() ([]byte, []int) {
 	return file_auth_proto_rawDescGZIP(), []int{4}
 }
 
-func (x *LogoutRequest) GetAccessToken() string {
+func (x *LogoutRequest) GetUserId() string {
 	if x != nil {
-		return x.AccessToken
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *LogoutRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
 	}
 	return ""
 }
@@ -597,28 +605,28 @@ func (x *GetAccountRoleLevelResponse) GetRoleLevel() int32 {
 	return 0
 }
 
-type UnlockPinRequest struct {
+type GetSessionRequest struct {
 	state            protoimpl.MessageState `protogen:"open.v1"`
-	AccessToken   string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
-	PinCode       string                 `protobuf:"bytes,2,opt,name=pin_code,json=pinCode,proto3" json:"pin_code,omitempty"`
+	UserId           string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	CurrentSessionId string                 `protobuf:"bytes,2,opt,name=current_session_id,json=currentSessionId,proto3" json:"current_session_id,omitempty"`
 	unknownFields    protoimpl.UnknownFields
 	sizeCache        protoimpl.SizeCache
 }
 
-func (x *UnlockPinRequest) Reset() {
-	*x = UnlockPinRequest{}
+func (x *GetSessionRequest) Reset() {
+	*x = GetSessionRequest{}
 	mi := &file_auth_proto_msgTypes[10]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 
-func (x *UnlockPinRequest) String() string {
+func (x *GetSessionRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*UnlockPinRequest) ProtoMessage() {}
+func (*GetSessionRequest) ProtoMessage() {}
 
-func (x *UnlockPinRequest) ProtoReflect() protoreflect.Message {
+func (x *GetSessionRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_auth_proto_msgTypes[10]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -630,26 +638,198 @@ func (x *UnlockPinRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use UnlockPinRequest.ProtoReflect.Descriptor instead.
-func (*UnlockPinRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use GetSessionRequest.ProtoReflect.Descriptor instead.
+func (*GetSessionRequest) Descriptor() ([]byte, []int) {
 	return file_auth_proto_rawDescGZIP(), []int{10}
 }
 
-func (x *UnlockPinRequest) GetAccessToken() string {
+func (x *GetSessionRequest) GetUserId() string {
 	if x != nil {
-		return x.AccessToken
+		return x.UserId
 	}
 	return ""
 }
 
-func (x *UnlockPinRequest) GetPinCode() string {
+func (x *GetSessionRequest) GetCurrentSessionId() string {
 	if x != nil {
-		return x.PinCode
+		return x.CurrentSessionId
 	}
 	return ""
 }
 
-type UnlockPinResponse struct {
+type SessionItem struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Здесь будет лежать захэшированный ID
+	IpAddress     string                 `protobuf:"bytes,2,opt,name=ip_address,json=ipAddress,proto3" json:"ip_address,omitempty"`
+	UserAgent     string                 `protobuf:"bytes,3,opt,name=user_agent,json=userAgent,proto3" json:"user_agent,omitempty"`
+	LastActivity  int64                  `protobuf:"varint,4,opt,name=last_activity,json=lastActivity,proto3" json:"last_activity,omitempty"` // Unix timestamp в миллисекундах
+	IsCurrent     bool                   `protobuf:"varint,5,opt,name=is_current,json=isCurrent,proto3" json:"is_current,omitempty"`          // Флаг текущей сессии
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SessionItem) Reset() {
+	*x = SessionItem{}
+	mi := &file_auth_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SessionItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SessionItem) ProtoMessage() {}
+
+func (x *SessionItem) ProtoReflect() protoreflect.Message {
+	mi := &file_auth_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SessionItem.ProtoReflect.Descriptor instead.
+func (*SessionItem) Descriptor() ([]byte, []int) {
+	return file_auth_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *SessionItem) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *SessionItem) GetIpAddress() string {
+	if x != nil {
+		return x.IpAddress
+	}
+	return ""
+}
+
+func (x *SessionItem) GetUserAgent() string {
+	if x != nil {
+		return x.UserAgent
+	}
+	return ""
+}
+
+func (x *SessionItem) GetLastActivity() int64 {
+	if x != nil {
+		return x.LastActivity
+	}
+	return 0
+}
+
+func (x *SessionItem) GetIsCurrent() bool {
+	if x != nil {
+		return x.IsCurrent
+	}
+	return false
+}
+
+type GetSessionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Sessions      []*SessionItem         `protobuf:"bytes,1,rep,name=sessions,proto3" json:"sessions,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetSessionsResponse) Reset() {
+	*x = GetSessionsResponse{}
+	mi := &file_auth_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetSessionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetSessionsResponse) ProtoMessage() {}
+
+func (x *GetSessionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_auth_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetSessionsResponse.ProtoReflect.Descriptor instead.
+func (*GetSessionsResponse) Descriptor() ([]byte, []int) {
+	return file_auth_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *GetSessionsResponse) GetSessions() []*SessionItem {
+	if x != nil {
+		return x.Sessions
+	}
+	return nil
+}
+
+type TerminateSessionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	TargetHash    string                 `protobuf:"bytes,2,opt,name=target_hash,json=targetHash,proto3" json:"target_hash,omitempty"` // Хэш сессии, которую нужно убить
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *TerminateSessionRequest) Reset() {
+	*x = TerminateSessionRequest{}
+	mi := &file_auth_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *TerminateSessionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*TerminateSessionRequest) ProtoMessage() {}
+
+func (x *TerminateSessionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_auth_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use TerminateSessionRequest.ProtoReflect.Descriptor instead.
+func (*TerminateSessionRequest) Descriptor() ([]byte, []int) {
+	return file_auth_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *TerminateSessionRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *TerminateSessionRequest) GetTargetHash() string {
+	if x != nil {
+		return x.TargetHash
+	}
+	return ""
+}
+
+type TerminateSessionResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
 	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
@@ -657,21 +837,21 @@ type UnlockPinResponse struct {
 	sizeCache     protoimpl.SizeCache
 }
 
-func (x *UnlockPinResponse) Reset() {
-	*x = UnlockPinResponse{}
-	mi := &file_auth_proto_msgTypes[11]
+func (x *TerminateSessionResponse) Reset() {
+	*x = TerminateSessionResponse{}
+	mi := &file_auth_proto_msgTypes[14]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 
-func (x *UnlockPinResponse) String() string {
+func (x *TerminateSessionResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*UnlockPinResponse) ProtoMessage() {}
+func (*TerminateSessionResponse) ProtoMessage() {}
 
-func (x *UnlockPinResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_auth_proto_msgTypes[11]
+func (x *TerminateSessionResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_auth_proto_msgTypes[14]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
@@ -682,19 +862,19 @@ func (x *UnlockPinResponse) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use UnlockPinResponse.ProtoReflect.Descriptor instead.
-func (*UnlockPinResponse) Descriptor() ([]byte, []int) {
-	return file_auth_proto_rawDescGZIP(), []int{11}
+// Deprecated: Use TerminateSessionResponse.ProtoReflect.Descriptor instead.
+func (*TerminateSessionResponse) Descriptor() ([]byte, []int) {
+	return file_auth_proto_rawDescGZIP(), []int{14}
 }
 
-func (x *UnlockPinResponse) GetSuccess() bool {
+func (x *TerminateSessionResponse) GetSuccess() bool {
 	if x != nil {
 		return x.Success
 	}
 	return false
 }
 
-func (x *UnlockPinResponse) GetMessage() string {
+func (x *TerminateSessionResponse) GetMessage() string {
 	if x != nil {
 		return x.Message
 	}
@@ -728,9 +908,11 @@ const file_auth_proto_rawDesc = "" +
 	"\rrefresh_token\x18\x01 \x01(\tR\frefreshToken\"Y\n" +
 	"\x0fRefreshResponse\x12!\n" +
 	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12#\n" +
-	"\rrefresh_token\x18\x02 \x01(\tR\frefreshToken\"2\n" +
-	"\rLogoutRequest\x12!\n" +
-	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\"D\n" +
+	"\rrefresh_token\x18\x02 \x01(\tR\frefreshToken\"G\n" +
+	"\rLogoutRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"D\n" +
 	"\x0eLogoutResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
 	"\amessage\x18\x02 \x01(\tR\amessage\"*\n" +
@@ -759,21 +941,37 @@ const file_auth_proto_rawDesc = "" +
 	"\x1bGetAccountRoleLevelResponse\x12\x14\n" +
 	"\x05found\x18\x01 \x01(\bR\x05found\x12\x1d\n" +
 	"\n" +
-	"role_level\x18\x02 \x01(\x05R\troleLevel\"P\n" +
-	"\x10UnlockPinRequest\x12!\n" +
-	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12\x19\n" +
-	"\bpin_code\x18\x02 \x01(\tR\apinCode\"G\n" +
-	"\x11UnlockPinResponse\x12\x18\n" +
+	"role_level\x18\x02 \x01(\x05R\troleLevel\"Z\n" +
+	"\x11GetSessionRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12,\n" +
+	"\x12current_session_id\x18\x02 \x01(\tR\x10currentSessionId\"\x9f\x01\n" +
+	"\vSessionItem\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1d\n" +
+	"\n" +
+	"ip_address\x18\x02 \x01(\tR\tipAddress\x12\x1d\n" +
+	"\n" +
+	"user_agent\x18\x03 \x01(\tR\tuserAgent\x12#\n" +
+	"\rlast_activity\x18\x04 \x01(\x03R\flastActivity\x12\x1d\n" +
+	"\n" +
+	"is_current\x18\x05 \x01(\bR\tisCurrent\"G\n" +
+	"\x13GetSessionsResponse\x120\n" +
+	"\bsessions\x18\x01 \x03(\v2\x14.auth.v1.SessionItemR\bsessions\"S\n" +
+	"\x17TerminateSessionRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1f\n" +
+	"\vtarget_hash\x18\x02 \x01(\tR\n" +
+	"targetHash\"N\n" +
+	"\x18TerminateSessionResponse\x12\x18\n" +
 	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
-	"\amessage\x18\x02 \x01(\tR\amessage2\xec\x03\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage2\xcc\x04\n" +
 	"\vAuthService\x126\n" +
 	"\x05Login\x12\x15.auth.v1.LoginRequest\x1a\x16.auth.v1.LoginResponse\x12<\n" +
 	"\aRefresh\x12\x17.auth.v1.RefreshRequest\x1a\x18.auth.v1.RefreshResponse\x12H\n" +
 	"\vVerifyToken\x12\x1b.auth.v1.VerifyTokenRequest\x1a\x1c.auth.v1.VerifyTokenResponse\x12`\n" +
 	"\x13GetAccountRoleLevel\x12#.auth.v1.GetAccountRoleLevelRequest\x1a$.auth.v1.GetAccountRoleLevelResponse\x129\n" +
-	"\x06Logout\x12\x16.auth.v1.LogoutRequest\x1a\x17.auth.v1.LogoutResponse\x12<\n" +
-	"\tLogoutAll\x12\x16.auth.v1.LogoutRequest\x1a\x17.auth.v1.LogoutResponse\x12B\n" +
-	"\tUnlockPin\x12\x19.auth.v1.UnlockPinRequest\x1a\x1a.auth.v1.UnlockPinResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+	"\x06Logout\x12\x16.auth.v1.LogoutRequest\x1a\x17.auth.v1.LogoutResponse\x12>\n" +
+	"\vLogoutOther\x12\x16.auth.v1.LogoutRequest\x1a\x17.auth.v1.LogoutResponse\x12G\n" +
+	"\vGetSessions\x12\x1a.auth.v1.GetSessionRequest\x1a\x1c.auth.v1.GetSessionsResponse\x12W\n" +
+	"\x10TerminateSession\x12 .auth.v1.TerminateSessionRequest\x1a!.auth.v1.TerminateSessionResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
 
 var (
 	file_auth_proto_rawDescOnce sync.Once
@@ -787,7 +985,7 @@ func file_auth_proto_rawDescGZIP() []byte {
 	return file_auth_proto_rawDescData
 }
 
-var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
+var file_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 15)
 var file_auth_proto_goTypes = []any{
 	(*LoginRequest)(nil),                // 0: auth.v1.LoginRequest
 	(*LoginResponse)(nil),               // 1: auth.v1.LoginResponse
@@ -799,29 +997,35 @@ var file_auth_proto_goTypes = []any{
 	(*VerifyTokenResponse)(nil),         // 7: auth.v1.VerifyTokenResponse
 	(*GetAccountRoleLevelRequest)(nil),  // 8: auth.v1.GetAccountRoleLevelRequest
 	(*GetAccountRoleLevelResponse)(nil), // 9: auth.v1.GetAccountRoleLevelResponse
-	(*UnlockPinRequest)(nil),            // 10: auth.v1.UnlockPinRequest
-	(*UnlockPinResponse)(nil),           // 11: auth.v1.UnlockPinResponse
+	(*GetSessionRequest)(nil),           // 10: auth.v1.GetSessionRequest
+	(*SessionItem)(nil),                 // 11: auth.v1.SessionItem
+	(*GetSessionsResponse)(nil),         // 12: auth.v1.GetSessionsResponse
+	(*TerminateSessionRequest)(nil),     // 13: auth.v1.TerminateSessionRequest
+	(*TerminateSessionResponse)(nil),    // 14: auth.v1.TerminateSessionResponse
 }
 var file_auth_proto_depIdxs = []int32{
-	0,  // 0: auth.v1.AuthService.Login:input_type -> auth.v1.LoginRequest
-	2,  // 1: auth.v1.AuthService.Refresh:input_type -> auth.v1.RefreshRequest
-	6,  // 2: auth.v1.AuthService.VerifyToken:input_type -> auth.v1.VerifyTokenRequest
-	8,  // 3: auth.v1.AuthService.GetAccountRoleLevel:input_type -> auth.v1.GetAccountRoleLevelRequest
-	4,  // 4: auth.v1.AuthService.Logout:input_type -> auth.v1.LogoutRequest
-	4,  // 5: auth.v1.AuthService.LogoutAll:input_type -> auth.v1.LogoutRequest
-	10, // 6: auth.v1.AuthService.UnlockPin:input_type -> auth.v1.UnlockPinRequest
-	1,  // 7: auth.v1.AuthService.Login:output_type -> auth.v1.LoginResponse
-	3,  // 8: auth.v1.AuthService.Refresh:output_type -> auth.v1.RefreshResponse
-	7,  // 9: auth.v1.AuthService.VerifyToken:output_type -> auth.v1.VerifyTokenResponse
-	9,  // 10: auth.v1.AuthService.GetAccountRoleLevel:output_type -> auth.v1.GetAccountRoleLevelResponse
-	5,  // 11: auth.v1.AuthService.Logout:output_type -> auth.v1.LogoutResponse
-	5,  // 12: auth.v1.AuthService.LogoutAll:output_type -> auth.v1.LogoutResponse
-	11, // 13: auth.v1.AuthService.UnlockPin:output_type -> auth.v1.UnlockPinResponse
-	7,  // [7:14] is the sub-list for method output_type
-	0,  // [0:7] is the sub-list for method input_type
-	0,  // [0:0] is the sub-list for extension type_name
-	0,  // [0:0] is the sub-list for extension extendee
-	0,  // [0:0] is the sub-list for field type_name
+	11, // 0: auth.v1.GetSessionsResponse.sessions:type_name -> auth.v1.SessionItem
+	0,  // 1: auth.v1.AuthService.Login:input_type -> auth.v1.LoginRequest
+	2,  // 2: auth.v1.AuthService.Refresh:input_type -> auth.v1.RefreshRequest
+	6,  // 3: auth.v1.AuthService.VerifyToken:input_type -> auth.v1.VerifyTokenRequest
+	8,  // 4: auth.v1.AuthService.GetAccountRoleLevel:input_type -> auth.v1.GetAccountRoleLevelRequest
+	4,  // 5: auth.v1.AuthService.Logout:input_type -> auth.v1.LogoutRequest
+	4,  // 6: auth.v1.AuthService.LogoutOther:input_type -> auth.v1.LogoutRequest
+	10, // 7: auth.v1.AuthService.GetSessions:input_type -> auth.v1.GetSessionRequest
+	13, // 8: auth.v1.AuthService.TerminateSession:input_type -> auth.v1.TerminateSessionRequest
+	1,  // 9: auth.v1.AuthService.Login:output_type -> auth.v1.LoginResponse
+	3,  // 10: auth.v1.AuthService.Refresh:output_type -> auth.v1.RefreshResponse
+	7,  // 11: auth.v1.AuthService.VerifyToken:output_type -> auth.v1.VerifyTokenResponse
+	9,  // 12: auth.v1.AuthService.GetAccountRoleLevel:output_type -> auth.v1.GetAccountRoleLevelResponse
+	5,  // 13: auth.v1.AuthService.Logout:output_type -> auth.v1.LogoutResponse
+	5,  // 14: auth.v1.AuthService.LogoutOther:output_type -> auth.v1.LogoutResponse
+	12, // 15: auth.v1.AuthService.GetSessions:output_type -> auth.v1.GetSessionsResponse
+	14, // 16: auth.v1.AuthService.TerminateSession:output_type -> auth.v1.TerminateSessionResponse
+	9,  // [9:17] is the sub-list for method output_type
+	1,  // [1:9] is the sub-list for method input_type
+	1,  // [1:1] is the sub-list for extension type_name
+	1,  // [1:1] is the sub-list for extension extendee
+	0,  // [0:1] is the sub-list for field type_name
 }
 
 func init() { file_auth_proto_init() }
@@ -837,7 +1041,7 @@ func file_auth_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: unsafe.Slice(unsafe.StringData(file_auth_proto_rawDesc), len(file_auth_proto_rawDesc)),
 			NumEnums:      0,
-			NumMessages:   12,
+			NumMessages:   15,
 			NumExtensions: 0,
 			NumServices:   1,
 		},

gen/go/auth_grpc.pb.go

@@ -24,8 +24,9 @@ const (
 	AuthService_VerifyToken_FullMethodName         = "/auth.v1.AuthService/VerifyToken"
 	AuthService_GetAccountRoleLevel_FullMethodName = "/auth.v1.AuthService/GetAccountRoleLevel"
 	AuthService_Logout_FullMethodName              = "/auth.v1.AuthService/Logout"
-	AuthService_LogoutAll_FullMethodName           = "/auth.v1.AuthService/LogoutAll"
-	AuthService_UnlockPin_FullMethodName           = "/auth.v1.AuthService/UnlockPin"
+	AuthService_LogoutOther_FullMethodName         = "/auth.v1.AuthService/LogoutOther"
+	AuthService_GetSessions_FullMethodName         = "/auth.v1.AuthService/GetSessions"
+	AuthService_TerminateSession_FullMethodName    = "/auth.v1.AuthService/TerminateSession"
 )
 
 // AuthServiceClient is the client API for AuthService service.
@@ -37,8 +38,9 @@ type AuthServiceClient interface {
 	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
 	GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error)
 	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
-	LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
-	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error)
+	TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error)
 }
 
 type authServiceClient struct {
@@ -99,20 +101,30 @@ func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts
 	return out, nil
 }
 
-func (c *authServiceClient) LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+func (c *authServiceClient) LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LogoutResponse)
-	err := c.cc.Invoke(ctx, AuthService_LogoutAll_FullMethodName, in, out, cOpts...)
+	err := c.cc.Invoke(ctx, AuthService_LogoutOther_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *authServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+func (c *authServiceClient) GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
-	out := new(UnlockPinResponse)
-	err := c.cc.Invoke(ctx, AuthService_UnlockPin_FullMethodName, in, out, cOpts...)
+	out := new(GetSessionsResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetSessions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(TerminateSessionResponse)
+	err := c.cc.Invoke(ctx, AuthService_TerminateSession_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -128,8 +140,9 @@ type AuthServiceServer interface {
 	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
 	GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error)
 	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
-	LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error)
-	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error)
+	TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error)
 	mustEmbedUnimplementedAuthServiceServer()
 }
 
@@ -155,11 +168,14 @@ func (UnimplementedAuthServiceServer) GetAccountRoleLevel(context.Context, *GetA
 func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
 }
-func (UnimplementedAuthServiceServer) LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error) {
-	return nil, status.Error(codes.Unimplemented, "method LogoutAll not implemented")
+func (UnimplementedAuthServiceServer) LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method LogoutOther not implemented")
 }
-func (UnimplementedAuthServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
-	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+func (UnimplementedAuthServiceServer) GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetSessions not implemented")
+}
+func (UnimplementedAuthServiceServer) TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method TerminateSession not implemented")
 }
 func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
 func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
@@ -272,38 +288,56 @@ func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(
 	return interceptor(ctx, in, info, handler)
 }
 
-func _AuthService_LogoutAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _AuthService_LogoutOther_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LogoutRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServiceServer).LogoutAll(ctx, in)
+		return srv.(AuthServiceServer).LogoutOther(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: AuthService_LogoutAll_FullMethodName,
+		FullMethod: AuthService_LogoutOther_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServiceServer).LogoutAll(ctx, req.(*LogoutRequest))
+		return srv.(AuthServiceServer).LogoutOther(ctx, req.(*LogoutRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _AuthService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(UnlockPinRequest)
+func _AuthService_GetSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetSessionRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServiceServer).UnlockPin(ctx, in)
+		return srv.(AuthServiceServer).GetSessions(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: AuthService_UnlockPin_FullMethodName,
+		FullMethod: AuthService_GetSessions_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+		return srv.(AuthServiceServer).GetSessions(ctx, req.(*GetSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_TerminateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TerminateSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).TerminateSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_TerminateSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).TerminateSession(ctx, req.(*TerminateSessionRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -336,12 +370,16 @@ var AuthService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _AuthService_Logout_Handler,
 		},
 		{
-			MethodName: "LogoutAll",
-			Handler:    _AuthService_LogoutAll_Handler,
+			MethodName: "LogoutOther",
+			Handler:    _AuthService_LogoutOther_Handler,
 		},
 		{
-			MethodName: "UnlockPin",
-			Handler:    _AuthService_UnlockPin_Handler,
+			MethodName: "GetSessions",
+			Handler:    _AuthService_GetSessions_Handler,
+		},
+		{
+			MethodName: "TerminateSession",
+			Handler:    _AuthService_TerminateSession_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},

gen/go/chat/chat_grpc.pb.go

@@ -0,0 +1,547 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: chat/chat.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	ChatService_CreateChat_FullMethodName     = "/chat.v1.ChatService/CreateChat"
+	ChatService_GetUserChats_FullMethodName   = "/chat.v1.ChatService/GetUserChats"
+	ChatService_GetChatDetails_FullMethodName = "/chat.v1.ChatService/GetChatDetails"
+	ChatService_JoinChat_FullMethodName       = "/chat.v1.ChatService/JoinChat"
+	ChatService_LeaveChat_FullMethodName      = "/chat.v1.ChatService/LeaveChat"
+	ChatService_RemoveMember_FullMethodName   = "/chat.v1.ChatService/RemoveMember"
+	ChatService_MuteChat_FullMethodName       = "/chat.v1.ChatService/MuteChat"
+	ChatService_GetMessages_FullMethodName    = "/chat.v1.ChatService/GetMessages"
+	ChatService_SendMessage_FullMethodName    = "/chat.v1.ChatService/SendMessage"
+	ChatService_EditMessage_FullMethodName    = "/chat.v1.ChatService/EditMessage"
+	ChatService_DeleteMessage_FullMethodName  = "/chat.v1.ChatService/DeleteMessage"
+	ChatService_MarkAsRead_FullMethodName     = "/chat.v1.ChatService/MarkAsRead"
+)
+
+// ChatServiceClient is the client API for ChatService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type ChatServiceClient interface {
+	// Управление чатами (левая панель)
+	CreateChat(ctx context.Context, in *CreateChatRequest, opts ...grpc.CallOption) (*CreateChatResponse, error)
+	GetUserChats(ctx context.Context, in *GetUserChatsRequest, opts ...grpc.CallOption) (*GetUserChatsResponse, error)
+	GetChatDetails(ctx context.Context, in *GetChatDetailsRequest, opts ...grpc.CallOption) (*GetChatDetailsResponse, error)
+	// Управление участниками группы
+	JoinChat(ctx context.Context, in *JoinChatRequest, opts ...grpc.CallOption) (*JoinChatResponse, error)
+	LeaveChat(ctx context.Context, in *LeaveChatRequest, opts ...grpc.CallOption) (*LeaveChatResponse, error)
+	RemoveMember(ctx context.Context, in *RemoveMemberRequest, opts ...grpc.CallOption) (*RemoveMemberResponse, error)
+	MuteChat(ctx context.Context, in *MuteChatRequest, opts ...grpc.CallOption) (*MuteChatResponse, error)
+	// Управление сообщениями (правое окно)
+	GetMessages(ctx context.Context, in *GetMessagesRequest, opts ...grpc.CallOption) (*GetMessagesResponse, error)
+	SendMessage(ctx context.Context, in *SendMessageRequest, opts ...grpc.CallOption) (*MessageDto, error)
+	EditMessage(ctx context.Context, in *EditMessageRequest, opts ...grpc.CallOption) (*MessageDto, error)
+	DeleteMessage(ctx context.Context, in *DeleteMessageRequest, opts ...grpc.CallOption) (*DeleteMessageResponse, error)
+	// Статусы
+	MarkAsRead(ctx context.Context, in *MarkAsReadRequest, opts ...grpc.CallOption) (*MarkAsReadResponse, error)
+}
+
+type chatServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewChatServiceClient(cc grpc.ClientConnInterface) ChatServiceClient {
+	return &chatServiceClient{cc}
+}
+
+func (c *chatServiceClient) CreateChat(ctx context.Context, in *CreateChatRequest, opts ...grpc.CallOption) (*CreateChatResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateChatResponse)
+	err := c.cc.Invoke(ctx, ChatService_CreateChat_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) GetUserChats(ctx context.Context, in *GetUserChatsRequest, opts ...grpc.CallOption) (*GetUserChatsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetUserChatsResponse)
+	err := c.cc.Invoke(ctx, ChatService_GetUserChats_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) GetChatDetails(ctx context.Context, in *GetChatDetailsRequest, opts ...grpc.CallOption) (*GetChatDetailsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetChatDetailsResponse)
+	err := c.cc.Invoke(ctx, ChatService_GetChatDetails_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) JoinChat(ctx context.Context, in *JoinChatRequest, opts ...grpc.CallOption) (*JoinChatResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(JoinChatResponse)
+	err := c.cc.Invoke(ctx, ChatService_JoinChat_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) LeaveChat(ctx context.Context, in *LeaveChatRequest, opts ...grpc.CallOption) (*LeaveChatResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LeaveChatResponse)
+	err := c.cc.Invoke(ctx, ChatService_LeaveChat_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) RemoveMember(ctx context.Context, in *RemoveMemberRequest, opts ...grpc.CallOption) (*RemoveMemberResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RemoveMemberResponse)
+	err := c.cc.Invoke(ctx, ChatService_RemoveMember_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) MuteChat(ctx context.Context, in *MuteChatRequest, opts ...grpc.CallOption) (*MuteChatResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MuteChatResponse)
+	err := c.cc.Invoke(ctx, ChatService_MuteChat_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) GetMessages(ctx context.Context, in *GetMessagesRequest, opts ...grpc.CallOption) (*GetMessagesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetMessagesResponse)
+	err := c.cc.Invoke(ctx, ChatService_GetMessages_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) SendMessage(ctx context.Context, in *SendMessageRequest, opts ...grpc.CallOption) (*MessageDto, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MessageDto)
+	err := c.cc.Invoke(ctx, ChatService_SendMessage_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) EditMessage(ctx context.Context, in *EditMessageRequest, opts ...grpc.CallOption) (*MessageDto, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MessageDto)
+	err := c.cc.Invoke(ctx, ChatService_EditMessage_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) DeleteMessage(ctx context.Context, in *DeleteMessageRequest, opts ...grpc.CallOption) (*DeleteMessageResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteMessageResponse)
+	err := c.cc.Invoke(ctx, ChatService_DeleteMessage_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *chatServiceClient) MarkAsRead(ctx context.Context, in *MarkAsReadRequest, opts ...grpc.CallOption) (*MarkAsReadResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MarkAsReadResponse)
+	err := c.cc.Invoke(ctx, ChatService_MarkAsRead_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// ChatServiceServer is the server API for ChatService service.
+// All implementations must embed UnimplementedChatServiceServer
+// for forward compatibility.
+type ChatServiceServer interface {
+	// Управление чатами (левая панель)
+	CreateChat(context.Context, *CreateChatRequest) (*CreateChatResponse, error)
+	GetUserChats(context.Context, *GetUserChatsRequest) (*GetUserChatsResponse, error)
+	GetChatDetails(context.Context, *GetChatDetailsRequest) (*GetChatDetailsResponse, error)
+	// Управление участниками группы
+	JoinChat(context.Context, *JoinChatRequest) (*JoinChatResponse, error)
+	LeaveChat(context.Context, *LeaveChatRequest) (*LeaveChatResponse, error)
+	RemoveMember(context.Context, *RemoveMemberRequest) (*RemoveMemberResponse, error)
+	MuteChat(context.Context, *MuteChatRequest) (*MuteChatResponse, error)
+	// Управление сообщениями (правое окно)
+	GetMessages(context.Context, *GetMessagesRequest) (*GetMessagesResponse, error)
+	SendMessage(context.Context, *SendMessageRequest) (*MessageDto, error)
+	EditMessage(context.Context, *EditMessageRequest) (*MessageDto, error)
+	DeleteMessage(context.Context, *DeleteMessageRequest) (*DeleteMessageResponse, error)
+	// Статусы
+	MarkAsRead(context.Context, *MarkAsReadRequest) (*MarkAsReadResponse, error)
+	mustEmbedUnimplementedChatServiceServer()
+}
+
+// UnimplementedChatServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedChatServiceServer struct{}
+
+func (UnimplementedChatServiceServer) CreateChat(context.Context, *CreateChatRequest) (*CreateChatResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateChat not implemented")
+}
+func (UnimplementedChatServiceServer) GetUserChats(context.Context, *GetUserChatsRequest) (*GetUserChatsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUserChats not implemented")
+}
+func (UnimplementedChatServiceServer) GetChatDetails(context.Context, *GetChatDetailsRequest) (*GetChatDetailsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetChatDetails not implemented")
+}
+func (UnimplementedChatServiceServer) JoinChat(context.Context, *JoinChatRequest) (*JoinChatResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method JoinChat not implemented")
+}
+func (UnimplementedChatServiceServer) LeaveChat(context.Context, *LeaveChatRequest) (*LeaveChatResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method LeaveChat not implemented")
+}
+func (UnimplementedChatServiceServer) RemoveMember(context.Context, *RemoveMemberRequest) (*RemoveMemberResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemoveMember not implemented")
+}
+func (UnimplementedChatServiceServer) MuteChat(context.Context, *MuteChatRequest) (*MuteChatResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method MuteChat not implemented")
+}
+func (UnimplementedChatServiceServer) GetMessages(context.Context, *GetMessagesRequest) (*GetMessagesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetMessages not implemented")
+}
+func (UnimplementedChatServiceServer) SendMessage(context.Context, *SendMessageRequest) (*MessageDto, error) {
+	return nil, status.Error(codes.Unimplemented, "method SendMessage not implemented")
+}
+func (UnimplementedChatServiceServer) EditMessage(context.Context, *EditMessageRequest) (*MessageDto, error) {
+	return nil, status.Error(codes.Unimplemented, "method EditMessage not implemented")
+}
+func (UnimplementedChatServiceServer) DeleteMessage(context.Context, *DeleteMessageRequest) (*DeleteMessageResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteMessage not implemented")
+}
+func (UnimplementedChatServiceServer) MarkAsRead(context.Context, *MarkAsReadRequest) (*MarkAsReadResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method MarkAsRead not implemented")
+}
+func (UnimplementedChatServiceServer) mustEmbedUnimplementedChatServiceServer() {}
+func (UnimplementedChatServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeChatServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to ChatServiceServer will
+// result in compilation errors.
+type UnsafeChatServiceServer interface {
+	mustEmbedUnimplementedChatServiceServer()
+}
+
+func RegisterChatServiceServer(s grpc.ServiceRegistrar, srv ChatServiceServer) {
+	// If the following call panics, it indicates UnimplementedChatServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&ChatService_ServiceDesc, srv)
+}
+
+func _ChatService_CreateChat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateChatRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).CreateChat(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_CreateChat_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).CreateChat(ctx, req.(*CreateChatRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_GetUserChats_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetUserChatsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).GetUserChats(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_GetUserChats_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).GetUserChats(ctx, req.(*GetUserChatsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_GetChatDetails_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetChatDetailsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).GetChatDetails(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_GetChatDetails_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).GetChatDetails(ctx, req.(*GetChatDetailsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_JoinChat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(JoinChatRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).JoinChat(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_JoinChat_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).JoinChat(ctx, req.(*JoinChatRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_LeaveChat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LeaveChatRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).LeaveChat(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_LeaveChat_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).LeaveChat(ctx, req.(*LeaveChatRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_RemoveMember_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemoveMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).RemoveMember(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_RemoveMember_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).RemoveMember(ctx, req.(*RemoveMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_MuteChat_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MuteChatRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).MuteChat(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_MuteChat_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).MuteChat(ctx, req.(*MuteChatRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_GetMessages_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetMessagesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).GetMessages(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_GetMessages_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).GetMessages(ctx, req.(*GetMessagesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_SendMessage_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SendMessageRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).SendMessage(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_SendMessage_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).SendMessage(ctx, req.(*SendMessageRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_EditMessage_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EditMessageRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).EditMessage(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_EditMessage_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).EditMessage(ctx, req.(*EditMessageRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_DeleteMessage_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteMessageRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).DeleteMessage(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_DeleteMessage_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).DeleteMessage(ctx, req.(*DeleteMessageRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _ChatService_MarkAsRead_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MarkAsReadRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ChatServiceServer).MarkAsRead(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: ChatService_MarkAsRead_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ChatServiceServer).MarkAsRead(ctx, req.(*MarkAsReadRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// ChatService_ServiceDesc is the grpc.ServiceDesc for ChatService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var ChatService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "chat.v1.ChatService",
+	HandlerType: (*ChatServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateChat",
+			Handler:    _ChatService_CreateChat_Handler,
+		},
+		{
+			MethodName: "GetUserChats",
+			Handler:    _ChatService_GetUserChats_Handler,
+		},
+		{
+			MethodName: "GetChatDetails",
+			Handler:    _ChatService_GetChatDetails_Handler,
+		},
+		{
+			MethodName: "JoinChat",
+			Handler:    _ChatService_JoinChat_Handler,
+		},
+		{
+			MethodName: "LeaveChat",
+			Handler:    _ChatService_LeaveChat_Handler,
+		},
+		{
+			MethodName: "RemoveMember",
+			Handler:    _ChatService_RemoveMember_Handler,
+		},
+		{
+			MethodName: "MuteChat",
+			Handler:    _ChatService_MuteChat_Handler,
+		},
+		{
+			MethodName: "GetMessages",
+			Handler:    _ChatService_GetMessages_Handler,
+		},
+		{
+			MethodName: "SendMessage",
+			Handler:    _ChatService_SendMessage_Handler,
+		},
+		{
+			MethodName: "EditMessage",
+			Handler:    _ChatService_EditMessage_Handler,
+		},
+		{
+			MethodName: "DeleteMessage",
+			Handler:    _ChatService_DeleteMessage_Handler,
+		},
+		{
+			MethodName: "MarkAsRead",
+			Handler:    _ChatService_MarkAsRead_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "chat/chat.proto",
+}

gen/go/notifications/notifications.pb.go

@@ -0,0 +1,787 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: notifications/notifications.proto
+
+// Указываем пакет для логической изоляции
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Структура самого уведомления
+type Notification struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	UserId        string                 `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	Type          string                 `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`       // Например: "SYSTEM_ALERT", "NEW_MESSAGE", "TASK_ASSIGNED"
+	Title         string                 `protobuf:"bytes,4,opt,name=title,proto3" json:"title,omitempty"`     // Заголовок (опционально)
+	Text          string                 `protobuf:"bytes,5,opt,name=text,proto3" json:"text,omitempty"`       // Текст уведомления
+	Payload       *structpb.Struct       `protobuf:"bytes,6,opt,name=payload,proto3" json:"payload,omitempty"` // Любая динамическая JSON-нагрузка (например, { "task_id": 123 })
+	IsRead        bool                   `protobuf:"varint,7,opt,name=is_read,json=isRead,proto3" json:"is_read,omitempty"`
+	CreatedAt     *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Notification) Reset() {
+	*x = Notification{}
+	mi := &file_notifications_notifications_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Notification) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Notification) ProtoMessage() {}
+
+func (x *Notification) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Notification.ProtoReflect.Descriptor instead.
+func (*Notification) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Notification) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Notification) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *Notification) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *Notification) GetTitle() string {
+	if x != nil {
+		return x.Title
+	}
+	return ""
+}
+
+func (x *Notification) GetText() string {
+	if x != nil {
+		return x.Text
+	}
+	return ""
+}
+
+func (x *Notification) GetPayload() *structpb.Struct {
+	if x != nil {
+		return x.Payload
+	}
+	return nil
+}
+
+func (x *Notification) GetIsRead() bool {
+	if x != nil {
+		return x.IsRead
+	}
+	return false
+}
+
+func (x *Notification) GetCreatedAt() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return nil
+}
+
+type GetNotificationsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`                    // ID пользователя запрашивающего данные (Gateway берет это из JWT)
+	Limit         int32                  `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`                                   // Для пагинации (например, 20)
+	Offset        int32                  `protobuf:"varint,3,opt,name=offset,proto3" json:"offset,omitempty"`                                 // Для пагинации (например, 0)
+	UnreadOnly    *bool                  `protobuf:"varint,4,opt,name=unread_only,json=unreadOnly,proto3,oneof" json:"unread_only,omitempty"` // Фильтр: получить только непрочитанные
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetNotificationsRequest) Reset() {
+	*x = GetNotificationsRequest{}
+	mi := &file_notifications_notifications_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetNotificationsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetNotificationsRequest) ProtoMessage() {}
+
+func (x *GetNotificationsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetNotificationsRequest.ProtoReflect.Descriptor instead.
+func (*GetNotificationsRequest) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetNotificationsRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetNotificationsRequest) GetLimit() int32 {
+	if x != nil {
+		return x.Limit
+	}
+	return 0
+}
+
+func (x *GetNotificationsRequest) GetOffset() int32 {
+	if x != nil {
+		return x.Offset
+	}
+	return 0
+}
+
+func (x *GetNotificationsRequest) GetUnreadOnly() bool {
+	if x != nil && x.UnreadOnly != nil {
+		return *x.UnreadOnly
+	}
+	return false
+}
+
+type GetNotificationsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Notifications []*Notification        `protobuf:"bytes,1,rep,name=notifications,proto3" json:"notifications,omitempty"`              // Массив уведомлений
+	TotalCount    int32                  `protobuf:"varint,2,opt,name=total_count,json=totalCount,proto3" json:"total_count,omitempty"` // Общее количество (для UI пагинации)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetNotificationsResponse) Reset() {
+	*x = GetNotificationsResponse{}
+	mi := &file_notifications_notifications_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetNotificationsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetNotificationsResponse) ProtoMessage() {}
+
+func (x *GetNotificationsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetNotificationsResponse.ProtoReflect.Descriptor instead.
+func (*GetNotificationsResponse) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GetNotificationsResponse) GetNotifications() []*Notification {
+	if x != nil {
+		return x.Notifications
+	}
+	return nil
+}
+
+func (x *GetNotificationsResponse) GetTotalCount() int32 {
+	if x != nil {
+		return x.TotalCount
+	}
+	return 0
+}
+
+type GetUnreadCountRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetUnreadCountRequest) Reset() {
+	*x = GetUnreadCountRequest{}
+	mi := &file_notifications_notifications_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetUnreadCountRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetUnreadCountRequest) ProtoMessage() {}
+
+func (x *GetUnreadCountRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetUnreadCountRequest.ProtoReflect.Descriptor instead.
+func (*GetUnreadCountRequest) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetUnreadCountRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+type GetUnreadCountResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Count         int32                  `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetUnreadCountResponse) Reset() {
+	*x = GetUnreadCountResponse{}
+	mi := &file_notifications_notifications_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetUnreadCountResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetUnreadCountResponse) ProtoMessage() {}
+
+func (x *GetUnreadCountResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetUnreadCountResponse.ProtoReflect.Descriptor instead.
+func (*GetUnreadCountResponse) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetUnreadCountResponse) GetCount() int32 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
+type MarkAsReadRequest struct {
+	state          protoimpl.MessageState `protogen:"open.v1"`
+	UserId         string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	NotificationId string                 `protobuf:"bytes,2,opt,name=notification_id,json=notificationId,proto3" json:"notification_id,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
+}
+
+func (x *MarkAsReadRequest) Reset() {
+	*x = MarkAsReadRequest{}
+	mi := &file_notifications_notifications_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *MarkAsReadRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MarkAsReadRequest) ProtoMessage() {}
+
+func (x *MarkAsReadRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MarkAsReadRequest.ProtoReflect.Descriptor instead.
+func (*MarkAsReadRequest) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *MarkAsReadRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *MarkAsReadRequest) GetNotificationId() string {
+	if x != nil {
+		return x.NotificationId
+	}
+	return ""
+}
+
+type MarkAsReadResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *MarkAsReadResponse) Reset() {
+	*x = MarkAsReadResponse{}
+	mi := &file_notifications_notifications_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *MarkAsReadResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MarkAsReadResponse) ProtoMessage() {}
+
+func (x *MarkAsReadResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MarkAsReadResponse.ProtoReflect.Descriptor instead.
+func (*MarkAsReadResponse) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *MarkAsReadResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+type MarkAllAsReadRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *MarkAllAsReadRequest) Reset() {
+	*x = MarkAllAsReadRequest{}
+	mi := &file_notifications_notifications_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *MarkAllAsReadRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MarkAllAsReadRequest) ProtoMessage() {}
+
+func (x *MarkAllAsReadRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MarkAllAsReadRequest.ProtoReflect.Descriptor instead.
+func (*MarkAllAsReadRequest) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *MarkAllAsReadRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+type MarkAllAsReadResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	UpdatedCount  int32                  `protobuf:"varint,2,opt,name=updated_count,json=updatedCount,proto3" json:"updated_count,omitempty"` // Сколько уведомлений было обновлено
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *MarkAllAsReadResponse) Reset() {
+	*x = MarkAllAsReadResponse{}
+	mi := &file_notifications_notifications_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *MarkAllAsReadResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MarkAllAsReadResponse) ProtoMessage() {}
+
+func (x *MarkAllAsReadResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MarkAllAsReadResponse.ProtoReflect.Descriptor instead.
+func (*MarkAllAsReadResponse) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *MarkAllAsReadResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *MarkAllAsReadResponse) GetUpdatedCount() int32 {
+	if x != nil {
+		return x.UpdatedCount
+	}
+	return 0
+}
+
+type SendNotificationRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // Кому отправляем (если пусто — можно сделать бродкаст, но лучше отдельный метод)
+	Type          string                 `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
+	Title         string                 `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"`
+	Text          string                 `protobuf:"bytes,4,opt,name=text,proto3" json:"text,omitempty"`
+	Payload       *structpb.Struct       `protobuf:"bytes,5,opt,name=payload,proto3" json:"payload,omitempty"` // Метаданные для UI (ссылки, ID сущностей)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SendNotificationRequest) Reset() {
+	*x = SendNotificationRequest{}
+	mi := &file_notifications_notifications_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SendNotificationRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SendNotificationRequest) ProtoMessage() {}
+
+func (x *SendNotificationRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SendNotificationRequest.ProtoReflect.Descriptor instead.
+func (*SendNotificationRequest) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *SendNotificationRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *SendNotificationRequest) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *SendNotificationRequest) GetTitle() string {
+	if x != nil {
+		return x.Title
+	}
+	return ""
+}
+
+func (x *SendNotificationRequest) GetText() string {
+	if x != nil {
+		return x.Text
+	}
+	return ""
+}
+
+func (x *SendNotificationRequest) GetPayload() *structpb.Struct {
+	if x != nil {
+		return x.Payload
+	}
+	return nil
+}
+
+type SendNotificationResponse struct {
+	state          protoimpl.MessageState `protogen:"open.v1"`
+	Success        bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	NotificationId string                 `protobuf:"bytes,2,opt,name=notification_id,json=notificationId,proto3" json:"notification_id,omitempty"` // ID созданного уведомления в Postgres
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
+}
+
+func (x *SendNotificationResponse) Reset() {
+	*x = SendNotificationResponse{}
+	mi := &file_notifications_notifications_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SendNotificationResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SendNotificationResponse) ProtoMessage() {}
+
+func (x *SendNotificationResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_notifications_notifications_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SendNotificationResponse.ProtoReflect.Descriptor instead.
+func (*SendNotificationResponse) Descriptor() ([]byte, []int) {
+	return file_notifications_notifications_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *SendNotificationResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *SendNotificationResponse) GetNotificationId() string {
+	if x != nil {
+		return x.NotificationId
+	}
+	return ""
+}
+
+var File_notifications_notifications_proto protoreflect.FileDescriptor
+
+const file_notifications_notifications_proto_rawDesc = "" +
+	"\n" +
+	"!notifications/notifications.proto\x12\x10notifications.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1cgoogle/protobuf/struct.proto\"\xfc\x01\n" +
+	"\fNotification\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" +
+	"\auser_id\x18\x02 \x01(\tR\x06userId\x12\x12\n" +
+	"\x04type\x18\x03 \x01(\tR\x04type\x12\x14\n" +
+	"\x05title\x18\x04 \x01(\tR\x05title\x12\x12\n" +
+	"\x04text\x18\x05 \x01(\tR\x04text\x121\n" +
+	"\apayload\x18\x06 \x01(\v2\x17.google.protobuf.StructR\apayload\x12\x17\n" +
+	"\ais_read\x18\a \x01(\bR\x06isRead\x129\n" +
+	"\n" +
+	"created_at\x18\b \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\"\x96\x01\n" +
+	"\x17GetNotificationsRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x14\n" +
+	"\x05limit\x18\x02 \x01(\x05R\x05limit\x12\x16\n" +
+	"\x06offset\x18\x03 \x01(\x05R\x06offset\x12$\n" +
+	"\vunread_only\x18\x04 \x01(\bH\x00R\n" +
+	"unreadOnly\x88\x01\x01B\x0e\n" +
+	"\f_unread_only\"\x81\x01\n" +
+	"\x18GetNotificationsResponse\x12D\n" +
+	"\rnotifications\x18\x01 \x03(\v2\x1e.notifications.v1.NotificationR\rnotifications\x12\x1f\n" +
+	"\vtotal_count\x18\x02 \x01(\x05R\n" +
+	"totalCount\"0\n" +
+	"\x15GetUnreadCountRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\".\n" +
+	"\x16GetUnreadCountResponse\x12\x14\n" +
+	"\x05count\x18\x01 \x01(\x05R\x05count\"U\n" +
+	"\x11MarkAsReadRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12'\n" +
+	"\x0fnotification_id\x18\x02 \x01(\tR\x0enotificationId\".\n" +
+	"\x12MarkAsReadResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\"/\n" +
+	"\x14MarkAllAsReadRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\"V\n" +
+	"\x15MarkAllAsReadResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rupdated_count\x18\x02 \x01(\x05R\fupdatedCount\"\xa3\x01\n" +
+	"\x17SendNotificationRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x12\n" +
+	"\x04type\x18\x02 \x01(\tR\x04type\x12\x14\n" +
+	"\x05title\x18\x03 \x01(\tR\x05title\x12\x12\n" +
+	"\x04text\x18\x04 \x01(\tR\x04text\x121\n" +
+	"\apayload\x18\x05 \x01(\v2\x17.google.protobuf.StructR\apayload\"]\n" +
+	"\x18SendNotificationResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12'\n" +
+	"\x0fnotification_id\x18\x02 \x01(\tR\x0enotificationId2\x8f\x04\n" +
+	"\x13NotificationService\x12m\n" +
+	"\x14GetUserNotifications\x12).notifications.v1.GetNotificationsRequest\x1a*.notifications.v1.GetNotificationsResponse\x12c\n" +
+	"\x0eGetUnreadCount\x12'.notifications.v1.GetUnreadCountRequest\x1a(.notifications.v1.GetUnreadCountResponse\x12W\n" +
+	"\n" +
+	"MarkAsRead\x12#.notifications.v1.MarkAsReadRequest\x1a$.notifications.v1.MarkAsReadResponse\x12`\n" +
+	"\rMarkAllAsRead\x12&.notifications.v1.MarkAllAsReadRequest\x1a'.notifications.v1.MarkAllAsReadResponse\x12i\n" +
+	"\x10SendNotification\x12).notifications.v1.SendNotificationRequest\x1a*.notifications.v1.SendNotificationResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_notifications_notifications_proto_rawDescOnce sync.Once
+	file_notifications_notifications_proto_rawDescData []byte
+)
+
+func file_notifications_notifications_proto_rawDescGZIP() []byte {
+	file_notifications_notifications_proto_rawDescOnce.Do(func() {
+		file_notifications_notifications_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_notifications_notifications_proto_rawDesc), len(file_notifications_notifications_proto_rawDesc)))
+	})
+	return file_notifications_notifications_proto_rawDescData
+}
+
+var file_notifications_notifications_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_notifications_notifications_proto_goTypes = []any{
+	(*Notification)(nil),             // 0: notifications.v1.Notification
+	(*GetNotificationsRequest)(nil),  // 1: notifications.v1.GetNotificationsRequest
+	(*GetNotificationsResponse)(nil), // 2: notifications.v1.GetNotificationsResponse
+	(*GetUnreadCountRequest)(nil),    // 3: notifications.v1.GetUnreadCountRequest
+	(*GetUnreadCountResponse)(nil),   // 4: notifications.v1.GetUnreadCountResponse
+	(*MarkAsReadRequest)(nil),        // 5: notifications.v1.MarkAsReadRequest
+	(*MarkAsReadResponse)(nil),       // 6: notifications.v1.MarkAsReadResponse
+	(*MarkAllAsReadRequest)(nil),     // 7: notifications.v1.MarkAllAsReadRequest
+	(*MarkAllAsReadResponse)(nil),    // 8: notifications.v1.MarkAllAsReadResponse
+	(*SendNotificationRequest)(nil),  // 9: notifications.v1.SendNotificationRequest
+	(*SendNotificationResponse)(nil), // 10: notifications.v1.SendNotificationResponse
+	(*structpb.Struct)(nil),          // 11: google.protobuf.Struct
+	(*timestamppb.Timestamp)(nil),    // 12: google.protobuf.Timestamp
+}
+var file_notifications_notifications_proto_depIdxs = []int32{
+	11, // 0: notifications.v1.Notification.payload:type_name -> google.protobuf.Struct
+	12, // 1: notifications.v1.Notification.created_at:type_name -> google.protobuf.Timestamp
+	0,  // 2: notifications.v1.GetNotificationsResponse.notifications:type_name -> notifications.v1.Notification
+	11, // 3: notifications.v1.SendNotificationRequest.payload:type_name -> google.protobuf.Struct
+	1,  // 4: notifications.v1.NotificationService.GetUserNotifications:input_type -> notifications.v1.GetNotificationsRequest
+	3,  // 5: notifications.v1.NotificationService.GetUnreadCount:input_type -> notifications.v1.GetUnreadCountRequest
+	5,  // 6: notifications.v1.NotificationService.MarkAsRead:input_type -> notifications.v1.MarkAsReadRequest
+	7,  // 7: notifications.v1.NotificationService.MarkAllAsRead:input_type -> notifications.v1.MarkAllAsReadRequest
+	9,  // 8: notifications.v1.NotificationService.SendNotification:input_type -> notifications.v1.SendNotificationRequest
+	2,  // 9: notifications.v1.NotificationService.GetUserNotifications:output_type -> notifications.v1.GetNotificationsResponse
+	4,  // 10: notifications.v1.NotificationService.GetUnreadCount:output_type -> notifications.v1.GetUnreadCountResponse
+	6,  // 11: notifications.v1.NotificationService.MarkAsRead:output_type -> notifications.v1.MarkAsReadResponse
+	8,  // 12: notifications.v1.NotificationService.MarkAllAsRead:output_type -> notifications.v1.MarkAllAsReadResponse
+	10, // 13: notifications.v1.NotificationService.SendNotification:output_type -> notifications.v1.SendNotificationResponse
+	9,  // [9:14] is the sub-list for method output_type
+	4,  // [4:9] is the sub-list for method input_type
+	4,  // [4:4] is the sub-list for extension type_name
+	4,  // [4:4] is the sub-list for extension extendee
+	0,  // [0:4] is the sub-list for field type_name
+}
+
+func init() { file_notifications_notifications_proto_init() }
+func file_notifications_notifications_proto_init() {
+	if File_notifications_notifications_proto != nil {
+		return
+	}
+	file_notifications_notifications_proto_msgTypes[1].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_notifications_notifications_proto_rawDesc), len(file_notifications_notifications_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_notifications_notifications_proto_goTypes,
+		DependencyIndexes: file_notifications_notifications_proto_depIdxs,
+		MessageInfos:      file_notifications_notifications_proto_msgTypes,
+	}.Build()
+	File_notifications_notifications_proto = out.File
+	file_notifications_notifications_proto_goTypes = nil
+	file_notifications_notifications_proto_depIdxs = nil
+}

gen/go/notifications/notifications_grpc.pb.go

@@ -0,0 +1,293 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: notifications/notifications.proto
+
+// Указываем пакет для логической изоляции
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	NotificationService_GetUserNotifications_FullMethodName = "/notifications.v1.NotificationService/GetUserNotifications"
+	NotificationService_GetUnreadCount_FullMethodName       = "/notifications.v1.NotificationService/GetUnreadCount"
+	NotificationService_MarkAsRead_FullMethodName           = "/notifications.v1.NotificationService/MarkAsRead"
+	NotificationService_MarkAllAsRead_FullMethodName        = "/notifications.v1.NotificationService/MarkAllAsRead"
+	NotificationService_SendNotification_FullMethodName     = "/notifications.v1.NotificationService/SendNotification"
+)
+
+// NotificationServiceClient is the client API for NotificationService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// -----------------------------------------------------------------------------
+// Сервис Уведомлений
+// -----------------------------------------------------------------------------
+type NotificationServiceClient interface {
+	// Получить список уведомлений пользователя с пагинацией
+	GetUserNotifications(ctx context.Context, in *GetNotificationsRequest, opts ...grpc.CallOption) (*GetNotificationsResponse, error)
+	// Получить количество непрочитанных уведомлений (для бейджика на иконке)
+	GetUnreadCount(ctx context.Context, in *GetUnreadCountRequest, opts ...grpc.CallOption) (*GetUnreadCountResponse, error)
+	// Отметить конкретное уведомление как прочитанное
+	MarkAsRead(ctx context.Context, in *MarkAsReadRequest, opts ...grpc.CallOption) (*MarkAsReadResponse, error)
+	// Отметить все уведомления пользователя как прочитанные
+	MarkAllAsRead(ctx context.Context, in *MarkAllAsReadRequest, opts ...grpc.CallOption) (*MarkAllAsReadResponse, error)
+	// Отправить уведомление (CRM/ERP вызывает этот метод, а NestJS уже кидает в RabbitMQ)
+	SendNotification(ctx context.Context, in *SendNotificationRequest, opts ...grpc.CallOption) (*SendNotificationResponse, error)
+}
+
+type notificationServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewNotificationServiceClient(cc grpc.ClientConnInterface) NotificationServiceClient {
+	return &notificationServiceClient{cc}
+}
+
+func (c *notificationServiceClient) GetUserNotifications(ctx context.Context, in *GetNotificationsRequest, opts ...grpc.CallOption) (*GetNotificationsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetNotificationsResponse)
+	err := c.cc.Invoke(ctx, NotificationService_GetUserNotifications_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notificationServiceClient) GetUnreadCount(ctx context.Context, in *GetUnreadCountRequest, opts ...grpc.CallOption) (*GetUnreadCountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetUnreadCountResponse)
+	err := c.cc.Invoke(ctx, NotificationService_GetUnreadCount_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notificationServiceClient) MarkAsRead(ctx context.Context, in *MarkAsReadRequest, opts ...grpc.CallOption) (*MarkAsReadResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MarkAsReadResponse)
+	err := c.cc.Invoke(ctx, NotificationService_MarkAsRead_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notificationServiceClient) MarkAllAsRead(ctx context.Context, in *MarkAllAsReadRequest, opts ...grpc.CallOption) (*MarkAllAsReadResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MarkAllAsReadResponse)
+	err := c.cc.Invoke(ctx, NotificationService_MarkAllAsRead_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *notificationServiceClient) SendNotification(ctx context.Context, in *SendNotificationRequest, opts ...grpc.CallOption) (*SendNotificationResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SendNotificationResponse)
+	err := c.cc.Invoke(ctx, NotificationService_SendNotification_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// NotificationServiceServer is the server API for NotificationService service.
+// All implementations must embed UnimplementedNotificationServiceServer
+// for forward compatibility.
+//
+// -----------------------------------------------------------------------------
+// Сервис Уведомлений
+// -----------------------------------------------------------------------------
+type NotificationServiceServer interface {
+	// Получить список уведомлений пользователя с пагинацией
+	GetUserNotifications(context.Context, *GetNotificationsRequest) (*GetNotificationsResponse, error)
+	// Получить количество непрочитанных уведомлений (для бейджика на иконке)
+	GetUnreadCount(context.Context, *GetUnreadCountRequest) (*GetUnreadCountResponse, error)
+	// Отметить конкретное уведомление как прочитанное
+	MarkAsRead(context.Context, *MarkAsReadRequest) (*MarkAsReadResponse, error)
+	// Отметить все уведомления пользователя как прочитанные
+	MarkAllAsRead(context.Context, *MarkAllAsReadRequest) (*MarkAllAsReadResponse, error)
+	// Отправить уведомление (CRM/ERP вызывает этот метод, а NestJS уже кидает в RabbitMQ)
+	SendNotification(context.Context, *SendNotificationRequest) (*SendNotificationResponse, error)
+	mustEmbedUnimplementedNotificationServiceServer()
+}
+
+// UnimplementedNotificationServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedNotificationServiceServer struct{}
+
+func (UnimplementedNotificationServiceServer) GetUserNotifications(context.Context, *GetNotificationsRequest) (*GetNotificationsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUserNotifications not implemented")
+}
+func (UnimplementedNotificationServiceServer) GetUnreadCount(context.Context, *GetUnreadCountRequest) (*GetUnreadCountResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUnreadCount not implemented")
+}
+func (UnimplementedNotificationServiceServer) MarkAsRead(context.Context, *MarkAsReadRequest) (*MarkAsReadResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method MarkAsRead not implemented")
+}
+func (UnimplementedNotificationServiceServer) MarkAllAsRead(context.Context, *MarkAllAsReadRequest) (*MarkAllAsReadResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method MarkAllAsRead not implemented")
+}
+func (UnimplementedNotificationServiceServer) SendNotification(context.Context, *SendNotificationRequest) (*SendNotificationResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SendNotification not implemented")
+}
+func (UnimplementedNotificationServiceServer) mustEmbedUnimplementedNotificationServiceServer() {}
+func (UnimplementedNotificationServiceServer) testEmbeddedByValue()                             {}
+
+// UnsafeNotificationServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to NotificationServiceServer will
+// result in compilation errors.
+type UnsafeNotificationServiceServer interface {
+	mustEmbedUnimplementedNotificationServiceServer()
+}
+
+func RegisterNotificationServiceServer(s grpc.ServiceRegistrar, srv NotificationServiceServer) {
+	// If the following call panics, it indicates UnimplementedNotificationServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&NotificationService_ServiceDesc, srv)
+}
+
+func _NotificationService_GetUserNotifications_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetNotificationsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotificationServiceServer).GetUserNotifications(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: NotificationService_GetUserNotifications_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotificationServiceServer).GetUserNotifications(ctx, req.(*GetNotificationsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _NotificationService_GetUnreadCount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetUnreadCountRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotificationServiceServer).GetUnreadCount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: NotificationService_GetUnreadCount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotificationServiceServer).GetUnreadCount(ctx, req.(*GetUnreadCountRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _NotificationService_MarkAsRead_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MarkAsReadRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotificationServiceServer).MarkAsRead(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: NotificationService_MarkAsRead_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotificationServiceServer).MarkAsRead(ctx, req.(*MarkAsReadRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _NotificationService_MarkAllAsRead_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MarkAllAsReadRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotificationServiceServer).MarkAllAsRead(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: NotificationService_MarkAllAsRead_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotificationServiceServer).MarkAllAsRead(ctx, req.(*MarkAllAsReadRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _NotificationService_SendNotification_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SendNotificationRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(NotificationServiceServer).SendNotification(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: NotificationService_SendNotification_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(NotificationServiceServer).SendNotification(ctx, req.(*SendNotificationRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// NotificationService_ServiceDesc is the grpc.ServiceDesc for NotificationService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var NotificationService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "notifications.v1.NotificationService",
+	HandlerType: (*NotificationServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetUserNotifications",
+			Handler:    _NotificationService_GetUserNotifications_Handler,
+		},
+		{
+			MethodName: "GetUnreadCount",
+			Handler:    _NotificationService_GetUnreadCount_Handler,
+		},
+		{
+			MethodName: "MarkAsRead",
+			Handler:    _NotificationService_MarkAsRead_Handler,
+		},
+		{
+			MethodName: "MarkAllAsRead",
+			Handler:    _NotificationService_MarkAllAsRead_Handler,
+		},
+		{
+			MethodName: "SendNotification",
+			Handler:    _NotificationService_SendNotification_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "notifications/notifications.proto",
+}

gen/go/rbac.pb.go

@@ -0,0 +1,976 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: rbac.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAllPermissionsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsRequest) Reset() {
+	*x = GetAllPermissionsRequest{}
+	mi := &file_rbac_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsRequest) ProtoMessage() {}
+
+func (x *GetAllPermissionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsRequest.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAllPermissionsRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllPermissionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Permissions   []*Permission          `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsResponse) Reset() {
+	*x = GetAllPermissionsResponse{}
+	mi := &file_rbac_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsResponse) ProtoMessage() {}
+
+func (x *GetAllPermissionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsResponse.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsResponse) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetAllPermissionsResponse) GetPermissions() []*Permission {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+type Permission struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Code          string                 `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,4,opt,name=module,proto3" json:"module,omitempty"`
+	Roles         []string               `protobuf:"bytes,5,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Permission) Reset() {
+	*x = Permission{}
+	mi := &file_rbac_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Permission) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Permission) ProtoMessage() {}
+
+func (x *Permission) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Permission.ProtoReflect.Descriptor instead.
+func (*Permission) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Permission) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Permission) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *Permission) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Permission) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+func (x *Permission) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type GetAllRolesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesRequest) Reset() {
+	*x = GetAllRolesRequest{}
+	mi := &file_rbac_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesRequest) ProtoMessage() {}
+
+func (x *GetAllRolesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesRequest.ProtoReflect.Descriptor instead.
+func (*GetAllRolesRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetAllRolesRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllRolesRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllRolesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Roles         []*Roles               `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesResponse) Reset() {
+	*x = GetAllRolesResponse{}
+	mi := &file_rbac_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesResponse) ProtoMessage() {}
+
+func (x *GetAllRolesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesResponse.ProtoReflect.Descriptor instead.
+func (*GetAllRolesResponse) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetAllRolesResponse) GetRoles() []*Roles {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type CreateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Name            string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Level           int32                  `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,3,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *CreateRoleRequest) Reset() {
+	*x = CreateRoleRequest{}
+	mi := &file_rbac_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateRoleRequest) ProtoMessage() {}
+
+func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.
+func (*CreateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *CreateRoleRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *CreateRoleRequest) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *CreateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type UpdateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Id              string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name            *string                `protobuf:"bytes,2,opt,name=name,proto3,oneof" json:"name,omitempty"`
+	Level           *int32                 `protobuf:"varint,3,opt,name=level,proto3,oneof" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,4,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *UpdateRoleRequest) Reset() {
+	*x = UpdateRoleRequest{}
+	mi := &file_rbac_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateRoleRequest) ProtoMessage() {}
+
+func (x *UpdateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.
+func (*UpdateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UpdateRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetLevel() int32 {
+	if x != nil && x.Level != nil {
+		return *x.Level
+	}
+	return 0
+}
+
+func (x *UpdateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type ModifyRoleResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyRoleResponse) Reset() {
+	*x = ModifyRoleResponse{}
+	mi := &file_rbac_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyRoleResponse) ProtoMessage() {}
+
+func (x *ModifyRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyRoleResponse.ProtoReflect.Descriptor instead.
+func (*ModifyRoleResponse) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ModifyRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type DeleteRoleRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeleteRoleRequest) Reset() {
+	*x = DeleteRoleRequest{}
+	mi := &file_rbac_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleRequest) ProtoMessage() {}
+
+func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.
+func (*DeleteRoleRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DeleteRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type DeleteRoleResponse struct {
+	state            protoimpl.MessageState `protogen:"open.v1"`
+	Success          bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message          string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	FallbackRoleName *string                `protobuf:"bytes,3,opt,name=fallback_role_name,json=fallbackRoleName,proto3,oneof" json:"fallback_role_name,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *DeleteRoleResponse) Reset() {
+	*x = DeleteRoleResponse{}
+	mi := &file_rbac_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleResponse) ProtoMessage() {}
+
+func (x *DeleteRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleResponse.ProtoReflect.Descriptor instead.
+func (*DeleteRoleResponse) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DeleteRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *DeleteRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+func (x *DeleteRoleResponse) GetFallbackRoleName() string {
+	if x != nil && x.FallbackRoleName != nil {
+		return *x.FallbackRoleName
+	}
+	return ""
+}
+
+type CreatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Code          string                 `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,3,opt,name=module,proto3" json:"module,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreatePermissionRequest) Reset() {
+	*x = CreatePermissionRequest{}
+	mi := &file_rbac_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreatePermissionRequest) ProtoMessage() {}
+
+func (x *CreatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*CreatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *CreatePermissionRequest) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+type UpdatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	RoleIds       []string               `protobuf:"bytes,2,rep,name=role_ids,json=roleIds,proto3" json:"role_ids,omitempty"` // Привязка к конкретным ролям
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdatePermissionRequest) Reset() {
+	*x = UpdatePermissionRequest{}
+	mi := &file_rbac_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdatePermissionRequest) ProtoMessage() {}
+
+func (x *UpdatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*UpdatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *UpdatePermissionRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdatePermissionRequest) GetRoleIds() []string {
+	if x != nil {
+		return x.RoleIds
+	}
+	return nil
+}
+
+type ModifyPermissionResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyPermissionResponse) Reset() {
+	*x = ModifyPermissionResponse{}
+	mi := &file_rbac_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyPermissionResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyPermissionResponse) ProtoMessage() {}
+
+func (x *ModifyPermissionResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyPermissionResponse.ProtoReflect.Descriptor instead.
+func (*ModifyPermissionResponse) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *ModifyPermissionResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyPermissionResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type Roles struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Level         int32                  `protobuf:"varint,3,opt,name=level,proto3" json:"level,omitempty"`
+	Permissions   []string               `protobuf:"bytes,4,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	LdapMapping   []string               `protobuf:"bytes,5,rep,name=ldap_mapping,json=ldapMapping,proto3" json:"ldap_mapping,omitempty"`
+	Accounts      []string               `protobuf:"bytes,6,rep,name=accounts,proto3" json:"accounts,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Roles) Reset() {
+	*x = Roles{}
+	mi := &file_rbac_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Roles) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Roles) ProtoMessage() {}
+
+func (x *Roles) ProtoReflect() protoreflect.Message {
+	mi := &file_rbac_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Roles.ProtoReflect.Descriptor instead.
+func (*Roles) Descriptor() ([]byte, []int) {
+	return file_rbac_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *Roles) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Roles) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Roles) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *Roles) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *Roles) GetLdapMapping() []string {
+	if x != nil {
+		return x.LdapMapping
+	}
+	return nil
+}
+
+func (x *Roles) GetAccounts() []string {
+	if x != nil {
+		return x.Accounts
+	}
+	return nil
+}
+
+var File_rbac_proto protoreflect.FileDescriptor
+
+const file_rbac_proto_rawDesc = "" +
+	"\n" +
+	"\n" +
+	"rbac.proto\x12\arbac.v1\"R\n" +
+	"\x18GetAllPermissionsRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"R\n" +
+	"\x19GetAllPermissionsResponse\x125\n" +
+	"\vpermissions\x18\x01 \x03(\v2\x13.rbac.v1.PermissionR\vpermissions\"\x80\x01\n" +
+	"\n" +
+	"Permission\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04code\x18\x02 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x04 \x01(\tR\x06module\x12\x14\n" +
+	"\x05roles\x18\x05 \x03(\tR\x05roles\"L\n" +
+	"\x12GetAllRolesRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\";\n" +
+	"\x13GetAllRolesResponse\x12$\n" +
+	"\x05roles\x18\x01 \x03(\v2\x0e.rbac.v1.RolesR\x05roles\"h\n" +
+	"\x11CreateRoleRequest\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x02 \x01(\x05R\x05level\x12)\n" +
+	"\x10permission_codes\x18\x03 \x03(\tR\x0fpermissionCodes\"\x95\x01\n" +
+	"\x11UpdateRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" +
+	"\x04name\x18\x02 \x01(\tH\x00R\x04name\x88\x01\x01\x12\x19\n" +
+	"\x05level\x18\x03 \x01(\x05H\x01R\x05level\x88\x01\x01\x12)\n" +
+	"\x10permission_codes\x18\x04 \x03(\tR\x0fpermissionCodesB\a\n" +
+	"\x05_nameB\b\n" +
+	"\x06_level\"H\n" +
+	"\x12ModifyRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"#\n" +
+	"\x11DeleteRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x92\x01\n" +
+	"\x12DeleteRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\x121\n" +
+	"\x12fallback_role_name\x18\x03 \x01(\tH\x00R\x10fallbackRoleName\x88\x01\x01B\x15\n" +
+	"\x13_fallback_role_name\"g\n" +
+	"\x17CreatePermissionRequest\x12\x12\n" +
+	"\x04code\x18\x01 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x03 \x01(\tR\x06module\"D\n" +
+	"\x17UpdatePermissionRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x19\n" +
+	"\brole_ids\x18\x02 \x03(\tR\aroleIds\"N\n" +
+	"\x18ModifyPermissionResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"\xa2\x01\n" +
+	"\x05Roles\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x03 \x01(\x05R\x05level\x12 \n" +
+	"\vpermissions\x18\x04 \x03(\tR\vpermissions\x12!\n" +
+	"\fldap_mapping\x18\x05 \x03(\tR\vldapMapping\x12\x1a\n" +
+	"\baccounts\x18\x06 \x03(\tR\baccounts2\xba\x04\n" +
+	"\vRbacService\x12E\n" +
+	"\n" +
+	"CreateRole\x12\x1a.rbac.v1.CreateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"UpdateRole\x12\x1a.rbac.v1.UpdateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"DeleteRole\x12\x1a.rbac.v1.DeleteRoleRequest\x1a\x1b.rbac.v1.DeleteRoleResponse\x12W\n" +
+	"\x10CreatePermission\x12 .rbac.v1.CreatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12W\n" +
+	"\x10UpdatePermission\x12 .rbac.v1.UpdatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12Z\n" +
+	"\x11GetAllPermissions\x12!.rbac.v1.GetAllPermissionsRequest\x1a\".rbac.v1.GetAllPermissionsResponse\x12H\n" +
+	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_rbac_proto_rawDescOnce sync.Once
+	file_rbac_proto_rawDescData []byte
+)
+
+func file_rbac_proto_rawDescGZIP() []byte {
+	file_rbac_proto_rawDescOnce.Do(func() {
+		file_rbac_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rbac_proto_rawDesc), len(file_rbac_proto_rawDesc)))
+	})
+	return file_rbac_proto_rawDescData
+}
+
+var file_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_rbac_proto_goTypes = []any{
+	(*GetAllPermissionsRequest)(nil),  // 0: rbac.v1.GetAllPermissionsRequest
+	(*GetAllPermissionsResponse)(nil), // 1: rbac.v1.GetAllPermissionsResponse
+	(*Permission)(nil),                // 2: rbac.v1.Permission
+	(*GetAllRolesRequest)(nil),        // 3: rbac.v1.GetAllRolesRequest
+	(*GetAllRolesResponse)(nil),       // 4: rbac.v1.GetAllRolesResponse
+	(*CreateRoleRequest)(nil),         // 5: rbac.v1.CreateRoleRequest
+	(*UpdateRoleRequest)(nil),         // 6: rbac.v1.UpdateRoleRequest
+	(*ModifyRoleResponse)(nil),        // 7: rbac.v1.ModifyRoleResponse
+	(*DeleteRoleRequest)(nil),         // 8: rbac.v1.DeleteRoleRequest
+	(*DeleteRoleResponse)(nil),        // 9: rbac.v1.DeleteRoleResponse
+	(*CreatePermissionRequest)(nil),   // 10: rbac.v1.CreatePermissionRequest
+	(*UpdatePermissionRequest)(nil),   // 11: rbac.v1.UpdatePermissionRequest
+	(*ModifyPermissionResponse)(nil),  // 12: rbac.v1.ModifyPermissionResponse
+	(*Roles)(nil),                     // 13: rbac.v1.Roles
+}
+var file_rbac_proto_depIdxs = []int32{
+	2,  // 0: rbac.v1.GetAllPermissionsResponse.permissions:type_name -> rbac.v1.Permission
+	13, // 1: rbac.v1.GetAllRolesResponse.roles:type_name -> rbac.v1.Roles
+	5,  // 2: rbac.v1.RbacService.CreateRole:input_type -> rbac.v1.CreateRoleRequest
+	6,  // 3: rbac.v1.RbacService.UpdateRole:input_type -> rbac.v1.UpdateRoleRequest
+	8,  // 4: rbac.v1.RbacService.DeleteRole:input_type -> rbac.v1.DeleteRoleRequest
+	10, // 5: rbac.v1.RbacService.CreatePermission:input_type -> rbac.v1.CreatePermissionRequest
+	11, // 6: rbac.v1.RbacService.UpdatePermission:input_type -> rbac.v1.UpdatePermissionRequest
+	0,  // 7: rbac.v1.RbacService.GetAllPermissions:input_type -> rbac.v1.GetAllPermissionsRequest
+	3,  // 8: rbac.v1.RbacService.GetAllRoles:input_type -> rbac.v1.GetAllRolesRequest
+	7,  // 9: rbac.v1.RbacService.CreateRole:output_type -> rbac.v1.ModifyRoleResponse
+	7,  // 10: rbac.v1.RbacService.UpdateRole:output_type -> rbac.v1.ModifyRoleResponse
+	9,  // 11: rbac.v1.RbacService.DeleteRole:output_type -> rbac.v1.DeleteRoleResponse
+	12, // 12: rbac.v1.RbacService.CreatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	12, // 13: rbac.v1.RbacService.UpdatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	1,  // 14: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
+	4,  // 15: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
+	9,  // [9:16] is the sub-list for method output_type
+	2,  // [2:9] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_rbac_proto_init() }
+func file_rbac_proto_init() {
+	if File_rbac_proto != nil {
+		return
+	}
+	file_rbac_proto_msgTypes[6].OneofWrappers = []any{}
+	file_rbac_proto_msgTypes[9].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_rbac_proto_rawDesc), len(file_rbac_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_rbac_proto_goTypes,
+		DependencyIndexes: file_rbac_proto_depIdxs,
+		MessageInfos:      file_rbac_proto_msgTypes,
+	}.Build()
+	File_rbac_proto = out.File
+	file_rbac_proto_goTypes = nil
+	file_rbac_proto_depIdxs = nil
+}

gen/go/rbac_grpc.pb.go

@@ -0,0 +1,349 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: rbac.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	RbacService_CreateRole_FullMethodName        = "/rbac.v1.RbacService/CreateRole"
+	RbacService_UpdateRole_FullMethodName        = "/rbac.v1.RbacService/UpdateRole"
+	RbacService_DeleteRole_FullMethodName        = "/rbac.v1.RbacService/DeleteRole"
+	RbacService_CreatePermission_FullMethodName  = "/rbac.v1.RbacService/CreatePermission"
+	RbacService_UpdatePermission_FullMethodName  = "/rbac.v1.RbacService/UpdatePermission"
+	RbacService_GetAllPermissions_FullMethodName = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName       = "/rbac.v1.RbacService/GetAllRoles"
+)
+
+// RbacServiceClient is the client API for RbacService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type RbacServiceClient interface {
+	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error)
+	CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+}
+
+type rbacServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewRbacServiceClient(cc grpc.ClientConnInterface) RbacServiceClient {
+	return &rbacServiceClient{cc}
+}
+
+func (c *rbacServiceClient) CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_DeleteRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RbacServiceServer is the server API for RbacService service.
+// All implementations must embed UnimplementedRbacServiceServer
+// for forward compatibility.
+type RbacServiceServer interface {
+	CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error)
+	UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error)
+	DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error)
+	CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error)
+	UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error)
+	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+// UnimplementedRbacServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedRbacServiceServer struct{}
+
+func (UnimplementedRbacServiceServer) CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteRole not implemented")
+}
+func (UnimplementedRbacServiceServer) CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
+func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeRbacServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to RbacServiceServer will
+// result in compilation errors.
+type UnsafeRbacServiceServer interface {
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+func RegisterRbacServiceServer(s grpc.ServiceRegistrar, srv RbacServiceServer) {
+	// If the following call panics, it indicates UnimplementedRbacServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&RbacService_ServiceDesc, srv)
+}
+
+func _RbacService_CreateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreateRole(ctx, req.(*CreateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdateRole(ctx, req.(*UpdateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).DeleteRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_DeleteRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_CreatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreatePermission(ctx, req.(*CreatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, req.(*UpdatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, req.(*GetAllRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var RbacService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "rbac.v1.RbacService",
+	HandlerType: (*RbacServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateRole",
+			Handler:    _RbacService_CreateRole_Handler,
+		},
+		{
+			MethodName: "UpdateRole",
+			Handler:    _RbacService_UpdateRole_Handler,
+		},
+		{
+			MethodName: "DeleteRole",
+			Handler:    _RbacService_DeleteRole_Handler,
+		},
+		{
+			MethodName: "CreatePermission",
+			Handler:    _RbacService_CreatePermission_Handler,
+		},
+		{
+			MethodName: "UpdatePermission",
+			Handler:    _RbacService_UpdatePermission_Handler,
+		},
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _RbacService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _RbacService_GetAllRoles_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "rbac.proto",
+}

gen/go/rbax.pb.go

@@ -0,0 +1,372 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: rbax.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAllPermissionsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsRequest) Reset() {
+	*x = GetAllPermissionsRequest{}
+	mi := &file_rbax_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsRequest) ProtoMessage() {}
+
+func (x *GetAllPermissionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbax_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsRequest.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsRequest) Descriptor() ([]byte, []int) {
+	return file_rbax_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAllPermissionsRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllPermissionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Code          string                 `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,4,opt,name=module,proto3" json:"module,omitempty"`
+	Roles         []string               `protobuf:"bytes,5,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsResponse) Reset() {
+	*x = GetAllPermissionsResponse{}
+	mi := &file_rbax_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsResponse) ProtoMessage() {}
+
+func (x *GetAllPermissionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbax_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsResponse.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsResponse) Descriptor() ([]byte, []int) {
+	return file_rbax_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetAllPermissionsResponse) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsResponse) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsResponse) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsResponse) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsResponse) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type GetAllRolesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesRequest) Reset() {
+	*x = GetAllRolesRequest{}
+	mi := &file_rbax_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesRequest) ProtoMessage() {}
+
+func (x *GetAllRolesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_rbax_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesRequest.ProtoReflect.Descriptor instead.
+func (*GetAllRolesRequest) Descriptor() ([]byte, []int) {
+	return file_rbax_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *GetAllRolesRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllRolesRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllRolesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Level         int32                  `protobuf:"varint,3,opt,name=level,proto3" json:"level,omitempty"`
+	Permissions   []string               `protobuf:"bytes,4,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	LdapMapping   []string               `protobuf:"bytes,5,rep,name=ldap_mapping,json=ldapMapping,proto3" json:"ldap_mapping,omitempty"`
+	Accounts      []string               `protobuf:"bytes,6,rep,name=accounts,proto3" json:"accounts,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesResponse) Reset() {
+	*x = GetAllRolesResponse{}
+	mi := &file_rbax_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesResponse) ProtoMessage() {}
+
+func (x *GetAllRolesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_rbax_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesResponse.ProtoReflect.Descriptor instead.
+func (*GetAllRolesResponse) Descriptor() ([]byte, []int) {
+	return file_rbax_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetAllRolesResponse) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *GetAllRolesResponse) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *GetAllRolesResponse) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *GetAllRolesResponse) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *GetAllRolesResponse) GetLdapMapping() []string {
+	if x != nil {
+		return x.LdapMapping
+	}
+	return nil
+}
+
+func (x *GetAllRolesResponse) GetAccounts() []string {
+	if x != nil {
+		return x.Accounts
+	}
+	return nil
+}
+
+var File_rbax_proto protoreflect.FileDescriptor
+
+const file_rbax_proto_rawDesc = "" +
+	"\n" +
+	"\n" +
+	"rbax.proto\x12\arbac.v1\"R\n" +
+	"\x18GetAllPermissionsRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"\x8f\x01\n" +
+	"\x19GetAllPermissionsResponse\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04code\x18\x02 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x04 \x01(\tR\x06module\x12\x14\n" +
+	"\x05roles\x18\x05 \x03(\tR\x05roles\"L\n" +
+	"\x12GetAllRolesRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"\xb0\x01\n" +
+	"\x13GetAllRolesResponse\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x03 \x01(\x05R\x05level\x12 \n" +
+	"\vpermissions\x18\x04 \x03(\tR\vpermissions\x12!\n" +
+	"\fldap_mapping\x18\x05 \x03(\tR\vldapMapping\x12\x1a\n" +
+	"\baccounts\x18\x06 \x03(\tR\baccounts2\xb3\x01\n" +
+	"\vRbacService\x12Z\n" +
+	"\x11GetAllPermissions\x12!.rbac.v1.GetAllPermissionsRequest\x1a\".rbac.v1.GetAllPermissionsResponse\x12H\n" +
+	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_rbax_proto_rawDescOnce sync.Once
+	file_rbax_proto_rawDescData []byte
+)
+
+func file_rbax_proto_rawDescGZIP() []byte {
+	file_rbax_proto_rawDescOnce.Do(func() {
+		file_rbax_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_rbax_proto_rawDesc), len(file_rbax_proto_rawDesc)))
+	})
+	return file_rbax_proto_rawDescData
+}
+
+var file_rbax_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
+var file_rbax_proto_goTypes = []any{
+	(*GetAllPermissionsRequest)(nil),  // 0: rbac.v1.GetAllPermissionsRequest
+	(*GetAllPermissionsResponse)(nil), // 1: rbac.v1.GetAllPermissionsResponse
+	(*GetAllRolesRequest)(nil),        // 2: rbac.v1.GetAllRolesRequest
+	(*GetAllRolesResponse)(nil),       // 3: rbac.v1.GetAllRolesResponse
+}
+var file_rbax_proto_depIdxs = []int32{
+	0, // 0: rbac.v1.RbacService.GetAllPermissions:input_type -> rbac.v1.GetAllPermissionsRequest
+	2, // 1: rbac.v1.RbacService.GetAllRoles:input_type -> rbac.v1.GetAllRolesRequest
+	1, // 2: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
+	3, // 3: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
+	2, // [2:4] is the sub-list for method output_type
+	0, // [0:2] is the sub-list for method input_type
+	0, // [0:0] is the sub-list for extension type_name
+	0, // [0:0] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_rbax_proto_init() }
+func file_rbax_proto_init() {
+	if File_rbax_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_rbax_proto_rawDesc), len(file_rbax_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   4,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_rbax_proto_goTypes,
+		DependencyIndexes: file_rbax_proto_depIdxs,
+		MessageInfos:      file_rbax_proto_msgTypes,
+	}.Build()
+	File_rbax_proto = out.File
+	file_rbax_proto_goTypes = nil
+	file_rbax_proto_depIdxs = nil
+}

gen/go/rbax_grpc.pb.go

@@ -0,0 +1,159 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: rbax.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	RbacService_GetAllPermissions_FullMethodName = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName       = "/rbac.v1.RbacService/GetAllRoles"
+)
+
+// RbacServiceClient is the client API for RbacService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type RbacServiceClient interface {
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+}
+
+type rbacServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewRbacServiceClient(cc grpc.ClientConnInterface) RbacServiceClient {
+	return &rbacServiceClient{cc}
+}
+
+func (c *rbacServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RbacServiceServer is the server API for RbacService service.
+// All implementations must embed UnimplementedRbacServiceServer
+// for forward compatibility.
+type RbacServiceServer interface {
+	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+// UnimplementedRbacServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedRbacServiceServer struct{}
+
+func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
+func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeRbacServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to RbacServiceServer will
+// result in compilation errors.
+type UnsafeRbacServiceServer interface {
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+func RegisterRbacServiceServer(s grpc.ServiceRegistrar, srv RbacServiceServer) {
+	// If the following call panics, it indicates UnimplementedRbacServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&RbacService_ServiceDesc, srv)
+}
+
+func _RbacService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, req.(*GetAllRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var RbacService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "rbac.v1.RbacService",
+	HandlerType: (*RbacServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _RbacService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _RbacService_GetAllRoles_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "rbax.proto",
+}

gen/go/search/search.pb.go

@@ -0,0 +1,297 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: search/search.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type SearchUsersRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Query         string                 `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"`
+	UserId        string                 `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,3,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	Status        *string                `protobuf:"bytes,4,opt,name=status,proto3,oneof" json:"status,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SearchUsersRequest) Reset() {
+	*x = SearchUsersRequest{}
+	mi := &file_search_search_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SearchUsersRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SearchUsersRequest) ProtoMessage() {}
+
+func (x *SearchUsersRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_search_search_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SearchUsersRequest.ProtoReflect.Descriptor instead.
+func (*SearchUsersRequest) Descriptor() ([]byte, []int) {
+	return file_search_search_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *SearchUsersRequest) GetQuery() string {
+	if x != nil {
+		return x.Query
+	}
+	return ""
+}
+
+func (x *SearchUsersRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *SearchUsersRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+func (x *SearchUsersRequest) GetStatus() string {
+	if x != nil && x.Status != nil {
+		return *x.Status
+	}
+	return ""
+}
+
+type SearchUserItem struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
+	FullName      string                 `protobuf:"bytes,3,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	AvatarUrl     string                 `protobuf:"bytes,4,opt,name=avatar_url,json=avatarUrl,proto3" json:"avatar_url,omitempty"`
+	Status        string                 `protobuf:"bytes,5,opt,name=status,proto3" json:"status,omitempty"`
+	IsPublic      bool                   `protobuf:"varint,6,opt,name=is_public,json=isPublic,proto3" json:"is_public,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SearchUserItem) Reset() {
+	*x = SearchUserItem{}
+	mi := &file_search_search_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SearchUserItem) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SearchUserItem) ProtoMessage() {}
+
+func (x *SearchUserItem) ProtoReflect() protoreflect.Message {
+	mi := &file_search_search_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SearchUserItem.ProtoReflect.Descriptor instead.
+func (*SearchUserItem) Descriptor() ([]byte, []int) {
+	return file_search_search_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *SearchUserItem) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *SearchUserItem) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *SearchUserItem) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *SearchUserItem) GetAvatarUrl() string {
+	if x != nil {
+		return x.AvatarUrl
+	}
+	return ""
+}
+
+func (x *SearchUserItem) GetStatus() string {
+	if x != nil {
+		return x.Status
+	}
+	return ""
+}
+
+func (x *SearchUserItem) GetIsPublic() bool {
+	if x != nil {
+		return x.IsPublic
+	}
+	return false
+}
+
+type SearchUsersResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Users         []*SearchUserItem      `protobuf:"bytes,1,rep,name=users,proto3" json:"users,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SearchUsersResponse) Reset() {
+	*x = SearchUsersResponse{}
+	mi := &file_search_search_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SearchUsersResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SearchUsersResponse) ProtoMessage() {}
+
+func (x *SearchUsersResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_search_search_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SearchUsersResponse.ProtoReflect.Descriptor instead.
+func (*SearchUsersResponse) Descriptor() ([]byte, []int) {
+	return file_search_search_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *SearchUsersResponse) GetUsers() []*SearchUserItem {
+	if x != nil {
+		return x.Users
+	}
+	return nil
+}
+
+var File_search_search_proto protoreflect.FileDescriptor
+
+const file_search_search_proto_rawDesc = "" +
+	"\n" +
+	"\x13search/search.proto\x12\tsearch.v1\"\x8a\x01\n" +
+	"\x12SearchUsersRequest\x12\x14\n" +
+	"\x05query\x18\x01 \x01(\tR\x05query\x12\x17\n" +
+	"\auser_id\x18\x02 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x03 \x01(\tR\tsessionId\x12\x1b\n" +
+	"\x06status\x18\x04 \x01(\tH\x00R\x06status\x88\x01\x01B\t\n" +
+	"\a_status\"\xad\x01\n" +
+	"\x0eSearchUserItem\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12\x1b\n" +
+	"\tfull_name\x18\x03 \x01(\tR\bfullName\x12\x1d\n" +
+	"\n" +
+	"avatar_url\x18\x04 \x01(\tR\tavatarUrl\x12\x16\n" +
+	"\x06status\x18\x05 \x01(\tR\x06status\x12\x1b\n" +
+	"\tis_public\x18\x06 \x01(\bR\bisPublic\"F\n" +
+	"\x13SearchUsersResponse\x12/\n" +
+	"\x05users\x18\x01 \x03(\v2\x19.search.v1.SearchUserItemR\x05users2]\n" +
+	"\rSearchService\x12L\n" +
+	"\vSearchUsers\x12\x1d.search.v1.SearchUsersRequest\x1a\x1e.search.v1.SearchUsersResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_search_search_proto_rawDescOnce sync.Once
+	file_search_search_proto_rawDescData []byte
+)
+
+func file_search_search_proto_rawDescGZIP() []byte {
+	file_search_search_proto_rawDescOnce.Do(func() {
+		file_search_search_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_search_search_proto_rawDesc), len(file_search_search_proto_rawDesc)))
+	})
+	return file_search_search_proto_rawDescData
+}
+
+var file_search_search_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_search_search_proto_goTypes = []any{
+	(*SearchUsersRequest)(nil),  // 0: search.v1.SearchUsersRequest
+	(*SearchUserItem)(nil),      // 1: search.v1.SearchUserItem
+	(*SearchUsersResponse)(nil), // 2: search.v1.SearchUsersResponse
+}
+var file_search_search_proto_depIdxs = []int32{
+	1, // 0: search.v1.SearchUsersResponse.users:type_name -> search.v1.SearchUserItem
+	0, // 1: search.v1.SearchService.SearchUsers:input_type -> search.v1.SearchUsersRequest
+	2, // 2: search.v1.SearchService.SearchUsers:output_type -> search.v1.SearchUsersResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_search_search_proto_init() }
+func file_search_search_proto_init() {
+	if File_search_search_proto != nil {
+		return
+	}
+	file_search_search_proto_msgTypes[0].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_search_search_proto_rawDesc), len(file_search_search_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_search_search_proto_goTypes,
+		DependencyIndexes: file_search_search_proto_depIdxs,
+		MessageInfos:      file_search_search_proto_msgTypes,
+	}.Build()
+	File_search_search_proto = out.File
+	file_search_search_proto_goTypes = nil
+	file_search_search_proto_depIdxs = nil
+}

gen/go/search/search_grpc.pb.go

@@ -0,0 +1,121 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: search/search.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	SearchService_SearchUsers_FullMethodName = "/search.v1.SearchService/SearchUsers"
+)
+
+// SearchServiceClient is the client API for SearchService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type SearchServiceClient interface {
+	SearchUsers(ctx context.Context, in *SearchUsersRequest, opts ...grpc.CallOption) (*SearchUsersResponse, error)
+}
+
+type searchServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewSearchServiceClient(cc grpc.ClientConnInterface) SearchServiceClient {
+	return &searchServiceClient{cc}
+}
+
+func (c *searchServiceClient) SearchUsers(ctx context.Context, in *SearchUsersRequest, opts ...grpc.CallOption) (*SearchUsersResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SearchUsersResponse)
+	err := c.cc.Invoke(ctx, SearchService_SearchUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// SearchServiceServer is the server API for SearchService service.
+// All implementations must embed UnimplementedSearchServiceServer
+// for forward compatibility.
+type SearchServiceServer interface {
+	SearchUsers(context.Context, *SearchUsersRequest) (*SearchUsersResponse, error)
+	mustEmbedUnimplementedSearchServiceServer()
+}
+
+// UnimplementedSearchServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedSearchServiceServer struct{}
+
+func (UnimplementedSearchServiceServer) SearchUsers(context.Context, *SearchUsersRequest) (*SearchUsersResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SearchUsers not implemented")
+}
+func (UnimplementedSearchServiceServer) mustEmbedUnimplementedSearchServiceServer() {}
+func (UnimplementedSearchServiceServer) testEmbeddedByValue()                       {}
+
+// UnsafeSearchServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to SearchServiceServer will
+// result in compilation errors.
+type UnsafeSearchServiceServer interface {
+	mustEmbedUnimplementedSearchServiceServer()
+}
+
+func RegisterSearchServiceServer(s grpc.ServiceRegistrar, srv SearchServiceServer) {
+	// If the following call panics, it indicates UnimplementedSearchServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&SearchService_ServiceDesc, srv)
+}
+
+func _SearchService_SearchUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SearchUsersRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SearchServiceServer).SearchUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SearchService_SearchUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SearchServiceServer).SearchUsers(ctx, req.(*SearchUsersRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// SearchService_ServiceDesc is the grpc.ServiceDesc for SearchService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var SearchService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "search.v1.SearchService",
+	HandlerType: (*SearchServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "SearchUsers",
+			Handler:    _SearchService_SearchUsers_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "search/search.proto",
+}

gen/go/sso/account.pb.go

@@ -0,0 +1,980 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: sso/account.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAccountRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAccountRequest) Reset() {
+	*x = GetAccountRequest{}
+	mi := &file_sso_account_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAccountRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAccountRequest) ProtoMessage() {}
+
+func (x *GetAccountRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAccountRequest.ProtoReflect.Descriptor instead.
+func (*GetAccountRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAccountRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type GetAccountResponse struct {
+	state             protoimpl.MessageState `protogen:"open.v1"`
+	Id                string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Username          string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
+	Email             string                 `protobuf:"bytes,3,opt,name=email,proto3" json:"email,omitempty"`
+	Phone             string                 `protobuf:"bytes,4,opt,name=phone,proto3" json:"phone,omitempty"`
+	FullName          string                 `protobuf:"bytes,5,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	IsLdap            bool                   `protobuf:"varint,6,opt,name=is_ldap,json=isLdap,proto3" json:"is_ldap,omitempty"`
+	Status            string                 `protobuf:"bytes,7,opt,name=status,proto3" json:"status,omitempty"`
+	Roles             []string               `protobuf:"bytes,8,rep,name=roles,proto3" json:"roles,omitempty"`
+	AvatarUrl         string                 `protobuf:"bytes,9,opt,name=avatar_url,json=avatarUrl,proto3" json:"avatar_url,omitempty"`
+	EmployeeId        *string                `protobuf:"bytes,10,opt,name=employee_id,json=employeeId,proto3,oneof" json:"employee_id,omitempty"`
+	Presence          string                 `protobuf:"bytes,11,opt,name=presence,proto3" json:"presence,omitempty"`
+	LastActive        string                 `protobuf:"bytes,12,opt,name=last_active,json=lastActive,proto3" json:"last_active,omitempty"`
+	CustomStatusText  string                 `protobuf:"bytes,13,opt,name=custom_status_text,json=customStatusText,proto3" json:"custom_status_text,omitempty"`
+	CustomStatusEmoji string                 `protobuf:"bytes,14,opt,name=custom_status_emoji,json=customStatusEmoji,proto3" json:"custom_status_emoji,omitempty"`
+	Timezone          string                 `protobuf:"bytes,15,opt,name=timezone,proto3" json:"timezone,omitempty"`
+	Language          string                 `protobuf:"bytes,16,opt,name=language,proto3" json:"language,omitempty"`
+	TwoFaEnabled      bool                   `protobuf:"varint,17,opt,name=two_fa_enabled,json=twoFaEnabled,proto3" json:"two_fa_enabled,omitempty"`
+	HasPin            bool                   `protobuf:"varint,18,opt,name=has_pin,json=hasPin,proto3" json:"has_pin,omitempty"`
+	unknownFields     protoimpl.UnknownFields
+	sizeCache         protoimpl.SizeCache
+}
+
+func (x *GetAccountResponse) Reset() {
+	*x = GetAccountResponse{}
+	mi := &file_sso_account_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAccountResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAccountResponse) ProtoMessage() {}
+
+func (x *GetAccountResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAccountResponse.ProtoReflect.Descriptor instead.
+func (*GetAccountResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetAccountResponse) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetPhone() string {
+	if x != nil {
+		return x.Phone
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetIsLdap() bool {
+	if x != nil {
+		return x.IsLdap
+	}
+	return false
+}
+
+func (x *GetAccountResponse) GetStatus() string {
+	if x != nil {
+		return x.Status
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+func (x *GetAccountResponse) GetAvatarUrl() string {
+	if x != nil {
+		return x.AvatarUrl
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetEmployeeId() string {
+	if x != nil && x.EmployeeId != nil {
+		return *x.EmployeeId
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetPresence() string {
+	if x != nil {
+		return x.Presence
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetLastActive() string {
+	if x != nil {
+		return x.LastActive
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetCustomStatusText() string {
+	if x != nil {
+		return x.CustomStatusText
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetCustomStatusEmoji() string {
+	if x != nil {
+		return x.CustomStatusEmoji
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetTimezone() string {
+	if x != nil {
+		return x.Timezone
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetLanguage() string {
+	if x != nil {
+		return x.Language
+	}
+	return ""
+}
+
+func (x *GetAccountResponse) GetTwoFaEnabled() bool {
+	if x != nil {
+		return x.TwoFaEnabled
+	}
+	return false
+}
+
+func (x *GetAccountResponse) GetHasPin() bool {
+	if x != nil {
+		return x.HasPin
+	}
+	return false
+}
+
+type ChangePasswordRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	OldPassword   string                 `protobuf:"bytes,3,opt,name=old_password,json=oldPassword,proto3" json:"old_password,omitempty"`
+	NewPassword   string                 `protobuf:"bytes,4,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
+	Code          *string                `protobuf:"bytes,5,opt,name=code,proto3,oneof" json:"code,omitempty"`
+	SessionId     string                 `protobuf:"bytes,6,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordRequest) Reset() {
+	*x = ChangePasswordRequest{}
+	mi := &file_sso_account_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordRequest) ProtoMessage() {}
+
+func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
+func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ChangePasswordRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetOldPassword() string {
+	if x != nil {
+		return x.OldPassword
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetNewPassword() string {
+	if x != nil {
+		return x.NewPassword
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetCode() string {
+	if x != nil && x.Code != nil {
+		return *x.Code
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type ChangePasswordResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordResponse) Reset() {
+	*x = ChangePasswordResponse{}
+	mi := &file_sso_account_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordResponse) ProtoMessage() {}
+
+func (x *ChangePasswordResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordResponse.ProtoReflect.Descriptor instead.
+func (*ChangePasswordResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ChangePasswordResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ChangePasswordResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type SetPinRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	Pin           string                 `protobuf:"bytes,3,opt,name=pin,proto3" json:"pin,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SetPinRequest) Reset() {
+	*x = SetPinRequest{}
+	mi := &file_sso_account_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SetPinRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SetPinRequest) ProtoMessage() {}
+
+func (x *SetPinRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SetPinRequest.ProtoReflect.Descriptor instead.
+func (*SetPinRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *SetPinRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *SetPinRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+func (x *SetPinRequest) GetPin() string {
+	if x != nil {
+		return x.Pin
+	}
+	return ""
+}
+
+type SetPinResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *SetPinResponse) Reset() {
+	*x = SetPinResponse{}
+	mi := &file_sso_account_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *SetPinResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SetPinResponse) ProtoMessage() {}
+
+func (x *SetPinResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SetPinResponse.ProtoReflect.Descriptor instead.
+func (*SetPinResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *SetPinResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *SetPinResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type UnlockPinRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	Pin           string                 `protobuf:"bytes,3,opt,name=pin,proto3" json:"pin,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UnlockPinRequest) Reset() {
+	*x = UnlockPinRequest{}
+	mi := &file_sso_account_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UnlockPinRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UnlockPinRequest) ProtoMessage() {}
+
+func (x *UnlockPinRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UnlockPinRequest.ProtoReflect.Descriptor instead.
+func (*UnlockPinRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UnlockPinRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *UnlockPinRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+func (x *UnlockPinRequest) GetPin() string {
+	if x != nil {
+		return x.Pin
+	}
+	return ""
+}
+
+type UnlockPinResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UnlockPinResponse) Reset() {
+	*x = UnlockPinResponse{}
+	mi := &file_sso_account_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UnlockPinResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UnlockPinResponse) ProtoMessage() {}
+
+func (x *UnlockPinResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UnlockPinResponse.ProtoReflect.Descriptor instead.
+func (*UnlockPinResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *UnlockPinResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *UnlockPinResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type GetPinStatusRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetPinStatusRequest) Reset() {
+	*x = GetPinStatusRequest{}
+	mi := &file_sso_account_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetPinStatusRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetPinStatusRequest) ProtoMessage() {}
+
+func (x *GetPinStatusRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetPinStatusRequest.ProtoReflect.Descriptor instead.
+func (*GetPinStatusRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *GetPinStatusRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetPinStatusRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetPinStatusResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	HasPin        bool                   `protobuf:"varint,1,opt,name=has_pin,json=hasPin,proto3" json:"has_pin,omitempty"`
+	IsLocked      bool                   `protobuf:"varint,2,opt,name=is_locked,json=isLocked,proto3" json:"is_locked,omitempty"`
+	LockUntil     string                 `protobuf:"bytes,3,opt,name=lock_until,json=lockUntil,proto3" json:"lock_until,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetPinStatusResponse) Reset() {
+	*x = GetPinStatusResponse{}
+	mi := &file_sso_account_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetPinStatusResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetPinStatusResponse) ProtoMessage() {}
+
+func (x *GetPinStatusResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetPinStatusResponse.ProtoReflect.Descriptor instead.
+func (*GetPinStatusResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *GetPinStatusResponse) GetHasPin() bool {
+	if x != nil {
+		return x.HasPin
+	}
+	return false
+}
+
+func (x *GetPinStatusResponse) GetIsLocked() bool {
+	if x != nil {
+		return x.IsLocked
+	}
+	return false
+}
+
+func (x *GetPinStatusResponse) GetLockUntil() string {
+	if x != nil {
+		return x.LockUntil
+	}
+	return ""
+}
+
+type RemovePinRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Pin           string                 `protobuf:"bytes,1,opt,name=pin,proto3" json:"pin,omitempty"`
+	UserId        string                 `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,3,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *RemovePinRequest) Reset() {
+	*x = RemovePinRequest{}
+	mi := &file_sso_account_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *RemovePinRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RemovePinRequest) ProtoMessage() {}
+
+func (x *RemovePinRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RemovePinRequest.ProtoReflect.Descriptor instead.
+func (*RemovePinRequest) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *RemovePinRequest) GetPin() string {
+	if x != nil {
+		return x.Pin
+	}
+	return ""
+}
+
+func (x *RemovePinRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *RemovePinRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type RemovePinResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *RemovePinResponse) Reset() {
+	*x = RemovePinResponse{}
+	mi := &file_sso_account_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *RemovePinResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RemovePinResponse) ProtoMessage() {}
+
+func (x *RemovePinResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_account_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RemovePinResponse.ProtoReflect.Descriptor instead.
+func (*RemovePinResponse) Descriptor() ([]byte, []int) {
+	return file_sso_account_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *RemovePinResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *RemovePinResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+var File_sso_account_proto protoreflect.FileDescriptor
+
+const file_sso_account_proto_rawDesc = "" +
+	"\n" +
+	"\x11sso/account.proto\x12\n" +
+	"account.v1\"#\n" +
+	"\x11GetAccountRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\xb7\x04\n" +
+	"\x12GetAccountResponse\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12\x14\n" +
+	"\x05email\x18\x03 \x01(\tR\x05email\x12\x14\n" +
+	"\x05phone\x18\x04 \x01(\tR\x05phone\x12\x1b\n" +
+	"\tfull_name\x18\x05 \x01(\tR\bfullName\x12\x17\n" +
+	"\ais_ldap\x18\x06 \x01(\bR\x06isLdap\x12\x16\n" +
+	"\x06status\x18\a \x01(\tR\x06status\x12\x14\n" +
+	"\x05roles\x18\b \x03(\tR\x05roles\x12\x1d\n" +
+	"\n" +
+	"avatar_url\x18\t \x01(\tR\tavatarUrl\x12$\n" +
+	"\vemployee_id\x18\n" +
+	" \x01(\tH\x00R\n" +
+	"employeeId\x88\x01\x01\x12\x1a\n" +
+	"\bpresence\x18\v \x01(\tR\bpresence\x12\x1f\n" +
+	"\vlast_active\x18\f \x01(\tR\n" +
+	"lastActive\x12,\n" +
+	"\x12custom_status_text\x18\r \x01(\tR\x10customStatusText\x12.\n" +
+	"\x13custom_status_emoji\x18\x0e \x01(\tR\x11customStatusEmoji\x12\x1a\n" +
+	"\btimezone\x18\x0f \x01(\tR\btimezone\x12\x1a\n" +
+	"\blanguage\x18\x10 \x01(\tR\blanguage\x12$\n" +
+	"\x0etwo_fa_enabled\x18\x11 \x01(\bR\ftwoFaEnabled\x12\x17\n" +
+	"\ahas_pin\x18\x12 \x01(\bR\x06hasPinB\x0e\n" +
+	"\f_employee_id\"\xb7\x01\n" +
+	"\x15ChangePasswordRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12!\n" +
+	"\fold_password\x18\x03 \x01(\tR\voldPassword\x12!\n" +
+	"\fnew_password\x18\x04 \x01(\tR\vnewPassword\x12\x17\n" +
+	"\x04code\x18\x05 \x01(\tH\x00R\x04code\x88\x01\x01\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x06 \x01(\tR\tsessionIdB\a\n" +
+	"\x05_code\"L\n" +
+	"\x16ChangePasswordResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"Y\n" +
+	"\rSetPinRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\x12\x10\n" +
+	"\x03pin\x18\x03 \x01(\tR\x03pin\"D\n" +
+	"\x0eSetPinResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"\\\n" +
+	"\x10UnlockPinRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\x12\x10\n" +
+	"\x03pin\x18\x03 \x01(\tR\x03pin\"G\n" +
+	"\x11UnlockPinResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"M\n" +
+	"\x13GetPinStatusRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"k\n" +
+	"\x14GetPinStatusResponse\x12\x17\n" +
+	"\ahas_pin\x18\x01 \x01(\bR\x06hasPin\x12\x1b\n" +
+	"\tis_locked\x18\x02 \x01(\bR\bisLocked\x12\x1d\n" +
+	"\n" +
+	"lock_until\x18\x03 \x01(\tR\tlockUntil\"\\\n" +
+	"\x10RemovePinRequest\x12\x10\n" +
+	"\x03pin\x18\x01 \x01(\tR\x03pin\x12\x17\n" +
+	"\auser_id\x18\x02 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x03 \x01(\tR\tsessionId\"G\n" +
+	"\x11RemovePinResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage2\xde\x03\n" +
+	"\x0eAccountService\x12K\n" +
+	"\n" +
+	"GetAccount\x12\x1d.account.v1.GetAccountRequest\x1a\x1e.account.v1.GetAccountResponse\x12W\n" +
+	"\x0eChangePassword\x12!.account.v1.ChangePasswordRequest\x1a\".account.v1.ChangePasswordResponse\x12?\n" +
+	"\x06SetPin\x12\x19.account.v1.SetPinRequest\x1a\x1a.account.v1.SetPinResponse\x12H\n" +
+	"\tUnlockPin\x12\x1c.account.v1.UnlockPinRequest\x1a\x1d.account.v1.UnlockPinResponse\x12Q\n" +
+	"\fGetPinStatus\x12\x1f.account.v1.GetPinStatusRequest\x1a .account.v1.GetPinStatusResponse\x12H\n" +
+	"\tRemovePin\x12\x1c.account.v1.RemovePinRequest\x1a\x1d.account.v1.RemovePinResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_account_proto_rawDescOnce sync.Once
+	file_sso_account_proto_rawDescData []byte
+)
+
+func file_sso_account_proto_rawDescGZIP() []byte {
+	file_sso_account_proto_rawDescOnce.Do(func() {
+		file_sso_account_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_account_proto_rawDesc), len(file_sso_account_proto_rawDesc)))
+	})
+	return file_sso_account_proto_rawDescData
+}
+
+var file_sso_account_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
+var file_sso_account_proto_goTypes = []any{
+	(*GetAccountRequest)(nil),      // 0: account.v1.GetAccountRequest
+	(*GetAccountResponse)(nil),     // 1: account.v1.GetAccountResponse
+	(*ChangePasswordRequest)(nil),  // 2: account.v1.ChangePasswordRequest
+	(*ChangePasswordResponse)(nil), // 3: account.v1.ChangePasswordResponse
+	(*SetPinRequest)(nil),          // 4: account.v1.SetPinRequest
+	(*SetPinResponse)(nil),         // 5: account.v1.SetPinResponse
+	(*UnlockPinRequest)(nil),       // 6: account.v1.UnlockPinRequest
+	(*UnlockPinResponse)(nil),      // 7: account.v1.UnlockPinResponse
+	(*GetPinStatusRequest)(nil),    // 8: account.v1.GetPinStatusRequest
+	(*GetPinStatusResponse)(nil),   // 9: account.v1.GetPinStatusResponse
+	(*RemovePinRequest)(nil),       // 10: account.v1.RemovePinRequest
+	(*RemovePinResponse)(nil),      // 11: account.v1.RemovePinResponse
+}
+var file_sso_account_proto_depIdxs = []int32{
+	0,  // 0: account.v1.AccountService.GetAccount:input_type -> account.v1.GetAccountRequest
+	2,  // 1: account.v1.AccountService.ChangePassword:input_type -> account.v1.ChangePasswordRequest
+	4,  // 2: account.v1.AccountService.SetPin:input_type -> account.v1.SetPinRequest
+	6,  // 3: account.v1.AccountService.UnlockPin:input_type -> account.v1.UnlockPinRequest
+	8,  // 4: account.v1.AccountService.GetPinStatus:input_type -> account.v1.GetPinStatusRequest
+	10, // 5: account.v1.AccountService.RemovePin:input_type -> account.v1.RemovePinRequest
+	1,  // 6: account.v1.AccountService.GetAccount:output_type -> account.v1.GetAccountResponse
+	3,  // 7: account.v1.AccountService.ChangePassword:output_type -> account.v1.ChangePasswordResponse
+	5,  // 8: account.v1.AccountService.SetPin:output_type -> account.v1.SetPinResponse
+	7,  // 9: account.v1.AccountService.UnlockPin:output_type -> account.v1.UnlockPinResponse
+	9,  // 10: account.v1.AccountService.GetPinStatus:output_type -> account.v1.GetPinStatusResponse
+	11, // 11: account.v1.AccountService.RemovePin:output_type -> account.v1.RemovePinResponse
+	6,  // [6:12] is the sub-list for method output_type
+	0,  // [0:6] is the sub-list for method input_type
+	0,  // [0:0] is the sub-list for extension type_name
+	0,  // [0:0] is the sub-list for extension extendee
+	0,  // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_sso_account_proto_init() }
+func file_sso_account_proto_init() {
+	if File_sso_account_proto != nil {
+		return
+	}
+	file_sso_account_proto_msgTypes[1].OneofWrappers = []any{}
+	file_sso_account_proto_msgTypes[2].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_account_proto_rawDesc), len(file_sso_account_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   12,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_account_proto_goTypes,
+		DependencyIndexes: file_sso_account_proto_depIdxs,
+		MessageInfos:      file_sso_account_proto_msgTypes,
+	}.Build()
+	File_sso_account_proto = out.File
+	file_sso_account_proto_goTypes = nil
+	file_sso_account_proto_depIdxs = nil
+}

gen/go/sso/account_grpc.pb.go

@@ -0,0 +1,311 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/account.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AccountService_GetAccount_FullMethodName     = "/account.v1.AccountService/GetAccount"
+	AccountService_ChangePassword_FullMethodName = "/account.v1.AccountService/ChangePassword"
+	AccountService_SetPin_FullMethodName         = "/account.v1.AccountService/SetPin"
+	AccountService_UnlockPin_FullMethodName      = "/account.v1.AccountService/UnlockPin"
+	AccountService_GetPinStatus_FullMethodName   = "/account.v1.AccountService/GetPinStatus"
+	AccountService_RemovePin_FullMethodName      = "/account.v1.AccountService/RemovePin"
+)
+
+// AccountServiceClient is the client API for AccountService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AccountServiceClient interface {
+	GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error)
+	SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error)
+	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error)
+	RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error)
+}
+
+type accountServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAccountServiceClient(cc grpc.ClientConnInterface) AccountServiceClient {
+	return &accountServiceClient{cc}
+}
+
+func (c *accountServiceClient) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAccountResponse)
+	err := c.cc.Invoke(ctx, AccountService_GetAccount_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ChangePasswordResponse)
+	err := c.cc.Invoke(ctx, AccountService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) SetPin(ctx context.Context, in *SetPinRequest, opts ...grpc.CallOption) (*SetPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SetPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_SetPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnlockPinResponse)
+	err := c.cc.Invoke(ctx, AccountService_UnlockPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) GetPinStatus(ctx context.Context, in *GetPinStatusRequest, opts ...grpc.CallOption) (*GetPinStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetPinStatusResponse)
+	err := c.cc.Invoke(ctx, AccountService_GetPinStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *accountServiceClient) RemovePin(ctx context.Context, in *RemovePinRequest, opts ...grpc.CallOption) (*RemovePinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RemovePinResponse)
+	err := c.cc.Invoke(ctx, AccountService_RemovePin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AccountServiceServer is the server API for AccountService service.
+// All implementations must embed UnimplementedAccountServiceServer
+// for forward compatibility.
+type AccountServiceServer interface {
+	GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error)
+	SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error)
+	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error)
+	RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error)
+	mustEmbedUnimplementedAccountServiceServer()
+}
+
+// UnimplementedAccountServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAccountServiceServer struct{}
+
+func (UnimplementedAccountServiceServer) GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAccount not implemented")
+}
+func (UnimplementedAccountServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedAccountServiceServer) SetPin(context.Context, *SetPinRequest) (*SetPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SetPin not implemented")
+}
+func (UnimplementedAccountServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+}
+func (UnimplementedAccountServiceServer) GetPinStatus(context.Context, *GetPinStatusRequest) (*GetPinStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetPinStatus not implemented")
+}
+func (UnimplementedAccountServiceServer) RemovePin(context.Context, *RemovePinRequest) (*RemovePinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemovePin not implemented")
+}
+func (UnimplementedAccountServiceServer) mustEmbedUnimplementedAccountServiceServer() {}
+func (UnimplementedAccountServiceServer) testEmbeddedByValue()                        {}
+
+// UnsafeAccountServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AccountServiceServer will
+// result in compilation errors.
+type UnsafeAccountServiceServer interface {
+	mustEmbedUnimplementedAccountServiceServer()
+}
+
+func RegisterAccountServiceServer(s grpc.ServiceRegistrar, srv AccountServiceServer) {
+	// If the following call panics, it indicates UnimplementedAccountServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AccountService_ServiceDesc, srv)
+}
+
+func _AccountService_GetAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).GetAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_GetAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).GetAccount(ctx, req.(*GetAccountRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_SetPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SetPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).SetPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_SetPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).SetPin(ctx, req.(*SetPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnlockPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).UnlockPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_UnlockPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_GetPinStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetPinStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_GetPinStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).GetPinStatus(ctx, req.(*GetPinStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AccountService_RemovePin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RemovePinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountServiceServer).RemovePin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AccountService_RemovePin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountServiceServer).RemovePin(ctx, req.(*RemovePinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AccountService_ServiceDesc is the grpc.ServiceDesc for AccountService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AccountService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "account.v1.AccountService",
+	HandlerType: (*AccountServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetAccount",
+			Handler:    _AccountService_GetAccount_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _AccountService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "SetPin",
+			Handler:    _AccountService_SetPin_Handler,
+		},
+		{
+			MethodName: "UnlockPin",
+			Handler:    _AccountService_UnlockPin_Handler,
+		},
+		{
+			MethodName: "GetPinStatus",
+			Handler:    _AccountService_GetPinStatus_Handler,
+		},
+		{
+			MethodName: "RemovePin",
+			Handler:    _AccountService_RemovePin_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/account.proto",
+}

gen/go/sso/auth_grpc.pb.go

@@ -0,0 +1,655 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/auth.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AuthService_Login_FullMethodName                = "/auth.v1.AuthService/Login"
+	AuthService_Refresh_FullMethodName              = "/auth.v1.AuthService/Refresh"
+	AuthService_VerifyToken_FullMethodName          = "/auth.v1.AuthService/VerifyToken"
+	AuthService_GetAccountRoleLevel_FullMethodName  = "/auth.v1.AuthService/GetAccountRoleLevel"
+	AuthService_Logout_FullMethodName               = "/auth.v1.AuthService/Logout"
+	AuthService_LogoutOther_FullMethodName          = "/auth.v1.AuthService/LogoutOther"
+	AuthService_GetSessions_FullMethodName          = "/auth.v1.AuthService/GetSessions"
+	AuthService_TerminateSession_FullMethodName     = "/auth.v1.AuthService/TerminateSession"
+	AuthService_SystemCreateAccount_FullMethodName  = "/auth.v1.AuthService/SystemCreateAccount"
+	AuthService_SystemChangeStatus_FullMethodName   = "/auth.v1.AuthService/SystemChangeStatus"
+	AuthService_SystemUpdatePassword_FullMethodName = "/auth.v1.AuthService/SystemUpdatePassword"
+	AuthService_SystemUpdatePin_FullMethodName      = "/auth.v1.AuthService/SystemUpdatePin"
+	AuthService_SystemBlockIp_FullMethodName        = "/auth.v1.AuthService/SystemBlockIp"
+	AuthService_SystemUnblockIp_FullMethodName      = "/auth.v1.AuthService/SystemUnblockIp"
+	AuthService_SystemGetAllAccounts_FullMethodName = "/auth.v1.AuthService/SystemGetAllAccounts"
+)
+
+// AuthServiceClient is the client API for AuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuthServiceClient interface {
+	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
+	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error)
+	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error)
+	TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error)
+	// Системные методы для админа
+	SystemCreateAccount(ctx context.Context, in *SystemCreateAccountRequest, opts ...grpc.CallOption) (*SystemCreateAccountResponse, error)
+	SystemChangeStatus(ctx context.Context, in *SystemChangeStatusRequest, opts ...grpc.CallOption) (*SystemChangeStatusResponse, error)
+	SystemUpdatePassword(ctx context.Context, in *SystemUpdatePasswordRequest, opts ...grpc.CallOption) (*SystemUpdatePasswordResponse, error)
+	SystemUpdatePin(ctx context.Context, in *SystemUpdatePinRequest, opts ...grpc.CallOption) (*SystemUpdatePinResponse, error)
+	SystemBlockIp(ctx context.Context, in *SystemBlockIpRequest, opts ...grpc.CallOption) (*SystemBlockIpResponse, error)
+	SystemUnblockIp(ctx context.Context, in *SystemUnblockIpRequest, opts ...grpc.CallOption) (*SystemUnblockIpResponse, error)
+	SystemGetAllAccounts(ctx context.Context, in *SystemGetAllAccountsRequest, opts ...grpc.CallOption) (*SystemGetAllAccountsResponse, error)
+}
+
+type authServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
+	return &authServiceClient{cc}
+}
+
+func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LoginResponse)
+	err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RefreshResponse)
+	err := c.cc.Invoke(ctx, AuthService_Refresh_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyTokenResponse)
+	err := c.cc.Invoke(ctx, AuthService_VerifyToken_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAccountRoleLevelResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetAccountRoleLevel_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) LogoutOther(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_LogoutOther_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) GetSessions(ctx context.Context, in *GetSessionRequest, opts ...grpc.CallOption) (*GetSessionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetSessionsResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetSessions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) TerminateSession(ctx context.Context, in *TerminateSessionRequest, opts ...grpc.CallOption) (*TerminateSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(TerminateSessionResponse)
+	err := c.cc.Invoke(ctx, AuthService_TerminateSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemCreateAccount(ctx context.Context, in *SystemCreateAccountRequest, opts ...grpc.CallOption) (*SystemCreateAccountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemCreateAccountResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemCreateAccount_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemChangeStatus(ctx context.Context, in *SystemChangeStatusRequest, opts ...grpc.CallOption) (*SystemChangeStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemChangeStatusResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemChangeStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemUpdatePassword(ctx context.Context, in *SystemUpdatePasswordRequest, opts ...grpc.CallOption) (*SystemUpdatePasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemUpdatePasswordResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemUpdatePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemUpdatePin(ctx context.Context, in *SystemUpdatePinRequest, opts ...grpc.CallOption) (*SystemUpdatePinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemUpdatePinResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemUpdatePin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemBlockIp(ctx context.Context, in *SystemBlockIpRequest, opts ...grpc.CallOption) (*SystemBlockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemBlockIpResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemBlockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemUnblockIp(ctx context.Context, in *SystemUnblockIpRequest, opts ...grpc.CallOption) (*SystemUnblockIpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemUnblockIpResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemUnblockIp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SystemGetAllAccounts(ctx context.Context, in *SystemGetAllAccountsRequest, opts ...grpc.CallOption) (*SystemGetAllAccountsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemGetAllAccountsResponse)
+	err := c.cc.Invoke(ctx, AuthService_SystemGetAllAccounts_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuthServiceServer is the server API for AuthService service.
+// All implementations must embed UnimplementedAuthServiceServer
+// for forward compatibility.
+type AuthServiceServer interface {
+	Login(context.Context, *LoginRequest) (*LoginResponse, error)
+	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error)
+	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error)
+	TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error)
+	// Системные методы для админа
+	SystemCreateAccount(context.Context, *SystemCreateAccountRequest) (*SystemCreateAccountResponse, error)
+	SystemChangeStatus(context.Context, *SystemChangeStatusRequest) (*SystemChangeStatusResponse, error)
+	SystemUpdatePassword(context.Context, *SystemUpdatePasswordRequest) (*SystemUpdatePasswordResponse, error)
+	SystemUpdatePin(context.Context, *SystemUpdatePinRequest) (*SystemUpdatePinResponse, error)
+	SystemBlockIp(context.Context, *SystemBlockIpRequest) (*SystemBlockIpResponse, error)
+	SystemUnblockIp(context.Context, *SystemUnblockIpRequest) (*SystemUnblockIpResponse, error)
+	SystemGetAllAccounts(context.Context, *SystemGetAllAccountsRequest) (*SystemGetAllAccountsResponse, error)
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+// UnimplementedAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAuthServiceServer struct{}
+
+func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Login not implemented")
+}
+func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
+}
+func (UnimplementedAuthServiceServer) VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyToken not implemented")
+}
+func (UnimplementedAuthServiceServer) GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAccountRoleLevel not implemented")
+}
+func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
+}
+func (UnimplementedAuthServiceServer) LogoutOther(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method LogoutOther not implemented")
+}
+func (UnimplementedAuthServiceServer) GetSessions(context.Context, *GetSessionRequest) (*GetSessionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetSessions not implemented")
+}
+func (UnimplementedAuthServiceServer) TerminateSession(context.Context, *TerminateSessionRequest) (*TerminateSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method TerminateSession not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemCreateAccount(context.Context, *SystemCreateAccountRequest) (*SystemCreateAccountResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemCreateAccount not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemChangeStatus(context.Context, *SystemChangeStatusRequest) (*SystemChangeStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemChangeStatus not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemUpdatePassword(context.Context, *SystemUpdatePasswordRequest) (*SystemUpdatePasswordResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemUpdatePassword not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemUpdatePin(context.Context, *SystemUpdatePinRequest) (*SystemUpdatePinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemUpdatePin not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemBlockIp(context.Context, *SystemBlockIpRequest) (*SystemBlockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemBlockIp not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemUnblockIp(context.Context, *SystemUnblockIpRequest) (*SystemUnblockIpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemUnblockIp not implemented")
+}
+func (UnimplementedAuthServiceServer) SystemGetAllAccounts(context.Context, *SystemGetAllAccountsRequest) (*SystemGetAllAccountsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemGetAllAccounts not implemented")
+}
+func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
+func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuthServiceServer will
+// result in compilation errors.
+type UnsafeAuthServiceServer interface {
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AuthService_ServiceDesc, srv)
+}
+
+func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Login_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RefreshRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Refresh(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Refresh_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Refresh(ctx, req.(*RefreshRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_VerifyToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).VerifyToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_VerifyToken_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).VerifyToken(ctx, req.(*VerifyTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_GetAccountRoleLevel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountRoleLevelRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetAccountRoleLevel_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, req.(*GetAccountRoleLevelRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Logout(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Logout_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_LogoutOther_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).LogoutOther(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_LogoutOther_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).LogoutOther(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_GetSessions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetSessions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetSessions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetSessions(ctx, req.(*GetSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_TerminateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TerminateSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).TerminateSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_TerminateSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).TerminateSession(ctx, req.(*TerminateSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemCreateAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemCreateAccountRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemCreateAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemCreateAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemCreateAccount(ctx, req.(*SystemCreateAccountRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemChangeStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemChangeStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemChangeStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemChangeStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemChangeStatus(ctx, req.(*SystemChangeStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemUpdatePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemUpdatePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemUpdatePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemUpdatePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemUpdatePassword(ctx, req.(*SystemUpdatePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemUpdatePin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemUpdatePinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemUpdatePin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemUpdatePin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemUpdatePin(ctx, req.(*SystemUpdatePinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemBlockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemBlockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemBlockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemBlockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemBlockIp(ctx, req.(*SystemBlockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemUnblockIp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemUnblockIpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemUnblockIp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemUnblockIp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemUnblockIp(ctx, req.(*SystemUnblockIpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SystemGetAllAccounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemGetAllAccountsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SystemGetAllAccounts(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SystemGetAllAccounts_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SystemGetAllAccounts(ctx, req.(*SystemGetAllAccountsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "auth.v1.AuthService",
+	HandlerType: (*AuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _AuthService_Login_Handler,
+		},
+		{
+			MethodName: "Refresh",
+			Handler:    _AuthService_Refresh_Handler,
+		},
+		{
+			MethodName: "VerifyToken",
+			Handler:    _AuthService_VerifyToken_Handler,
+		},
+		{
+			MethodName: "GetAccountRoleLevel",
+			Handler:    _AuthService_GetAccountRoleLevel_Handler,
+		},
+		{
+			MethodName: "Logout",
+			Handler:    _AuthService_Logout_Handler,
+		},
+		{
+			MethodName: "LogoutOther",
+			Handler:    _AuthService_LogoutOther_Handler,
+		},
+		{
+			MethodName: "GetSessions",
+			Handler:    _AuthService_GetSessions_Handler,
+		},
+		{
+			MethodName: "TerminateSession",
+			Handler:    _AuthService_TerminateSession_Handler,
+		},
+		{
+			MethodName: "SystemCreateAccount",
+			Handler:    _AuthService_SystemCreateAccount_Handler,
+		},
+		{
+			MethodName: "SystemChangeStatus",
+			Handler:    _AuthService_SystemChangeStatus_Handler,
+		},
+		{
+			MethodName: "SystemUpdatePassword",
+			Handler:    _AuthService_SystemUpdatePassword_Handler,
+		},
+		{
+			MethodName: "SystemUpdatePin",
+			Handler:    _AuthService_SystemUpdatePin_Handler,
+		},
+		{
+			MethodName: "SystemBlockIp",
+			Handler:    _AuthService_SystemBlockIp_Handler,
+		},
+		{
+			MethodName: "SystemUnblockIp",
+			Handler:    _AuthService_SystemUnblockIp_Handler,
+		},
+		{
+			MethodName: "SystemGetAllAccounts",
+			Handler:    _AuthService_SystemGetAllAccounts_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/auth.proto",
+}

gen/go/sso/ldap-auth.pb.go

@@ -0,0 +1,322 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: sso/ldap-auth.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type LdapUserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
+	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
+	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
+	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
+	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
+	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
+	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
+	Phone         string                 `protobuf:"bytes,9,opt,name=phone,proto3" json:"phone,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *LdapUserData) Reset() {
+	*x = LdapUserData{}
+	mi := &file_sso_ldap_auth_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *LdapUserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*LdapUserData) ProtoMessage() {}
+
+func (x *LdapUserData) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_auth_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use LdapUserData.ProtoReflect.Descriptor instead.
+func (*LdapUserData) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_auth_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *LdapUserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *LdapUserData) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *LdapUserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *LdapUserData) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *LdapUserData) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *LdapUserData) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+func (x *LdapUserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *LdapUserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+func (x *LdapUserData) GetPhone() string {
+	if x != nil {
+		return x.Phone
+	}
+	return ""
+}
+
+// --- Авторизация ---
+type VerifyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyRequest) Reset() {
+	*x = VerifyRequest{}
+	mi := &file_sso_ldap_auth_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyRequest) ProtoMessage() {}
+
+func (x *VerifyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_auth_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
+func (*VerifyRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_auth_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *VerifyRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *VerifyRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+type VerifyResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	User          *LdapUserData          `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // Отдаем полные данные при успешном входе
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyResponse) Reset() {
+	*x = VerifyResponse{}
+	mi := &file_sso_ldap_auth_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyResponse) ProtoMessage() {}
+
+func (x *VerifyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_auth_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
+func (*VerifyResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_auth_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *VerifyResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *VerifyResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *VerifyResponse) GetUser() *LdapUserData {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+var File_sso_ldap_auth_proto protoreflect.FileDescriptor
+
+const file_sso_ldap_auth_proto_rawDesc = "" +
+	"\n" +
+	"\x13sso/ldap-auth.proto\x12\fldap_auth.v1\"\xf8\x01\n" +
+	"\fLdapUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
+	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
+	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
+	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
+	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\b \x01(\bR\bisActive\x12\x14\n" +
+	"\x05phone\x18\t \x01(\tR\x05phone\"G\n" +
+	"\rVerifyRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\"\x7f\n" +
+	"\x0eVerifyResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12.\n" +
+	"\x04user\x18\x03 \x01(\v2\x1a.ldap_auth.v1.LdapUserDataR\x04user2Z\n" +
+	"\x0fLdapAuthService\x12G\n" +
+	"\n" +
+	"VerifyUser\x12\x1b.ldap_auth.v1.VerifyRequest\x1a\x1c.ldap_auth.v1.VerifyResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_ldap_auth_proto_rawDescOnce sync.Once
+	file_sso_ldap_auth_proto_rawDescData []byte
+)
+
+func file_sso_ldap_auth_proto_rawDescGZIP() []byte {
+	file_sso_ldap_auth_proto_rawDescOnce.Do(func() {
+		file_sso_ldap_auth_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_ldap_auth_proto_rawDesc), len(file_sso_ldap_auth_proto_rawDesc)))
+	})
+	return file_sso_ldap_auth_proto_rawDescData
+}
+
+var file_sso_ldap_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
+var file_sso_ldap_auth_proto_goTypes = []any{
+	(*LdapUserData)(nil),   // 0: ldap_auth.v1.LdapUserData
+	(*VerifyRequest)(nil),  // 1: ldap_auth.v1.VerifyRequest
+	(*VerifyResponse)(nil), // 2: ldap_auth.v1.VerifyResponse
+}
+var file_sso_ldap_auth_proto_depIdxs = []int32{
+	0, // 0: ldap_auth.v1.VerifyResponse.user:type_name -> ldap_auth.v1.LdapUserData
+	1, // 1: ldap_auth.v1.LdapAuthService.VerifyUser:input_type -> ldap_auth.v1.VerifyRequest
+	2, // 2: ldap_auth.v1.LdapAuthService.VerifyUser:output_type -> ldap_auth.v1.VerifyResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_sso_ldap_auth_proto_init() }
+func file_sso_ldap_auth_proto_init() {
+	if File_sso_ldap_auth_proto != nil {
+		return
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_ldap_auth_proto_rawDesc), len(file_sso_ldap_auth_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   3,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_ldap_auth_proto_goTypes,
+		DependencyIndexes: file_sso_ldap_auth_proto_depIdxs,
+		MessageInfos:      file_sso_ldap_auth_proto_msgTypes,
+	}.Build()
+	File_sso_ldap_auth_proto = out.File
+	file_sso_ldap_auth_proto_goTypes = nil
+	file_sso_ldap_auth_proto_depIdxs = nil
+}

gen/go/sso/ldap-auth_grpc.pb.go

@@ -0,0 +1,121 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/ldap-auth.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapAuthService_VerifyUser_FullMethodName = "/ldap_auth.v1.LdapAuthService/VerifyUser"
+)
+
+// LdapAuthServiceClient is the client API for LdapAuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapAuthServiceClient interface {
+	VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
+}
+
+type ldapAuthServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapAuthServiceClient(cc grpc.ClientConnInterface) LdapAuthServiceClient {
+	return &ldapAuthServiceClient{cc}
+}
+
+func (c *ldapAuthServiceClient) VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyResponse)
+	err := c.cc.Invoke(ctx, LdapAuthService_VerifyUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapAuthServiceServer is the server API for LdapAuthService service.
+// All implementations must embed UnimplementedLdapAuthServiceServer
+// for forward compatibility.
+type LdapAuthServiceServer interface {
+	VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error)
+	mustEmbedUnimplementedLdapAuthServiceServer()
+}
+
+// UnimplementedLdapAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapAuthServiceServer struct{}
+
+func (UnimplementedLdapAuthServiceServer) VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyUser not implemented")
+}
+func (UnimplementedLdapAuthServiceServer) mustEmbedUnimplementedLdapAuthServiceServer() {}
+func (UnimplementedLdapAuthServiceServer) testEmbeddedByValue()                         {}
+
+// UnsafeLdapAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapAuthServiceServer will
+// result in compilation errors.
+type UnsafeLdapAuthServiceServer interface {
+	mustEmbedUnimplementedLdapAuthServiceServer()
+}
+
+func RegisterLdapAuthServiceServer(s grpc.ServiceRegistrar, srv LdapAuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedLdapAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapAuthService_ServiceDesc, srv)
+}
+
+func _LdapAuthService_VerifyUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServiceServer).VerifyUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuthService_VerifyUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServiceServer).VerifyUser(ctx, req.(*VerifyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapAuthService_ServiceDesc is the grpc.ServiceDesc for LdapAuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapAuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap_auth.v1.LdapAuthService",
+	HandlerType: (*LdapAuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "VerifyUser",
+			Handler:    _LdapAuthService_VerifyUser_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/ldap-auth.proto",
+}

gen/go/sso/ldap.pb.go

@@ -0,0 +1,846 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: sso/ldap.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+type EmptyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *EmptyRequest) Reset() {
+	*x = EmptyRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *EmptyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EmptyRequest) ProtoMessage() {}
+
+func (x *EmptyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EmptyRequest.ProtoReflect.Descriptor instead.
+func (*EmptyRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{0}
+}
+
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+type StatusResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StatusResponse) Reset() {
+	*x = StatusResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StatusResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StatusResponse) ProtoMessage() {}
+
+func (x *StatusResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StatusResponse.ProtoReflect.Descriptor instead.
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *StatusResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *StatusResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+// Полная модель пользователя
+type UserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
+	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
+	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
+	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
+	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
+	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
+	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
+	Phone         string                 `protobuf:"bytes,9,opt,name=phone,proto3" json:"phone,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserData) Reset() {
+	*x = UserData{}
+	mi := &file_sso_ldap_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserData) ProtoMessage() {}
+
+func (x *UserData) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserData.ProtoReflect.Descriptor instead.
+func (*UserData) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *UserData) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *UserData) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *UserData) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *UserData) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+func (x *UserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *UserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+func (x *UserData) GetPhone() string {
+	if x != nil {
+		return x.Phone
+	}
+	return ""
+}
+
+// Модель группы
+type GroupData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Короткое имя группы (cn)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupData) Reset() {
+	*x = GroupData{}
+	mi := &file_sso_ldap_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupData) ProtoMessage() {}
+
+func (x *GroupData) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupData.ProtoReflect.Descriptor instead.
+func (*GroupData) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GroupData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *GroupData) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// --- Списки ---
+type UserListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Users         []*UserData            `protobuf:"bytes,3,rep,name=users,proto3" json:"users,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserListResponse) Reset() {
+	*x = UserListResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserListResponse) ProtoMessage() {}
+
+func (x *UserListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserListResponse.ProtoReflect.Descriptor instead.
+func (*UserListResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *UserListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *UserListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *UserListResponse) GetUsers() []*UserData {
+	if x != nil {
+		return x.Users
+	}
+	return nil
+}
+
+type GroupListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Groups        []*GroupData           `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupListResponse) Reset() {
+	*x = GroupListResponse{}
+	mi := &file_sso_ldap_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupListResponse) ProtoMessage() {}
+
+func (x *GroupListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupListResponse.ProtoReflect.Descriptor instead.
+func (*GroupListResponse) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GroupListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *GroupListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *GroupListResponse) GetGroups() []*GroupData {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+// --- Управление профилем ---
+type CreateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	FullName      string                 `protobuf:"bytes,2,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	Password      string                 `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
+	Email         *string                `protobuf:"bytes,4,opt,name=email,proto3,oneof" json:"email,omitempty"` // Сразу при создании можно задать почту
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreateUserRequest) Reset() {
+	*x = CreateUserRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateUserRequest) ProtoMessage() {}
+
+func (x *CreateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.
+func (*CreateUserRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *CreateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+type UpdateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`                                // Обязательное поле: кого обновляем
+	DisplayName   *string                `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"` // Новое ФИО (повлечет Rename CN)
+	Email         *string                `protobuf:"bytes,3,opt,name=email,proto3,oneof" json:"email,omitempty"`                                // Новая почта
+	Description   *string                `protobuf:"bytes,4,opt,name=description,proto3,oneof" json:"description,omitempty"`                    // Новое описание
+	Avatar        []byte                 `protobuf:"bytes,5,opt,name=avatar,proto3,oneof" json:"avatar,omitempty"`                              // Новая аватарка (бинарник картинки)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdateUserRequest) Reset() {
+	*x = UpdateUserRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateUserRequest) ProtoMessage() {}
+
+func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead.
+func (*UpdateUserRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *UpdateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDisplayName() string {
+	if x != nil && x.DisplayName != nil {
+		return *x.DisplayName
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDescription() string {
+	if x != nil && x.Description != nil {
+		return *x.Description
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+type ChangePasswordRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	NewPassword   string                 `protobuf:"bytes,2,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordRequest) Reset() {
+	*x = ChangePasswordRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordRequest) ProtoMessage() {}
+
+func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
+func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ChangePasswordRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetNewPassword() string {
+	if x != nil {
+		return x.NewPassword
+	}
+	return ""
+}
+
+type ToggleStatusRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	SetActive     bool                   `protobuf:"varint,2,opt,name=set_active,json=setActive,proto3" json:"set_active,omitempty"` // true - включить (512), false - отключить (514)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ToggleStatusRequest) Reset() {
+	*x = ToggleStatusRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ToggleStatusRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ToggleStatusRequest) ProtoMessage() {}
+
+func (x *ToggleStatusRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ToggleStatusRequest.ProtoReflect.Descriptor instead.
+func (*ToggleStatusRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ToggleStatusRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ToggleStatusRequest) GetSetActive() bool {
+	if x != nil {
+		return x.SetActive
+	}
+	return false
+}
+
+// --- Управление членством в группах ---
+type GroupMemberRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`              // Логин пользователя
+	GroupDn       string                 `protobuf:"bytes,2,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty"` // Полный путь группы (в которую добавляем / из которой удаляем)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupMemberRequest) Reset() {
+	*x = GroupMemberRequest{}
+	mi := &file_sso_ldap_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupMemberRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupMemberRequest) ProtoMessage() {}
+
+func (x *GroupMemberRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_ldap_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupMemberRequest.ProtoReflect.Descriptor instead.
+func (*GroupMemberRequest) Descriptor() ([]byte, []int) {
+	return file_sso_ldap_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *GroupMemberRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *GroupMemberRequest) GetGroupDn() string {
+	if x != nil {
+		return x.GroupDn
+	}
+	return ""
+}
+
+var File_sso_ldap_proto protoreflect.FileDescriptor
+
+const file_sso_ldap_proto_rawDesc = "" +
+	"\n" +
+	"\x0esso/ldap.proto\x12\aldap.v1\"\x0e\n" +
+	"\fEmptyRequest\"O\n" +
+	"\x0eStatusResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xf4\x01\n" +
+	"\bUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
+	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
+	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
+	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
+	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\b \x01(\bR\bisActive\x12\x14\n" +
+	"\x05phone\x18\t \x01(\tR\x05phone\"/\n" +
+	"\tGroupData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\"z\n" +
+	"\x10UserListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12'\n" +
+	"\x05users\x18\x03 \x03(\v2\x11.ldap.v1.UserDataR\x05users\"~\n" +
+	"\x11GroupListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
+	"\x06groups\x18\x03 \x03(\v2\x12.ldap.v1.GroupDataR\x06groups\"\x8d\x01\n" +
+	"\x11CreateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" +
+	"\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x1a\n" +
+	"\bpassword\x18\x03 \x01(\tR\bpassword\x12\x19\n" +
+	"\x05email\x18\x04 \x01(\tH\x00R\x05email\x88\x01\x01B\b\n" +
+	"\x06_email\"\xec\x01\n" +
+	"\x11UpdateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12&\n" +
+	"\fdisplay_name\x18\x02 \x01(\tH\x00R\vdisplayName\x88\x01\x01\x12\x19\n" +
+	"\x05email\x18\x03 \x01(\tH\x01R\x05email\x88\x01\x01\x12%\n" +
+	"\vdescription\x18\x04 \x01(\tH\x02R\vdescription\x88\x01\x01\x12\x1b\n" +
+	"\x06avatar\x18\x05 \x01(\fH\x03R\x06avatar\x88\x01\x01B\x0f\n" +
+	"\r_display_nameB\b\n" +
+	"\x06_emailB\x0e\n" +
+	"\f_descriptionB\t\n" +
+	"\a_avatar\"V\n" +
+	"\x15ChangePasswordRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12!\n" +
+	"\fnew_password\x18\x02 \x01(\tR\vnewPassword\"P\n" +
+	"\x13ToggleStatusRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1d\n" +
+	"\n" +
+	"set_active\x18\x02 \x01(\bR\tsetActive\"K\n" +
+	"\x12GroupMemberRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x19\n" +
+	"\bgroup_dn\x18\x02 \x01(\tR\agroupDn2\xbc\x04\n" +
+	"\vLdapService\x12<\n" +
+	"\bGetUsers\x12\x15.ldap.v1.EmptyRequest\x1a\x19.ldap.v1.UserListResponse\x12A\n" +
+	"\n" +
+	"CreateUser\x12\x1a.ldap.v1.CreateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12A\n" +
+	"\n" +
+	"UpdateUser\x12\x1a.ldap.v1.UpdateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x0eChangePassword\x12\x1e.ldap.v1.ChangePasswordRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x10ToggleUserStatus\x12\x1c.ldap.v1.ToggleStatusRequest\x1a\x17.ldap.v1.StatusResponse\x12>\n" +
+	"\tGetGroups\x12\x15.ldap.v1.EmptyRequest\x1a\x1a.ldap.v1.GroupListResponse\x12F\n" +
+	"\x0eAddUserToGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponse\x12K\n" +
+	"\x13RemoveUserFromGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_ldap_proto_rawDescOnce sync.Once
+	file_sso_ldap_proto_rawDescData []byte
+)
+
+func file_sso_ldap_proto_rawDescGZIP() []byte {
+	file_sso_ldap_proto_rawDescOnce.Do(func() {
+		file_sso_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_ldap_proto_rawDesc), len(file_sso_ldap_proto_rawDesc)))
+	})
+	return file_sso_ldap_proto_rawDescData
+}
+
+var file_sso_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_sso_ldap_proto_goTypes = []any{
+	(*EmptyRequest)(nil),          // 0: ldap.v1.EmptyRequest
+	(*StatusResponse)(nil),        // 1: ldap.v1.StatusResponse
+	(*UserData)(nil),              // 2: ldap.v1.UserData
+	(*GroupData)(nil),             // 3: ldap.v1.GroupData
+	(*UserListResponse)(nil),      // 4: ldap.v1.UserListResponse
+	(*GroupListResponse)(nil),     // 5: ldap.v1.GroupListResponse
+	(*CreateUserRequest)(nil),     // 6: ldap.v1.CreateUserRequest
+	(*UpdateUserRequest)(nil),     // 7: ldap.v1.UpdateUserRequest
+	(*ChangePasswordRequest)(nil), // 8: ldap.v1.ChangePasswordRequest
+	(*ToggleStatusRequest)(nil),   // 9: ldap.v1.ToggleStatusRequest
+	(*GroupMemberRequest)(nil),    // 10: ldap.v1.GroupMemberRequest
+}
+var file_sso_ldap_proto_depIdxs = []int32{
+	2,  // 0: ldap.v1.UserListResponse.users:type_name -> ldap.v1.UserData
+	3,  // 1: ldap.v1.GroupListResponse.groups:type_name -> ldap.v1.GroupData
+	0,  // 2: ldap.v1.LdapService.GetUsers:input_type -> ldap.v1.EmptyRequest
+	6,  // 3: ldap.v1.LdapService.CreateUser:input_type -> ldap.v1.CreateUserRequest
+	7,  // 4: ldap.v1.LdapService.UpdateUser:input_type -> ldap.v1.UpdateUserRequest
+	8,  // 5: ldap.v1.LdapService.ChangePassword:input_type -> ldap.v1.ChangePasswordRequest
+	9,  // 6: ldap.v1.LdapService.ToggleUserStatus:input_type -> ldap.v1.ToggleStatusRequest
+	0,  // 7: ldap.v1.LdapService.GetGroups:input_type -> ldap.v1.EmptyRequest
+	10, // 8: ldap.v1.LdapService.AddUserToGroup:input_type -> ldap.v1.GroupMemberRequest
+	10, // 9: ldap.v1.LdapService.RemoveUserFromGroup:input_type -> ldap.v1.GroupMemberRequest
+	4,  // 10: ldap.v1.LdapService.GetUsers:output_type -> ldap.v1.UserListResponse
+	1,  // 11: ldap.v1.LdapService.CreateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 12: ldap.v1.LdapService.UpdateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 13: ldap.v1.LdapService.ChangePassword:output_type -> ldap.v1.StatusResponse
+	1,  // 14: ldap.v1.LdapService.ToggleUserStatus:output_type -> ldap.v1.StatusResponse
+	5,  // 15: ldap.v1.LdapService.GetGroups:output_type -> ldap.v1.GroupListResponse
+	1,  // 16: ldap.v1.LdapService.AddUserToGroup:output_type -> ldap.v1.StatusResponse
+	1,  // 17: ldap.v1.LdapService.RemoveUserFromGroup:output_type -> ldap.v1.StatusResponse
+	10, // [10:18] is the sub-list for method output_type
+	2,  // [2:10] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_sso_ldap_proto_init() }
+func file_sso_ldap_proto_init() {
+	if File_sso_ldap_proto != nil {
+		return
+	}
+	file_sso_ldap_proto_msgTypes[6].OneofWrappers = []any{}
+	file_sso_ldap_proto_msgTypes[7].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_ldap_proto_rawDesc), len(file_sso_ldap_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_ldap_proto_goTypes,
+		DependencyIndexes: file_sso_ldap_proto_depIdxs,
+		MessageInfos:      file_sso_ldap_proto_msgTypes,
+	}.Build()
+	File_sso_ldap_proto = out.File
+	file_sso_ldap_proto_goTypes = nil
+	file_sso_ldap_proto_depIdxs = nil
+}

gen/go/sso/ldap_grpc.pb.go

@@ -0,0 +1,391 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/ldap.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapService_GetUsers_FullMethodName            = "/ldap.v1.LdapService/GetUsers"
+	LdapService_CreateUser_FullMethodName          = "/ldap.v1.LdapService/CreateUser"
+	LdapService_UpdateUser_FullMethodName          = "/ldap.v1.LdapService/UpdateUser"
+	LdapService_ChangePassword_FullMethodName      = "/ldap.v1.LdapService/ChangePassword"
+	LdapService_ToggleUserStatus_FullMethodName    = "/ldap.v1.LdapService/ToggleUserStatus"
+	LdapService_GetGroups_FullMethodName           = "/ldap.v1.LdapService/GetGroups"
+	LdapService_AddUserToGroup_FullMethodName      = "/ldap.v1.LdapService/AddUserToGroup"
+	LdapService_RemoveUserFromGroup_FullMethodName = "/ldap.v1.LdapService/RemoveUserFromGroup"
+)
+
+// LdapServiceClient is the client API for LdapService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapServiceClient interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error)
+	AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+}
+
+type ldapServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapServiceClient(cc grpc.ClientConnInterface) LdapServiceClient {
+	return &ldapServiceClient{cc}
+}
+
+func (c *ldapServiceClient) GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UserListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_UpdateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ToggleUserStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GroupListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetGroups_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_AddUserToGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_RemoveUserFromGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapServiceServer is the server API for LdapService service.
+// All implementations must embed UnimplementedLdapServiceServer
+// for forward compatibility.
+type LdapServiceServer interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error)
+	UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error)
+	ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error)
+	AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+// UnimplementedLdapServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapServiceServer struct{}
+
+func (UnimplementedLdapServiceServer) GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUsers not implemented")
+}
+func (UnimplementedLdapServiceServer) CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedLdapServiceServer) ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ToggleUserStatus not implemented")
+}
+func (UnimplementedLdapServiceServer) GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetGroups not implemented")
+}
+func (UnimplementedLdapServiceServer) AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AddUserToGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemoveUserFromGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) mustEmbedUnimplementedLdapServiceServer() {}
+func (UnimplementedLdapServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeLdapServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapServiceServer will
+// result in compilation errors.
+type UnsafeLdapServiceServer interface {
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+func RegisterLdapServiceServer(s grpc.ServiceRegistrar, srv LdapServiceServer) {
+	// If the following call panics, it indicates UnimplementedLdapServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapService_ServiceDesc, srv)
+}
+
+func _LdapService_GetUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetUsers(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).UpdateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_UpdateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).UpdateUser(ctx, req.(*UpdateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ToggleUserStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ToggleStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ToggleUserStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, req.(*ToggleStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_GetGroups_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetGroups(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetGroups_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetGroups(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_AddUserToGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_AddUserToGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_RemoveUserFromGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_RemoveUserFromGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapService_ServiceDesc is the grpc.ServiceDesc for LdapService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap.v1.LdapService",
+	HandlerType: (*LdapServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetUsers",
+			Handler:    _LdapService_GetUsers_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _LdapService_CreateUser_Handler,
+		},
+		{
+			MethodName: "UpdateUser",
+			Handler:    _LdapService_UpdateUser_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _LdapService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "ToggleUserStatus",
+			Handler:    _LdapService_ToggleUserStatus_Handler,
+		},
+		{
+			MethodName: "GetGroups",
+			Handler:    _LdapService_GetGroups_Handler,
+		},
+		{
+			MethodName: "AddUserToGroup",
+			Handler:    _LdapService_AddUserToGroup_Handler,
+		},
+		{
+			MethodName: "RemoveUserFromGroup",
+			Handler:    _LdapService_RemoveUserFromGroup_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/ldap.proto",
+}

gen/go/sso/rbac.pb.go

@@ -0,0 +1,975 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: sso/rbac.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type GetAllPermissionsRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsRequest) Reset() {
+	*x = GetAllPermissionsRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsRequest) ProtoMessage() {}
+
+func (x *GetAllPermissionsRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsRequest.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *GetAllPermissionsRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllPermissionsRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllPermissionsResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Permissions   []*Permission          `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllPermissionsResponse) Reset() {
+	*x = GetAllPermissionsResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllPermissionsResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllPermissionsResponse) ProtoMessage() {}
+
+func (x *GetAllPermissionsResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllPermissionsResponse.ProtoReflect.Descriptor instead.
+func (*GetAllPermissionsResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *GetAllPermissionsResponse) GetPermissions() []*Permission {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+type Permission struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Code          string                 `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,4,opt,name=module,proto3" json:"module,omitempty"`
+	Roles         []string               `protobuf:"bytes,5,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Permission) Reset() {
+	*x = Permission{}
+	mi := &file_sso_rbac_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Permission) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Permission) ProtoMessage() {}
+
+func (x *Permission) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Permission.ProtoReflect.Descriptor instead.
+func (*Permission) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *Permission) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Permission) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *Permission) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *Permission) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+func (x *Permission) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type GetAllRolesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	SessionId     string                 `protobuf:"bytes,2,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesRequest) Reset() {
+	*x = GetAllRolesRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesRequest) ProtoMessage() {}
+
+func (x *GetAllRolesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesRequest.ProtoReflect.Descriptor instead.
+func (*GetAllRolesRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GetAllRolesRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *GetAllRolesRequest) GetSessionId() string {
+	if x != nil {
+		return x.SessionId
+	}
+	return ""
+}
+
+type GetAllRolesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Roles         []*Roles               `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetAllRolesResponse) Reset() {
+	*x = GetAllRolesResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetAllRolesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetAllRolesResponse) ProtoMessage() {}
+
+func (x *GetAllRolesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetAllRolesResponse.ProtoReflect.Descriptor instead.
+func (*GetAllRolesResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *GetAllRolesResponse) GetRoles() []*Roles {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+type CreateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Name            string                 `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Level           int32                  `protobuf:"varint,2,opt,name=level,proto3" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,3,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *CreateRoleRequest) Reset() {
+	*x = CreateRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateRoleRequest) ProtoMessage() {}
+
+func (x *CreateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateRoleRequest.ProtoReflect.Descriptor instead.
+func (*CreateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *CreateRoleRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *CreateRoleRequest) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *CreateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type UpdateRoleRequest struct {
+	state           protoimpl.MessageState `protogen:"open.v1"`
+	Id              string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name            *string                `protobuf:"bytes,2,opt,name=name,proto3,oneof" json:"name,omitempty"`
+	Level           *int32                 `protobuf:"varint,3,opt,name=level,proto3,oneof" json:"level,omitempty"`
+	PermissionCodes []string               `protobuf:"bytes,4,rep,name=permission_codes,json=permissionCodes,proto3" json:"permission_codes,omitempty"`
+	unknownFields   protoimpl.UnknownFields
+	sizeCache       protoimpl.SizeCache
+}
+
+func (x *UpdateRoleRequest) Reset() {
+	*x = UpdateRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateRoleRequest) ProtoMessage() {}
+
+func (x *UpdateRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateRoleRequest.ProtoReflect.Descriptor instead.
+func (*UpdateRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UpdateRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *UpdateRoleRequest) GetLevel() int32 {
+	if x != nil && x.Level != nil {
+		return *x.Level
+	}
+	return 0
+}
+
+func (x *UpdateRoleRequest) GetPermissionCodes() []string {
+	if x != nil {
+		return x.PermissionCodes
+	}
+	return nil
+}
+
+type ModifyRoleResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyRoleResponse) Reset() {
+	*x = ModifyRoleResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyRoleResponse) ProtoMessage() {}
+
+func (x *ModifyRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyRoleResponse.ProtoReflect.Descriptor instead.
+func (*ModifyRoleResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ModifyRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type DeleteRoleRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *DeleteRoleRequest) Reset() {
+	*x = DeleteRoleRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleRequest) ProtoMessage() {}
+
+func (x *DeleteRoleRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleRequest.ProtoReflect.Descriptor instead.
+func (*DeleteRoleRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DeleteRoleRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+type DeleteRoleResponse struct {
+	state            protoimpl.MessageState `protogen:"open.v1"`
+	Success          bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message          string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	FallbackRoleName *string                `protobuf:"bytes,3,opt,name=fallback_role_name,json=fallbackRoleName,proto3,oneof" json:"fallback_role_name,omitempty"`
+	unknownFields    protoimpl.UnknownFields
+	sizeCache        protoimpl.SizeCache
+}
+
+func (x *DeleteRoleResponse) Reset() {
+	*x = DeleteRoleResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *DeleteRoleResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteRoleResponse) ProtoMessage() {}
+
+func (x *DeleteRoleResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteRoleResponse.ProtoReflect.Descriptor instead.
+func (*DeleteRoleResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DeleteRoleResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *DeleteRoleResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+func (x *DeleteRoleResponse) GetFallbackRoleName() string {
+	if x != nil && x.FallbackRoleName != nil {
+		return *x.FallbackRoleName
+	}
+	return ""
+}
+
+type CreatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Code          string                 `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
+	Description   string                 `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	Module        string                 `protobuf:"bytes,3,opt,name=module,proto3" json:"module,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreatePermissionRequest) Reset() {
+	*x = CreatePermissionRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreatePermissionRequest) ProtoMessage() {}
+
+func (x *CreatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*CreatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *CreatePermissionRequest) GetCode() string {
+	if x != nil {
+		return x.Code
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *CreatePermissionRequest) GetModule() string {
+	if x != nil {
+		return x.Module
+	}
+	return ""
+}
+
+type UpdatePermissionRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	RoleIds       []string               `protobuf:"bytes,2,rep,name=role_ids,json=roleIds,proto3" json:"role_ids,omitempty"` // Привязка к конкретным ролям
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdatePermissionRequest) Reset() {
+	*x = UpdatePermissionRequest{}
+	mi := &file_sso_rbac_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdatePermissionRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdatePermissionRequest) ProtoMessage() {}
+
+func (x *UpdatePermissionRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdatePermissionRequest.ProtoReflect.Descriptor instead.
+func (*UpdatePermissionRequest) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *UpdatePermissionRequest) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *UpdatePermissionRequest) GetRoleIds() []string {
+	if x != nil {
+		return x.RoleIds
+	}
+	return nil
+}
+
+type ModifyPermissionResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	Message       string                 `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ModifyPermissionResponse) Reset() {
+	*x = ModifyPermissionResponse{}
+	mi := &file_sso_rbac_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ModifyPermissionResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ModifyPermissionResponse) ProtoMessage() {}
+
+func (x *ModifyPermissionResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ModifyPermissionResponse.ProtoReflect.Descriptor instead.
+func (*ModifyPermissionResponse) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *ModifyPermissionResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *ModifyPermissionResponse) GetMessage() string {
+	if x != nil {
+		return x.Message
+	}
+	return ""
+}
+
+type Roles struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Level         int32                  `protobuf:"varint,3,opt,name=level,proto3" json:"level,omitempty"`
+	Permissions   []string               `protobuf:"bytes,4,rep,name=permissions,proto3" json:"permissions,omitempty"`
+	LdapMapping   []string               `protobuf:"bytes,5,rep,name=ldap_mapping,json=ldapMapping,proto3" json:"ldap_mapping,omitempty"`
+	Accounts      []string               `protobuf:"bytes,6,rep,name=accounts,proto3" json:"accounts,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *Roles) Reset() {
+	*x = Roles{}
+	mi := &file_sso_rbac_proto_msgTypes[13]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *Roles) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Roles) ProtoMessage() {}
+
+func (x *Roles) ProtoReflect() protoreflect.Message {
+	mi := &file_sso_rbac_proto_msgTypes[13]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Roles.ProtoReflect.Descriptor instead.
+func (*Roles) Descriptor() ([]byte, []int) {
+	return file_sso_rbac_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *Roles) GetId() string {
+	if x != nil {
+		return x.Id
+	}
+	return ""
+}
+
+func (x *Roles) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *Roles) GetLevel() int32 {
+	if x != nil {
+		return x.Level
+	}
+	return 0
+}
+
+func (x *Roles) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *Roles) GetLdapMapping() []string {
+	if x != nil {
+		return x.LdapMapping
+	}
+	return nil
+}
+
+func (x *Roles) GetAccounts() []string {
+	if x != nil {
+		return x.Accounts
+	}
+	return nil
+}
+
+var File_sso_rbac_proto protoreflect.FileDescriptor
+
+const file_sso_rbac_proto_rawDesc = "" +
+	"\n" +
+	"\x0esso/rbac.proto\x12\arbac.v1\"R\n" +
+	"\x18GetAllPermissionsRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\"R\n" +
+	"\x19GetAllPermissionsResponse\x125\n" +
+	"\vpermissions\x18\x01 \x03(\v2\x13.rbac.v1.PermissionR\vpermissions\"\x80\x01\n" +
+	"\n" +
+	"Permission\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04code\x18\x02 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x03 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x04 \x01(\tR\x06module\x12\x14\n" +
+	"\x05roles\x18\x05 \x03(\tR\x05roles\"L\n" +
+	"\x12GetAllRolesRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1d\n" +
+	"\n" +
+	"session_id\x18\x02 \x01(\tR\tsessionId\";\n" +
+	"\x13GetAllRolesResponse\x12$\n" +
+	"\x05roles\x18\x01 \x03(\v2\x0e.rbac.v1.RolesR\x05roles\"h\n" +
+	"\x11CreateRoleRequest\x12\x12\n" +
+	"\x04name\x18\x01 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x02 \x01(\x05R\x05level\x12)\n" +
+	"\x10permission_codes\x18\x03 \x03(\tR\x0fpermissionCodes\"\x95\x01\n" +
+	"\x11UpdateRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" +
+	"\x04name\x18\x02 \x01(\tH\x00R\x04name\x88\x01\x01\x12\x19\n" +
+	"\x05level\x18\x03 \x01(\x05H\x01R\x05level\x88\x01\x01\x12)\n" +
+	"\x10permission_codes\x18\x04 \x03(\tR\x0fpermissionCodesB\a\n" +
+	"\x05_nameB\b\n" +
+	"\x06_level\"H\n" +
+	"\x12ModifyRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"#\n" +
+	"\x11DeleteRoleRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\"\x92\x01\n" +
+	"\x12DeleteRoleResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\x121\n" +
+	"\x12fallback_role_name\x18\x03 \x01(\tH\x00R\x10fallbackRoleName\x88\x01\x01B\x15\n" +
+	"\x13_fallback_role_name\"g\n" +
+	"\x17CreatePermissionRequest\x12\x12\n" +
+	"\x04code\x18\x01 \x01(\tR\x04code\x12 \n" +
+	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06module\x18\x03 \x01(\tR\x06module\"D\n" +
+	"\x17UpdatePermissionRequest\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x19\n" +
+	"\brole_ids\x18\x02 \x03(\tR\aroleIds\"N\n" +
+	"\x18ModifyPermissionResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12\x18\n" +
+	"\amessage\x18\x02 \x01(\tR\amessage\"\xa2\x01\n" +
+	"\x05Roles\x12\x0e\n" +
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\x12\x14\n" +
+	"\x05level\x18\x03 \x01(\x05R\x05level\x12 \n" +
+	"\vpermissions\x18\x04 \x03(\tR\vpermissions\x12!\n" +
+	"\fldap_mapping\x18\x05 \x03(\tR\vldapMapping\x12\x1a\n" +
+	"\baccounts\x18\x06 \x03(\tR\baccounts2\xba\x04\n" +
+	"\vRbacService\x12E\n" +
+	"\n" +
+	"CreateRole\x12\x1a.rbac.v1.CreateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"UpdateRole\x12\x1a.rbac.v1.UpdateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
+	"\n" +
+	"DeleteRole\x12\x1a.rbac.v1.DeleteRoleRequest\x1a\x1b.rbac.v1.DeleteRoleResponse\x12W\n" +
+	"\x10CreatePermission\x12 .rbac.v1.CreatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12W\n" +
+	"\x10UpdatePermission\x12 .rbac.v1.UpdatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12Z\n" +
+	"\x11GetAllPermissions\x12!.rbac.v1.GetAllPermissionsRequest\x1a\".rbac.v1.GetAllPermissionsResponse\x12H\n" +
+	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_sso_rbac_proto_rawDescOnce sync.Once
+	file_sso_rbac_proto_rawDescData []byte
+)
+
+func file_sso_rbac_proto_rawDescGZIP() []byte {
+	file_sso_rbac_proto_rawDescOnce.Do(func() {
+		file_sso_rbac_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_sso_rbac_proto_rawDesc), len(file_sso_rbac_proto_rawDesc)))
+	})
+	return file_sso_rbac_proto_rawDescData
+}
+
+var file_sso_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_sso_rbac_proto_goTypes = []any{
+	(*GetAllPermissionsRequest)(nil),  // 0: rbac.v1.GetAllPermissionsRequest
+	(*GetAllPermissionsResponse)(nil), // 1: rbac.v1.GetAllPermissionsResponse
+	(*Permission)(nil),                // 2: rbac.v1.Permission
+	(*GetAllRolesRequest)(nil),        // 3: rbac.v1.GetAllRolesRequest
+	(*GetAllRolesResponse)(nil),       // 4: rbac.v1.GetAllRolesResponse
+	(*CreateRoleRequest)(nil),         // 5: rbac.v1.CreateRoleRequest
+	(*UpdateRoleRequest)(nil),         // 6: rbac.v1.UpdateRoleRequest
+	(*ModifyRoleResponse)(nil),        // 7: rbac.v1.ModifyRoleResponse
+	(*DeleteRoleRequest)(nil),         // 8: rbac.v1.DeleteRoleRequest
+	(*DeleteRoleResponse)(nil),        // 9: rbac.v1.DeleteRoleResponse
+	(*CreatePermissionRequest)(nil),   // 10: rbac.v1.CreatePermissionRequest
+	(*UpdatePermissionRequest)(nil),   // 11: rbac.v1.UpdatePermissionRequest
+	(*ModifyPermissionResponse)(nil),  // 12: rbac.v1.ModifyPermissionResponse
+	(*Roles)(nil),                     // 13: rbac.v1.Roles
+}
+var file_sso_rbac_proto_depIdxs = []int32{
+	2,  // 0: rbac.v1.GetAllPermissionsResponse.permissions:type_name -> rbac.v1.Permission
+	13, // 1: rbac.v1.GetAllRolesResponse.roles:type_name -> rbac.v1.Roles
+	5,  // 2: rbac.v1.RbacService.CreateRole:input_type -> rbac.v1.CreateRoleRequest
+	6,  // 3: rbac.v1.RbacService.UpdateRole:input_type -> rbac.v1.UpdateRoleRequest
+	8,  // 4: rbac.v1.RbacService.DeleteRole:input_type -> rbac.v1.DeleteRoleRequest
+	10, // 5: rbac.v1.RbacService.CreatePermission:input_type -> rbac.v1.CreatePermissionRequest
+	11, // 6: rbac.v1.RbacService.UpdatePermission:input_type -> rbac.v1.UpdatePermissionRequest
+	0,  // 7: rbac.v1.RbacService.GetAllPermissions:input_type -> rbac.v1.GetAllPermissionsRequest
+	3,  // 8: rbac.v1.RbacService.GetAllRoles:input_type -> rbac.v1.GetAllRolesRequest
+	7,  // 9: rbac.v1.RbacService.CreateRole:output_type -> rbac.v1.ModifyRoleResponse
+	7,  // 10: rbac.v1.RbacService.UpdateRole:output_type -> rbac.v1.ModifyRoleResponse
+	9,  // 11: rbac.v1.RbacService.DeleteRole:output_type -> rbac.v1.DeleteRoleResponse
+	12, // 12: rbac.v1.RbacService.CreatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	12, // 13: rbac.v1.RbacService.UpdatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	1,  // 14: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
+	4,  // 15: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
+	9,  // [9:16] is the sub-list for method output_type
+	2,  // [2:9] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_sso_rbac_proto_init() }
+func file_sso_rbac_proto_init() {
+	if File_sso_rbac_proto != nil {
+		return
+	}
+	file_sso_rbac_proto_msgTypes[6].OneofWrappers = []any{}
+	file_sso_rbac_proto_msgTypes[9].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_sso_rbac_proto_rawDesc), len(file_sso_rbac_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   14,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_sso_rbac_proto_goTypes,
+		DependencyIndexes: file_sso_rbac_proto_depIdxs,
+		MessageInfos:      file_sso_rbac_proto_msgTypes,
+	}.Build()
+	File_sso_rbac_proto = out.File
+	file_sso_rbac_proto_goTypes = nil
+	file_sso_rbac_proto_depIdxs = nil
+}

gen/go/sso/rbac_grpc.pb.go

@@ -0,0 +1,349 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/rbac.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	RbacService_CreateRole_FullMethodName        = "/rbac.v1.RbacService/CreateRole"
+	RbacService_UpdateRole_FullMethodName        = "/rbac.v1.RbacService/UpdateRole"
+	RbacService_DeleteRole_FullMethodName        = "/rbac.v1.RbacService/DeleteRole"
+	RbacService_CreatePermission_FullMethodName  = "/rbac.v1.RbacService/CreatePermission"
+	RbacService_UpdatePermission_FullMethodName  = "/rbac.v1.RbacService/UpdatePermission"
+	RbacService_GetAllPermissions_FullMethodName = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName       = "/rbac.v1.RbacService/GetAllRoles"
+)
+
+// RbacServiceClient is the client API for RbacService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type RbacServiceClient interface {
+	CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error)
+	CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
+	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
+	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+}
+
+type rbacServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewRbacServiceClient(cc grpc.ClientConnInterface) RbacServiceClient {
+	return &rbacServiceClient{cc}
+}
+
+func (c *rbacServiceClient) CreateRole(ctx context.Context, in *CreateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdateRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleRequest, opts ...grpc.CallOption) (*DeleteRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_DeleteRole_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) CreatePermission(ctx context.Context, in *CreatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_CreatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyPermissionResponse)
+	err := c.cc.Invoke(ctx, RbacService_UpdatePermission_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllPermissionsResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAllRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetAllRoles_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RbacServiceServer is the server API for RbacService service.
+// All implementations must embed UnimplementedRbacServiceServer
+// for forward compatibility.
+type RbacServiceServer interface {
+	CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error)
+	UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error)
+	DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error)
+	CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error)
+	UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error)
+	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
+	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+// UnimplementedRbacServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedRbacServiceServer struct{}
+
+func (UnimplementedRbacServiceServer) CreateRole(context.Context, *CreateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdateRole(context.Context, *UpdateRoleRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateRole not implemented")
+}
+func (UnimplementedRbacServiceServer) DeleteRole(context.Context, *DeleteRoleRequest) (*DeleteRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DeleteRole not implemented")
+}
+func (UnimplementedRbacServiceServer) CreatePermission(context.Context, *CreatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdatePermission not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
+}
+func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
+func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeRbacServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to RbacServiceServer will
+// result in compilation errors.
+type UnsafeRbacServiceServer interface {
+	mustEmbedUnimplementedRbacServiceServer()
+}
+
+func RegisterRbacServiceServer(s grpc.ServiceRegistrar, srv RbacServiceServer) {
+	// If the following call panics, it indicates UnimplementedRbacServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&RbacService_ServiceDesc, srv)
+}
+
+func _RbacService_CreateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreateRole(ctx, req.(*CreateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdateRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdateRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdateRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdateRole(ctx, req.(*UpdateRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_DeleteRole_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRoleRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).DeleteRole(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_DeleteRole_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).DeleteRole(ctx, req.(*DeleteRoleRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_CreatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).CreatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_CreatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).CreatePermission(ctx, req.(*CreatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_UpdatePermission_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdatePermissionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_UpdatePermission_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).UpdatePermission(ctx, req.(*UpdatePermissionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllPermissionsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllPermissions(ctx, req.(*GetAllPermissionsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAllRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetAllRoles_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetAllRoles(ctx, req.(*GetAllRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var RbacService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "rbac.v1.RbacService",
+	HandlerType: (*RbacServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateRole",
+			Handler:    _RbacService_CreateRole_Handler,
+		},
+		{
+			MethodName: "UpdateRole",
+			Handler:    _RbacService_UpdateRole_Handler,
+		},
+		{
+			MethodName: "DeleteRole",
+			Handler:    _RbacService_DeleteRole_Handler,
+		},
+		{
+			MethodName: "CreatePermission",
+			Handler:    _RbacService_CreatePermission_Handler,
+		},
+		{
+			MethodName: "UpdatePermission",
+			Handler:    _RbacService_UpdatePermission_Handler,
+		},
+		{
+			MethodName: "GetAllPermissions",
+			Handler:    _RbacService_GetAllPermissions_Handler,
+		},
+		{
+			MethodName: "GetAllRoles",
+			Handler:    _RbacService_GetAllRoles_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/rbac.proto",
+}

gen/go/sso/twofa_grpc.pb.go

@@ -0,0 +1,425 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: sso/twofa.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	TwoFaService_Verify2Fa_FullMethodName                 = "/twofa.v1.TwoFaService/Verify2Fa"
+	TwoFaService_GetTwoFaStatus_FullMethodName            = "/twofa.v1.TwoFaService/GetTwoFaStatus"
+	TwoFaService_StartTotpEnrollment_FullMethodName       = "/twofa.v1.TwoFaService/StartTotpEnrollment"
+	TwoFaService_ConfirmTotpErollment_FullMethodName      = "/twofa.v1.TwoFaService/ConfirmTotpErollment"
+	TwoFaService_CancelTotpEnrollment_FullMethodName      = "/twofa.v1.TwoFaService/CancelTotpEnrollment"
+	TwoFaService_DisableTotp_FullMethodName               = "/twofa.v1.TwoFaService/DisableTotp"
+	TwoFaService_StartTelegramEnrollment_FullMethodName   = "/twofa.v1.TwoFaService/StartTelegramEnrollment"
+	TwoFaService_ConfirmTelegramEnrollment_FullMethodName = "/twofa.v1.TwoFaService/ConfirmTelegramEnrollment"
+	TwoFaService_DisableTelegram_FullMethodName           = "/twofa.v1.TwoFaService/DisableTelegram"
+)
+
+// TwoFaServiceClient is the client API for TwoFaService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type TwoFaServiceClient interface {
+	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
+	GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error)
+}
+
+type twoFaServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewTwoFaServiceClient(cc grpc.ClientConnInterface) TwoFaServiceClient {
+	return &twoFaServiceClient{cc}
+}
+
+func (c *twoFaServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(Verify2FaResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_Verify2Fa_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetTwoFaStatusResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_GetTwoFaStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTotpErollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CancelTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_CancelTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTotpResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTotp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTelegramResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTelegram_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// TwoFaServiceServer is the server API for TwoFaService service.
+// All implementations must embed UnimplementedTwoFaServiceServer
+// for forward compatibility.
+type TwoFaServiceServer interface {
+	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
+	GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error)
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+// UnimplementedTwoFaServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedTwoFaServiceServer struct{}
+
+func (UnimplementedTwoFaServiceServer) Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Verify2Fa not implemented")
+}
+func (UnimplementedTwoFaServiceServer) GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetTwoFaStatus not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTotpErollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CancelTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTotp not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTelegram not implemented")
+}
+func (UnimplementedTwoFaServiceServer) mustEmbedUnimplementedTwoFaServiceServer() {}
+func (UnimplementedTwoFaServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeTwoFaServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to TwoFaServiceServer will
+// result in compilation errors.
+type UnsafeTwoFaServiceServer interface {
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+func RegisterTwoFaServiceServer(s grpc.ServiceRegistrar, srv TwoFaServiceServer) {
+	// If the following call panics, it indicates UnimplementedTwoFaServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&TwoFaService_ServiceDesc, srv)
+}
+
+func _TwoFaService_Verify2Fa_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Verify2FaRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).Verify2Fa(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_Verify2Fa_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).Verify2Fa(ctx, req.(*Verify2FaRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_GetTwoFaStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTwoFaStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_GetTwoFaStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, req.(*GetTwoFaStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTotpErollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTotpEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTotpErollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, req.(*ConfirmTotpEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_CancelTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_CancelTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTotp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTotpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTotp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, req.(*DisableTotpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTelegramEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, req.(*ConfirmTelegramEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTelegram_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTelegramRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTelegram_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, req.(*DisableTelegramRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// TwoFaService_ServiceDesc is the grpc.ServiceDesc for TwoFaService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var TwoFaService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "twofa.v1.TwoFaService",
+	HandlerType: (*TwoFaServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Verify2Fa",
+			Handler:    _TwoFaService_Verify2Fa_Handler,
+		},
+		{
+			MethodName: "GetTwoFaStatus",
+			Handler:    _TwoFaService_GetTwoFaStatus_Handler,
+		},
+		{
+			MethodName: "StartTotpEnrollment",
+			Handler:    _TwoFaService_StartTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTotpErollment",
+			Handler:    _TwoFaService_ConfirmTotpErollment_Handler,
+		},
+		{
+			MethodName: "CancelTotpEnrollment",
+			Handler:    _TwoFaService_CancelTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTotp",
+			Handler:    _TwoFaService_DisableTotp_Handler,
+		},
+		{
+			MethodName: "StartTelegramEnrollment",
+			Handler:    _TwoFaService_StartTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTelegramEnrollment",
+			Handler:    _TwoFaService_ConfirmTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTelegram",
+			Handler:    _TwoFaService_DisableTelegram_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "sso/twofa.proto",
+}

gen/go/twofa.pb.go

@@ -84,7 +84,6 @@ func (x *Verify2FaRequest) GetTelegramCode() string {
 type Verify2FaResponse struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	AccessToken   string                 `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
-	RefreshToken  string                 `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
 	Status        string                 `protobuf:"bytes,3,opt,name=status,proto3" json:"status,omitempty"`
 	Message       string                 `protobuf:"bytes,4,opt,name=message,proto3" json:"message,omitempty"`
 	ReserveCodes  []string               `protobuf:"bytes,5,rep,name=reserve_codes,json=reserveCodes,proto3" json:"reserve_codes,omitempty"`
@@ -129,13 +128,6 @@ func (x *Verify2FaResponse) GetAccessToken() string {
 	return ""
 }
 
-func (x *Verify2FaResponse) GetRefreshToken() string {
-	if x != nil {
-		return x.RefreshToken
-	}
-	return ""
-}
-
 func (x *Verify2FaResponse) GetStatus() string {
 	if x != nil {
 		return x.Status
@@ -969,10 +961,9 @@ const file_twofa_proto_rawDesc = "" +
 	"\rtelegram_code\x18\x03 \x01(\tH\x01R\ftelegramCode\x88\x01\x01B\f\n" +
 	"\n" +
 	"_totp_codeB\x10\n" +
-	"\x0e_telegram_code\"\xb2\x01\n" +
+	"\x0e_telegram_code\"\x8d\x01\n" +
 	"\x11Verify2FaResponse\x12!\n" +
-	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12#\n" +
-	"\rrefresh_token\x18\x02 \x01(\tR\frefreshToken\x12\x16\n" +
+	"\faccess_token\x18\x01 \x01(\tR\vaccessToken\x12\x16\n" +
 	"\x06status\x18\x03 \x01(\tR\x06status\x12\x18\n" +
 	"\amessage\x18\x04 \x01(\tR\amessage\x12#\n" +
 	"\rreserve_codes\x18\x05 \x03(\tR\freserveCodes\"?\n" +

gen/go/users/ldap.pb.go

@@ -0,0 +1,846 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v4.25.9
+// source: users/ldap.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+type EmptyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *EmptyRequest) Reset() {
+	*x = EmptyRequest{}
+	mi := &file_users_ldap_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *EmptyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EmptyRequest) ProtoMessage() {}
+
+func (x *EmptyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EmptyRequest.ProtoReflect.Descriptor instead.
+func (*EmptyRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{0}
+}
+
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+type StatusResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StatusResponse) Reset() {
+	*x = StatusResponse{}
+	mi := &file_users_ldap_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StatusResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StatusResponse) ProtoMessage() {}
+
+func (x *StatusResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StatusResponse.ProtoReflect.Descriptor instead.
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *StatusResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *StatusResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+// Полная модель пользователя
+type UserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
+	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
+	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
+	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
+	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
+	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
+	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
+	Phone         string                 `protobuf:"bytes,9,opt,name=phone,proto3" json:"phone,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserData) Reset() {
+	*x = UserData{}
+	mi := &file_users_ldap_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserData) ProtoMessage() {}
+
+func (x *UserData) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserData.ProtoReflect.Descriptor instead.
+func (*UserData) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *UserData) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *UserData) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *UserData) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *UserData) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+func (x *UserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *UserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+func (x *UserData) GetPhone() string {
+	if x != nil {
+		return x.Phone
+	}
+	return ""
+}
+
+// Модель группы
+type GroupData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Короткое имя группы (cn)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupData) Reset() {
+	*x = GroupData{}
+	mi := &file_users_ldap_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupData) ProtoMessage() {}
+
+func (x *GroupData) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupData.ProtoReflect.Descriptor instead.
+func (*GroupData) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GroupData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *GroupData) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// --- Списки ---
+type UserListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Users         []*UserData            `protobuf:"bytes,3,rep,name=users,proto3" json:"users,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserListResponse) Reset() {
+	*x = UserListResponse{}
+	mi := &file_users_ldap_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserListResponse) ProtoMessage() {}
+
+func (x *UserListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserListResponse.ProtoReflect.Descriptor instead.
+func (*UserListResponse) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *UserListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *UserListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *UserListResponse) GetUsers() []*UserData {
+	if x != nil {
+		return x.Users
+	}
+	return nil
+}
+
+type GroupListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Groups        []*GroupData           `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupListResponse) Reset() {
+	*x = GroupListResponse{}
+	mi := &file_users_ldap_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupListResponse) ProtoMessage() {}
+
+func (x *GroupListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupListResponse.ProtoReflect.Descriptor instead.
+func (*GroupListResponse) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *GroupListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *GroupListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *GroupListResponse) GetGroups() []*GroupData {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+// --- Управление профилем ---
+type CreateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	FullName      string                 `protobuf:"bytes,2,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	Password      string                 `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
+	Email         *string                `protobuf:"bytes,4,opt,name=email,proto3,oneof" json:"email,omitempty"` // Сразу при создании можно задать почту
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreateUserRequest) Reset() {
+	*x = CreateUserRequest{}
+	mi := &file_users_ldap_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateUserRequest) ProtoMessage() {}
+
+func (x *CreateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.
+func (*CreateUserRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *CreateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+type UpdateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`                                // Обязательное поле: кого обновляем
+	DisplayName   *string                `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"` // Новое ФИО (повлечет Rename CN)
+	Email         *string                `protobuf:"bytes,3,opt,name=email,proto3,oneof" json:"email,omitempty"`                                // Новая почта
+	Description   *string                `protobuf:"bytes,4,opt,name=description,proto3,oneof" json:"description,omitempty"`                    // Новое описание
+	Avatar        []byte                 `protobuf:"bytes,5,opt,name=avatar,proto3,oneof" json:"avatar,omitempty"`                              // Новая аватарка (бинарник картинки)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdateUserRequest) Reset() {
+	*x = UpdateUserRequest{}
+	mi := &file_users_ldap_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateUserRequest) ProtoMessage() {}
+
+func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead.
+func (*UpdateUserRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *UpdateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDisplayName() string {
+	if x != nil && x.DisplayName != nil {
+		return *x.DisplayName
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDescription() string {
+	if x != nil && x.Description != nil {
+		return *x.Description
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+type ChangePasswordRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	NewPassword   string                 `protobuf:"bytes,2,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordRequest) Reset() {
+	*x = ChangePasswordRequest{}
+	mi := &file_users_ldap_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordRequest) ProtoMessage() {}
+
+func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
+func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ChangePasswordRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetNewPassword() string {
+	if x != nil {
+		return x.NewPassword
+	}
+	return ""
+}
+
+type ToggleStatusRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	SetActive     bool                   `protobuf:"varint,2,opt,name=set_active,json=setActive,proto3" json:"set_active,omitempty"` // true - включить (512), false - отключить (514)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ToggleStatusRequest) Reset() {
+	*x = ToggleStatusRequest{}
+	mi := &file_users_ldap_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ToggleStatusRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ToggleStatusRequest) ProtoMessage() {}
+
+func (x *ToggleStatusRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ToggleStatusRequest.ProtoReflect.Descriptor instead.
+func (*ToggleStatusRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ToggleStatusRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ToggleStatusRequest) GetSetActive() bool {
+	if x != nil {
+		return x.SetActive
+	}
+	return false
+}
+
+// --- Управление членством в группах ---
+type GroupMemberRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`              // Логин пользователя
+	GroupDn       string                 `protobuf:"bytes,2,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty"` // Полный путь группы (в которую добавляем / из которой удаляем)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupMemberRequest) Reset() {
+	*x = GroupMemberRequest{}
+	mi := &file_users_ldap_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupMemberRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupMemberRequest) ProtoMessage() {}
+
+func (x *GroupMemberRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_users_ldap_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupMemberRequest.ProtoReflect.Descriptor instead.
+func (*GroupMemberRequest) Descriptor() ([]byte, []int) {
+	return file_users_ldap_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *GroupMemberRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *GroupMemberRequest) GetGroupDn() string {
+	if x != nil {
+		return x.GroupDn
+	}
+	return ""
+}
+
+var File_users_ldap_proto protoreflect.FileDescriptor
+
+const file_users_ldap_proto_rawDesc = "" +
+	"\n" +
+	"\x10users/ldap.proto\x12\aldap.v1\"\x0e\n" +
+	"\fEmptyRequest\"O\n" +
+	"\x0eStatusResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xf4\x01\n" +
+	"\bUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
+	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
+	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
+	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
+	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\b \x01(\bR\bisActive\x12\x14\n" +
+	"\x05phone\x18\t \x01(\tR\x05phone\"/\n" +
+	"\tGroupData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\"z\n" +
+	"\x10UserListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12'\n" +
+	"\x05users\x18\x03 \x03(\v2\x11.ldap.v1.UserDataR\x05users\"~\n" +
+	"\x11GroupListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
+	"\x06groups\x18\x03 \x03(\v2\x12.ldap.v1.GroupDataR\x06groups\"\x8d\x01\n" +
+	"\x11CreateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" +
+	"\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x1a\n" +
+	"\bpassword\x18\x03 \x01(\tR\bpassword\x12\x19\n" +
+	"\x05email\x18\x04 \x01(\tH\x00R\x05email\x88\x01\x01B\b\n" +
+	"\x06_email\"\xec\x01\n" +
+	"\x11UpdateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12&\n" +
+	"\fdisplay_name\x18\x02 \x01(\tH\x00R\vdisplayName\x88\x01\x01\x12\x19\n" +
+	"\x05email\x18\x03 \x01(\tH\x01R\x05email\x88\x01\x01\x12%\n" +
+	"\vdescription\x18\x04 \x01(\tH\x02R\vdescription\x88\x01\x01\x12\x1b\n" +
+	"\x06avatar\x18\x05 \x01(\fH\x03R\x06avatar\x88\x01\x01B\x0f\n" +
+	"\r_display_nameB\b\n" +
+	"\x06_emailB\x0e\n" +
+	"\f_descriptionB\t\n" +
+	"\a_avatar\"V\n" +
+	"\x15ChangePasswordRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12!\n" +
+	"\fnew_password\x18\x02 \x01(\tR\vnewPassword\"P\n" +
+	"\x13ToggleStatusRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1d\n" +
+	"\n" +
+	"set_active\x18\x02 \x01(\bR\tsetActive\"K\n" +
+	"\x12GroupMemberRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x19\n" +
+	"\bgroup_dn\x18\x02 \x01(\tR\agroupDn2\xbc\x04\n" +
+	"\vLdapService\x12<\n" +
+	"\bGetUsers\x12\x15.ldap.v1.EmptyRequest\x1a\x19.ldap.v1.UserListResponse\x12A\n" +
+	"\n" +
+	"CreateUser\x12\x1a.ldap.v1.CreateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12A\n" +
+	"\n" +
+	"UpdateUser\x12\x1a.ldap.v1.UpdateUserRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x0eChangePassword\x12\x1e.ldap.v1.ChangePasswordRequest\x1a\x17.ldap.v1.StatusResponse\x12I\n" +
+	"\x10ToggleUserStatus\x12\x1c.ldap.v1.ToggleStatusRequest\x1a\x17.ldap.v1.StatusResponse\x12>\n" +
+	"\tGetGroups\x12\x15.ldap.v1.EmptyRequest\x1a\x1a.ldap.v1.GroupListResponse\x12F\n" +
+	"\x0eAddUserToGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponse\x12K\n" +
+	"\x13RemoveUserFromGroup\x12\x1b.ldap.v1.GroupMemberRequest\x1a\x17.ldap.v1.StatusResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_users_ldap_proto_rawDescOnce sync.Once
+	file_users_ldap_proto_rawDescData []byte
+)
+
+func file_users_ldap_proto_rawDescGZIP() []byte {
+	file_users_ldap_proto_rawDescOnce.Do(func() {
+		file_users_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_users_ldap_proto_rawDesc), len(file_users_ldap_proto_rawDesc)))
+	})
+	return file_users_ldap_proto_rawDescData
+}
+
+var file_users_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
+var file_users_ldap_proto_goTypes = []any{
+	(*EmptyRequest)(nil),          // 0: ldap.v1.EmptyRequest
+	(*StatusResponse)(nil),        // 1: ldap.v1.StatusResponse
+	(*UserData)(nil),              // 2: ldap.v1.UserData
+	(*GroupData)(nil),             // 3: ldap.v1.GroupData
+	(*UserListResponse)(nil),      // 4: ldap.v1.UserListResponse
+	(*GroupListResponse)(nil),     // 5: ldap.v1.GroupListResponse
+	(*CreateUserRequest)(nil),     // 6: ldap.v1.CreateUserRequest
+	(*UpdateUserRequest)(nil),     // 7: ldap.v1.UpdateUserRequest
+	(*ChangePasswordRequest)(nil), // 8: ldap.v1.ChangePasswordRequest
+	(*ToggleStatusRequest)(nil),   // 9: ldap.v1.ToggleStatusRequest
+	(*GroupMemberRequest)(nil),    // 10: ldap.v1.GroupMemberRequest
+}
+var file_users_ldap_proto_depIdxs = []int32{
+	2,  // 0: ldap.v1.UserListResponse.users:type_name -> ldap.v1.UserData
+	3,  // 1: ldap.v1.GroupListResponse.groups:type_name -> ldap.v1.GroupData
+	0,  // 2: ldap.v1.LdapService.GetUsers:input_type -> ldap.v1.EmptyRequest
+	6,  // 3: ldap.v1.LdapService.CreateUser:input_type -> ldap.v1.CreateUserRequest
+	7,  // 4: ldap.v1.LdapService.UpdateUser:input_type -> ldap.v1.UpdateUserRequest
+	8,  // 5: ldap.v1.LdapService.ChangePassword:input_type -> ldap.v1.ChangePasswordRequest
+	9,  // 6: ldap.v1.LdapService.ToggleUserStatus:input_type -> ldap.v1.ToggleStatusRequest
+	0,  // 7: ldap.v1.LdapService.GetGroups:input_type -> ldap.v1.EmptyRequest
+	10, // 8: ldap.v1.LdapService.AddUserToGroup:input_type -> ldap.v1.GroupMemberRequest
+	10, // 9: ldap.v1.LdapService.RemoveUserFromGroup:input_type -> ldap.v1.GroupMemberRequest
+	4,  // 10: ldap.v1.LdapService.GetUsers:output_type -> ldap.v1.UserListResponse
+	1,  // 11: ldap.v1.LdapService.CreateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 12: ldap.v1.LdapService.UpdateUser:output_type -> ldap.v1.StatusResponse
+	1,  // 13: ldap.v1.LdapService.ChangePassword:output_type -> ldap.v1.StatusResponse
+	1,  // 14: ldap.v1.LdapService.ToggleUserStatus:output_type -> ldap.v1.StatusResponse
+	5,  // 15: ldap.v1.LdapService.GetGroups:output_type -> ldap.v1.GroupListResponse
+	1,  // 16: ldap.v1.LdapService.AddUserToGroup:output_type -> ldap.v1.StatusResponse
+	1,  // 17: ldap.v1.LdapService.RemoveUserFromGroup:output_type -> ldap.v1.StatusResponse
+	10, // [10:18] is the sub-list for method output_type
+	2,  // [2:10] is the sub-list for method input_type
+	2,  // [2:2] is the sub-list for extension type_name
+	2,  // [2:2] is the sub-list for extension extendee
+	0,  // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_users_ldap_proto_init() }
+func file_users_ldap_proto_init() {
+	if File_users_ldap_proto != nil {
+		return
+	}
+	file_users_ldap_proto_msgTypes[6].OneofWrappers = []any{}
+	file_users_ldap_proto_msgTypes[7].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_users_ldap_proto_rawDesc), len(file_users_ldap_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   11,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_users_ldap_proto_goTypes,
+		DependencyIndexes: file_users_ldap_proto_depIdxs,
+		MessageInfos:      file_users_ldap_proto_msgTypes,
+	}.Build()
+	File_users_ldap_proto = out.File
+	file_users_ldap_proto_goTypes = nil
+	file_users_ldap_proto_depIdxs = nil
+}

gen/go/users/ldap_grpc.pb.go

@@ -0,0 +1,391 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: users/ldap.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapService_GetUsers_FullMethodName            = "/ldap.v1.LdapService/GetUsers"
+	LdapService_CreateUser_FullMethodName          = "/ldap.v1.LdapService/CreateUser"
+	LdapService_UpdateUser_FullMethodName          = "/ldap.v1.LdapService/UpdateUser"
+	LdapService_ChangePassword_FullMethodName      = "/ldap.v1.LdapService/ChangePassword"
+	LdapService_ToggleUserStatus_FullMethodName    = "/ldap.v1.LdapService/ToggleUserStatus"
+	LdapService_GetGroups_FullMethodName           = "/ldap.v1.LdapService/GetGroups"
+	LdapService_AddUserToGroup_FullMethodName      = "/ldap.v1.LdapService/AddUserToGroup"
+	LdapService_RemoveUserFromGroup_FullMethodName = "/ldap.v1.LdapService/RemoveUserFromGroup"
+)
+
+// LdapServiceClient is the client API for LdapService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type LdapServiceClient interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error)
+	AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+}
+
+type ldapServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapServiceClient(cc grpc.ClientConnInterface) LdapServiceClient {
+	return &ldapServiceClient{cc}
+}
+
+func (c *ldapServiceClient) GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UserListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_UpdateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_ToggleUserStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GroupListResponse)
+	err := c.cc.Invoke(ctx, LdapService_GetGroups_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_AddUserToGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapServiceClient) RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapService_RemoveUserFromGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapServiceServer is the server API for LdapService service.
+// All implementations must embed UnimplementedLdapServiceServer
+// for forward compatibility.
+type LdapServiceServer interface {
+	// Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error)
+	UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error)
+	ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error)
+	// Управление Группами ---
+	GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error)
+	AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+// UnimplementedLdapServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapServiceServer struct{}
+
+func (UnimplementedLdapServiceServer) GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUsers not implemented")
+}
+func (UnimplementedLdapServiceServer) CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented")
+}
+func (UnimplementedLdapServiceServer) ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedLdapServiceServer) ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ToggleUserStatus not implemented")
+}
+func (UnimplementedLdapServiceServer) GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetGroups not implemented")
+}
+func (UnimplementedLdapServiceServer) AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AddUserToGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemoveUserFromGroup not implemented")
+}
+func (UnimplementedLdapServiceServer) mustEmbedUnimplementedLdapServiceServer() {}
+func (UnimplementedLdapServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeLdapServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapServiceServer will
+// result in compilation errors.
+type UnsafeLdapServiceServer interface {
+	mustEmbedUnimplementedLdapServiceServer()
+}
+
+func RegisterLdapServiceServer(s grpc.ServiceRegistrar, srv LdapServiceServer) {
+	// If the following call panics, it indicates UnimplementedLdapServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapService_ServiceDesc, srv)
+}
+
+func _LdapService_GetUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetUsers(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).UpdateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_UpdateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).UpdateUser(ctx, req.(*UpdateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_ToggleUserStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ToggleStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_ToggleUserStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).ToggleUserStatus(ctx, req.(*ToggleStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_GetGroups_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).GetGroups(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_GetGroups_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).GetGroups(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_AddUserToGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_AddUserToGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).AddUserToGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapService_RemoveUserFromGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapService_RemoveUserFromGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapServiceServer).RemoveUserFromGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapService_ServiceDesc is the grpc.ServiceDesc for LdapService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap.v1.LdapService",
+	HandlerType: (*LdapServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetUsers",
+			Handler:    _LdapService_GetUsers_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _LdapService_CreateUser_Handler,
+		},
+		{
+			MethodName: "UpdateUser",
+			Handler:    _LdapService_UpdateUser_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _LdapService_ChangePassword_Handler,
+		},
+		{
+			MethodName: "ToggleUserStatus",
+			Handler:    _LdapService_ToggleUserStatus_Handler,
+		},
+		{
+			MethodName: "GetGroups",
+			Handler:    _LdapService_GetGroups_Handler,
+		},
+		{
+			MethodName: "AddUserToGroup",
+			Handler:    _LdapService_AddUserToGroup_Handler,
+		},
+		{
+			MethodName: "RemoveUserFromGroup",
+			Handler:    _LdapService_RemoveUserFromGroup_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "users/ldap.proto",
+}

gen/go/users/users_grpc.pb.go

@@ -0,0 +1,467 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v4.25.9
+// source: users/users.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	UsersService_GetProfile_FullMethodName            = "/users.v1.UsersService/GetProfile"
+	UsersService_UpdateProfile_FullMethodName         = "/users.v1.UsersService/UpdateProfile"
+	UsersService_CreateProfile_FullMethodName         = "/users.v1.UsersService/CreateProfile"
+	UsersService_SoftDeleteProfile_FullMethodName     = "/users.v1.UsersService/SoftDeleteProfile"
+	UsersService_BlockUser_FullMethodName             = "/users.v1.UsersService/BlockUser"
+	UsersService_UnblockUser_FullMethodName           = "/users.v1.UsersService/UnblockUser"
+	UsersService_GetBlockedUsers_FullMethodName       = "/users.v1.UsersService/GetBlockedUsers"
+	UsersService_AddContact_FullMethodName            = "/users.v1.UsersService/AddContact"
+	UsersService_GetContacts_FullMethodName           = "/users.v1.UsersService/GetContacts"
+	UsersService_SystemGetProfileBatch_FullMethodName = "/users.v1.UsersService/SystemGetProfileBatch"
+)
+
+// UsersServiceClient is the client API for UsersService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type UsersServiceClient interface {
+	GetProfile(ctx context.Context, in *GetProfileRequest, opts ...grpc.CallOption) (*GetProfileResponse, error)
+	UpdateProfile(ctx context.Context, in *UpdateProfileRequest, opts ...grpc.CallOption) (*UpdateProfileResponse, error)
+	// Для системного использования (вызывается из Auth/Admin)
+	CreateProfile(ctx context.Context, in *CreateProfileRequest, opts ...grpc.CallOption) (*CreateProfileResponse, error)
+	SoftDeleteProfile(ctx context.Context, in *SoftDeleteProfileRequest, opts ...grpc.CallOption) (*SoftDeleteProfileResponse, error)
+	// --- НОВЫЕ МЕТОДЫ МЕССЕНДЖЕРА ---
+	BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error)
+	UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error)
+	GetBlockedUsers(ctx context.Context, in *GetBlockedUsersRequest, opts ...grpc.CallOption) (*GetBlockedUsersResponse, error)
+	AddContact(ctx context.Context, in *AddContactRequest, opts ...grpc.CallOption) (*AddContactResponse, error)
+	GetContacts(ctx context.Context, in *GetContactsRequest, opts ...grpc.CallOption) (*GetContactsResponse, error)
+	SystemGetProfileBatch(ctx context.Context, in *SystemGetProfileBatchRequest, opts ...grpc.CallOption) (*SystemGetProfileBatchResponse, error)
+}
+
+type usersServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewUsersServiceClient(cc grpc.ClientConnInterface) UsersServiceClient {
+	return &usersServiceClient{cc}
+}
+
+func (c *usersServiceClient) GetProfile(ctx context.Context, in *GetProfileRequest, opts ...grpc.CallOption) (*GetProfileResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetProfileResponse)
+	err := c.cc.Invoke(ctx, UsersService_GetProfile_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) UpdateProfile(ctx context.Context, in *UpdateProfileRequest, opts ...grpc.CallOption) (*UpdateProfileResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UpdateProfileResponse)
+	err := c.cc.Invoke(ctx, UsersService_UpdateProfile_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) CreateProfile(ctx context.Context, in *CreateProfileRequest, opts ...grpc.CallOption) (*CreateProfileResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateProfileResponse)
+	err := c.cc.Invoke(ctx, UsersService_CreateProfile_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) SoftDeleteProfile(ctx context.Context, in *SoftDeleteProfileRequest, opts ...grpc.CallOption) (*SoftDeleteProfileResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SoftDeleteProfileResponse)
+	err := c.cc.Invoke(ctx, UsersService_SoftDeleteProfile_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) BlockUser(ctx context.Context, in *BlockUserRequest, opts ...grpc.CallOption) (*BlockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(BlockUserResponse)
+	err := c.cc.Invoke(ctx, UsersService_BlockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) UnblockUser(ctx context.Context, in *UnblockUserRequest, opts ...grpc.CallOption) (*UnblockUserResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnblockUserResponse)
+	err := c.cc.Invoke(ctx, UsersService_UnblockUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) GetBlockedUsers(ctx context.Context, in *GetBlockedUsersRequest, opts ...grpc.CallOption) (*GetBlockedUsersResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetBlockedUsersResponse)
+	err := c.cc.Invoke(ctx, UsersService_GetBlockedUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) AddContact(ctx context.Context, in *AddContactRequest, opts ...grpc.CallOption) (*AddContactResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(AddContactResponse)
+	err := c.cc.Invoke(ctx, UsersService_AddContact_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) GetContacts(ctx context.Context, in *GetContactsRequest, opts ...grpc.CallOption) (*GetContactsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetContactsResponse)
+	err := c.cc.Invoke(ctx, UsersService_GetContacts_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *usersServiceClient) SystemGetProfileBatch(ctx context.Context, in *SystemGetProfileBatchRequest, opts ...grpc.CallOption) (*SystemGetProfileBatchResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SystemGetProfileBatchResponse)
+	err := c.cc.Invoke(ctx, UsersService_SystemGetProfileBatch_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// UsersServiceServer is the server API for UsersService service.
+// All implementations must embed UnimplementedUsersServiceServer
+// for forward compatibility.
+type UsersServiceServer interface {
+	GetProfile(context.Context, *GetProfileRequest) (*GetProfileResponse, error)
+	UpdateProfile(context.Context, *UpdateProfileRequest) (*UpdateProfileResponse, error)
+	// Для системного использования (вызывается из Auth/Admin)
+	CreateProfile(context.Context, *CreateProfileRequest) (*CreateProfileResponse, error)
+	SoftDeleteProfile(context.Context, *SoftDeleteProfileRequest) (*SoftDeleteProfileResponse, error)
+	// --- НОВЫЕ МЕТОДЫ МЕССЕНДЖЕРА ---
+	BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error)
+	UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error)
+	GetBlockedUsers(context.Context, *GetBlockedUsersRequest) (*GetBlockedUsersResponse, error)
+	AddContact(context.Context, *AddContactRequest) (*AddContactResponse, error)
+	GetContacts(context.Context, *GetContactsRequest) (*GetContactsResponse, error)
+	SystemGetProfileBatch(context.Context, *SystemGetProfileBatchRequest) (*SystemGetProfileBatchResponse, error)
+	mustEmbedUnimplementedUsersServiceServer()
+}
+
+// UnimplementedUsersServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedUsersServiceServer struct{}
+
+func (UnimplementedUsersServiceServer) GetProfile(context.Context, *GetProfileRequest) (*GetProfileResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetProfile not implemented")
+}
+func (UnimplementedUsersServiceServer) UpdateProfile(context.Context, *UpdateProfileRequest) (*UpdateProfileResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateProfile not implemented")
+}
+func (UnimplementedUsersServiceServer) CreateProfile(context.Context, *CreateProfileRequest) (*CreateProfileResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateProfile not implemented")
+}
+func (UnimplementedUsersServiceServer) SoftDeleteProfile(context.Context, *SoftDeleteProfileRequest) (*SoftDeleteProfileResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SoftDeleteProfile not implemented")
+}
+func (UnimplementedUsersServiceServer) BlockUser(context.Context, *BlockUserRequest) (*BlockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method BlockUser not implemented")
+}
+func (UnimplementedUsersServiceServer) UnblockUser(context.Context, *UnblockUserRequest) (*UnblockUserResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnblockUser not implemented")
+}
+func (UnimplementedUsersServiceServer) GetBlockedUsers(context.Context, *GetBlockedUsersRequest) (*GetBlockedUsersResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetBlockedUsers not implemented")
+}
+func (UnimplementedUsersServiceServer) AddContact(context.Context, *AddContactRequest) (*AddContactResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AddContact not implemented")
+}
+func (UnimplementedUsersServiceServer) GetContacts(context.Context, *GetContactsRequest) (*GetContactsResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetContacts not implemented")
+}
+func (UnimplementedUsersServiceServer) SystemGetProfileBatch(context.Context, *SystemGetProfileBatchRequest) (*SystemGetProfileBatchResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SystemGetProfileBatch not implemented")
+}
+func (UnimplementedUsersServiceServer) mustEmbedUnimplementedUsersServiceServer() {}
+func (UnimplementedUsersServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeUsersServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to UsersServiceServer will
+// result in compilation errors.
+type UnsafeUsersServiceServer interface {
+	mustEmbedUnimplementedUsersServiceServer()
+}
+
+func RegisterUsersServiceServer(s grpc.ServiceRegistrar, srv UsersServiceServer) {
+	// If the following call panics, it indicates UnimplementedUsersServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&UsersService_ServiceDesc, srv)
+}
+
+func _UsersService_GetProfile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetProfileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).GetProfile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_GetProfile_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).GetProfile(ctx, req.(*GetProfileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_UpdateProfile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateProfileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).UpdateProfile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_UpdateProfile_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).UpdateProfile(ctx, req.(*UpdateProfileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_CreateProfile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateProfileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).CreateProfile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_CreateProfile_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).CreateProfile(ctx, req.(*CreateProfileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_SoftDeleteProfile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SoftDeleteProfileRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).SoftDeleteProfile(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_SoftDeleteProfile_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).SoftDeleteProfile(ctx, req.(*SoftDeleteProfileRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_BlockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(BlockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).BlockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_BlockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).BlockUser(ctx, req.(*BlockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_UnblockUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnblockUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).UnblockUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_UnblockUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).UnblockUser(ctx, req.(*UnblockUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_GetBlockedUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetBlockedUsersRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).GetBlockedUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_GetBlockedUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).GetBlockedUsers(ctx, req.(*GetBlockedUsersRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_AddContact_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AddContactRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).AddContact(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_AddContact_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).AddContact(ctx, req.(*AddContactRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_GetContacts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetContactsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).GetContacts(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_GetContacts_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).GetContacts(ctx, req.(*GetContactsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _UsersService_SystemGetProfileBatch_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SystemGetProfileBatchRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(UsersServiceServer).SystemGetProfileBatch(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: UsersService_SystemGetProfileBatch_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(UsersServiceServer).SystemGetProfileBatch(ctx, req.(*SystemGetProfileBatchRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// UsersService_ServiceDesc is the grpc.ServiceDesc for UsersService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var UsersService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "users.v1.UsersService",
+	HandlerType: (*UsersServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetProfile",
+			Handler:    _UsersService_GetProfile_Handler,
+		},
+		{
+			MethodName: "UpdateProfile",
+			Handler:    _UsersService_UpdateProfile_Handler,
+		},
+		{
+			MethodName: "CreateProfile",
+			Handler:    _UsersService_CreateProfile_Handler,
+		},
+		{
+			MethodName: "SoftDeleteProfile",
+			Handler:    _UsersService_SoftDeleteProfile_Handler,
+		},
+		{
+			MethodName: "BlockUser",
+			Handler:    _UsersService_BlockUser_Handler,
+		},
+		{
+			MethodName: "UnblockUser",
+			Handler:    _UsersService_UnblockUser_Handler,
+		},
+		{
+			MethodName: "GetBlockedUsers",
+			Handler:    _UsersService_GetBlockedUsers_Handler,
+		},
+		{
+			MethodName: "AddContact",
+			Handler:    _UsersService_AddContact_Handler,
+		},
+		{
+			MethodName: "GetContacts",
+			Handler:    _UsersService_GetContacts_Handler,
+		},
+		{
+			MethodName: "SystemGetProfileBatch",
+			Handler:    _UsersService_SystemGetProfileBatch_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "users/users.proto",
+}

gen/google/protobuf/struct.ts

@@ -0,0 +1,197 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: google/protobuf/struct.proto
+
+/* eslint-disable */
+import { wrappers } from "protobufjs";
+
+export const protobufPackage = "google.protobuf";
+
+/**
+ * `NullValue` is a singleton enumeration to represent the null value for the
+ * `Value` type union.
+ *
+ * The JSON representation for `NullValue` is JSON `null`.
+ */
+export enum NullValue {
+  /** NULL_VALUE - Null value. */
+  NULL_VALUE = 0,
+  UNRECOGNIZED = -1,
+}
+
+/**
+ * `Struct` represents a structured data value, consisting of fields
+ * which map to dynamically typed values. In some languages, `Struct`
+ * might be supported by a native representation. For example, in
+ * scripting languages like JS a struct is represented as an
+ * object. The details of that representation are described together
+ * with the proto support for the language.
+ *
+ * The JSON representation for `Struct` is JSON object.
+ */
+export interface Struct {
+  /** Unordered map of dynamically typed values. */
+  fields: { [key: string]: any | undefined };
+}
+
+export interface Struct_FieldsEntry {
+  key: string;
+  value: any | undefined;
+}
+
+/**
+ * `Value` represents a dynamically typed value which can be either
+ * null, a number, a string, a boolean, a recursive struct value, or a
+ * list of values. A producer of value is expected to set one of these
+ * variants. Absence of any variant indicates an error.
+ *
+ * The JSON representation for `Value` is JSON value.
+ */
+export interface Value {
+  /** Represents a null value. */
+  nullValue?:
+    | NullValue
+    | undefined;
+  /** Represents a double value. */
+  numberValue?:
+    | number
+    | undefined;
+  /** Represents a string value. */
+  stringValue?:
+    | string
+    | undefined;
+  /** Represents a boolean value. */
+  boolValue?:
+    | boolean
+    | undefined;
+  /** Represents a structured value. */
+  structValue?:
+    | { [key: string]: any }
+    | undefined;
+  /** Represents a repeated `Value`. */
+  listValue?: Array<any> | undefined;
+}
+
+/**
+ * `ListValue` is a wrapper around a repeated field of values.
+ *
+ * The JSON representation for `ListValue` is JSON array.
+ */
+export interface ListValue {
+  /** Repeated field of dynamically typed values. */
+  values: any[];
+}
+
+export const GOOGLE_PROTOBUF_PACKAGE_NAME = "google.protobuf";
+
+function createBaseStruct(): Struct {
+  return { fields: {} };
+}
+
+export const Struct: MessageFns<Struct> & StructWrapperFns = {
+  wrap(object: { [key: string]: any } | undefined): Struct {
+    const struct = createBaseStruct();
+
+    if (object !== undefined) {
+      for (const key of globalThis.Object.keys(object)) {
+        struct.fields[key] = Value.wrap(object[key]);
+      }
+    }
+    return struct;
+  },
+
+  unwrap(message: Struct): { [key: string]: any } {
+    const object: { [key: string]: any } = {};
+    if (message.fields) {
+      for (const key of globalThis.Object.keys(message.fields)) {
+        object[key] = Value.unwrap(message.fields[key]);
+      }
+    }
+    return object;
+  },
+};
+
+function createBaseValue(): Value {
+  return {};
+}
+
+export const Value: MessageFns<Value> & AnyValueWrapperFns = {
+  wrap(value: any): Value {
+    const result = {} as any;
+    if (value === null) {
+      result.nullValue = NullValue.NULL_VALUE;
+    } else if (typeof value === "boolean") {
+      result.boolValue = value;
+    } else if (typeof value === "number") {
+      result.numberValue = value;
+    } else if (typeof value === "string") {
+      result.stringValue = value;
+    } else if (globalThis.Array.isArray(value)) {
+      result.listValue = ListValue.wrap(value);
+    } else if (typeof value === "object") {
+      result.structValue = Struct.wrap(value);
+    } else if (typeof value !== "undefined") {
+      throw new globalThis.Error("Unsupported any value type: " + typeof value);
+    }
+    return result;
+  },
+
+  unwrap(message: any): string | number | boolean | Object | null | Array<any> | undefined {
+    if (message?.hasOwnProperty("stringValue") && message.stringValue !== undefined) {
+      return message.stringValue;
+    } else if (message?.hasOwnProperty("numberValue") && message?.numberValue !== undefined) {
+      return message.numberValue;
+    } else if (message?.hasOwnProperty("boolValue") && message?.boolValue !== undefined) {
+      return message.boolValue;
+    } else if (message?.hasOwnProperty("structValue") && message?.structValue !== undefined) {
+      return Struct.unwrap(message.structValue as any);
+    } else if (message?.hasOwnProperty("listValue") && message?.listValue !== undefined) {
+      return ListValue.unwrap(message.listValue);
+    } else if (message?.hasOwnProperty("nullValue") && message?.nullValue !== undefined) {
+      return null;
+    }
+    return undefined;
+  },
+};
+
+function createBaseListValue(): ListValue {
+  return { values: [] };
+}
+
+export const ListValue: MessageFns<ListValue> & ListValueWrapperFns = {
+  wrap(array: Array<any> | undefined): ListValue {
+    const result = createBaseListValue();
+    result.values = (array ?? []).map(Value.wrap);
+    return result;
+  },
+
+  unwrap(message: ListValue): Array<any> {
+    if (message?.hasOwnProperty("values") && globalThis.Array.isArray(message.values)) {
+      return message.values.map(Value.unwrap);
+    } else {
+      return message as any;
+    }
+  },
+};
+
+wrappers[".google.protobuf.Struct"] = { fromObject: Struct.wrap, toObject: Struct.unwrap } as any;
+
+export interface MessageFns<T> {
+}
+
+export interface StructWrapperFns {
+  wrap(object: { [key: string]: any } | undefined): Struct;
+  unwrap(message: Struct): { [key: string]: any };
+}
+
+export interface AnyValueWrapperFns {
+  wrap(value: any): Value;
+  unwrap(message: any): string | number | boolean | Object | null | Array<any> | undefined;
+}
+
+export interface ListValueWrapperFns {
+  wrap(array: Array<any> | undefined): ListValue;
+  unwrap(message: ListValue): Array<any>;
+}

gen/google/protobuf/timestamp.ts

@@ -0,0 +1,118 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: google/protobuf/timestamp.proto
+
+/* eslint-disable */
+
+export const protobufPackage = "google.protobuf";
+
+/**
+ * A Timestamp represents a point in time independent of any time zone or local
+ * calendar, encoded as a count of seconds and fractions of seconds at
+ * nanosecond resolution. The count is relative to an epoch at UTC midnight on
+ * January 1, 1970, in the proleptic Gregorian calendar which extends the
+ * Gregorian calendar backwards to year one.
+ *
+ * All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap
+ * second table is needed for interpretation, using a [24-hour linear
+ * smear](https://developers.google.com/time/smear).
+ *
+ * The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By
+ * restricting to that range, we ensure that we can convert to and from [RFC
+ * 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings.
+ *
+ * # Examples
+ *
+ * Example 1: Compute Timestamp from POSIX `time()`.
+ *
+ *     Timestamp timestamp;
+ *     timestamp.set_seconds(time(NULL));
+ *     timestamp.set_nanos(0);
+ *
+ * Example 2: Compute Timestamp from POSIX `gettimeofday()`.
+ *
+ *     struct timeval tv;
+ *     gettimeofday(&tv, NULL);
+ *
+ *     Timestamp timestamp;
+ *     timestamp.set_seconds(tv.tv_sec);
+ *     timestamp.set_nanos(tv.tv_usec * 1000);
+ *
+ * Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`.
+ *
+ *     FILETIME ft;
+ *     GetSystemTimeAsFileTime(&ft);
+ *     UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime;
+ *
+ *     // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z
+ *     // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z.
+ *     Timestamp timestamp;
+ *     timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL));
+ *     timestamp.set_nanos((INT32) ((ticks % 10000000) * 100));
+ *
+ * Example 4: Compute Timestamp from Java `System.currentTimeMillis()`.
+ *
+ *     long millis = System.currentTimeMillis();
+ *
+ *     Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000)
+ *         .setNanos((int) ((millis % 1000) * 1000000)).build();
+ *
+ * Example 5: Compute Timestamp from Java `Instant.now()`.
+ *
+ *     Instant now = Instant.now();
+ *
+ *     Timestamp timestamp =
+ *         Timestamp.newBuilder().setSeconds(now.getEpochSecond())
+ *             .setNanos(now.getNano()).build();
+ *
+ * Example 6: Compute Timestamp from current time in Python.
+ *
+ *     timestamp = Timestamp()
+ *     timestamp.GetCurrentTime()
+ *
+ * # JSON Mapping
+ *
+ * In JSON format, the Timestamp type is encoded as a string in the
+ * [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the
+ * format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z"
+ * where {year} is always expressed using four digits while {month}, {day},
+ * {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional
+ * seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution),
+ * are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone
+ * is required. A proto3 JSON serializer should always use UTC (as indicated by
+ * "Z") when printing the Timestamp type and a proto3 JSON parser should be
+ * able to accept both UTC and other timezones (as indicated by an offset).
+ *
+ * For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past
+ * 01:30 UTC on January 15, 2017.
+ *
+ * In JavaScript, one can convert a Date object to this format using the
+ * standard
+ * [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString)
+ * method. In Python, a standard `datetime.datetime` object can be converted
+ * to this format using
+ * [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with
+ * the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use
+ * the Joda Time's [`ISODateTimeFormat.dateTime()`](
+ * http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime()
+ * ) to obtain a formatter capable of generating timestamps in this format.
+ */
+export interface Timestamp {
+  /**
+   * Represents seconds of UTC time since Unix epoch
+   * 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to
+   * 9999-12-31T23:59:59Z inclusive.
+   */
+  seconds: number;
+  /**
+   * Non-negative fractions of a second at nanosecond resolution. Negative
+   * second values with fractions must still have non-negative nanos values
+   * that count forward in time. Must be from 0 to 999,999,999
+   * inclusive.
+   */
+  nanos: number;
+}
+
+export const GOOGLE_PROTOBUF_PACKAGE_NAME = "google.protobuf";

gen/notifications/notifications.ts

@@ -0,0 +1,190 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: notifications/notifications.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { wrappers } from "protobufjs";
+import { Observable } from "rxjs";
+import { Struct } from "../google/protobuf/struct";
+import { Timestamp } from "../google/protobuf/timestamp";
+
+export const protobufPackage = "notifications.v1";
+
+/** Структура самого уведомления */
+export interface Notification {
+  id: string;
+  userId: string;
+  /** Например: "SYSTEM_ALERT", "NEW_MESSAGE", "TASK_ASSIGNED" */
+  type: string;
+  /** Заголовок (опционально) */
+  title: string;
+  /** Текст уведомления */
+  text: string;
+  /** Любая динамическая JSON-нагрузка (например, { "task_id": 123 }) */
+  payload: { [key: string]: any } | undefined;
+  isRead: boolean;
+  createdAt: Timestamp | undefined;
+}
+
+export interface GetNotificationsRequest {
+  /** ID пользователя запрашивающего данные (Gateway берет это из JWT) */
+  userId: string;
+  /** Для пагинации (например, 20) */
+  limit: number;
+  /** Для пагинации (например, 0) */
+  offset: number;
+  /** Фильтр: получить только непрочитанные */
+  unreadOnly?: boolean | undefined;
+}
+
+export interface GetNotificationsResponse {
+  /** Массив уведомлений */
+  notifications: Notification[];
+  /** Общее количество (для UI пагинации) */
+  totalCount: number;
+}
+
+export interface GetUnreadCountRequest {
+  userId: string;
+}
+
+export interface GetUnreadCountResponse {
+  count: number;
+}
+
+export interface MarkAsReadRequest {
+  userId: string;
+  notificationId: string;
+}
+
+export interface MarkAsReadResponse {
+  success: boolean;
+}
+
+export interface MarkAllAsReadRequest {
+  userId: string;
+}
+
+export interface MarkAllAsReadResponse {
+  success: boolean;
+  /** Сколько уведомлений было обновлено */
+  updatedCount: number;
+}
+
+export interface SendNotificationRequest {
+  /** Кому отправляем (если пусто — можно сделать бродкаст, но лучше отдельный метод) */
+  userId: string;
+  type: string;
+  title: string;
+  text: string;
+  /** Метаданные для UI (ссылки, ID сущностей) */
+  payload: { [key: string]: any } | undefined;
+}
+
+export interface SendNotificationResponse {
+  success: boolean;
+  /** ID созданного уведомления в Postgres */
+  notificationId: string;
+}
+
+export const NOTIFICATIONS_V1_PACKAGE_NAME = "notifications.v1";
+
+wrappers[".google.protobuf.Struct"] = { fromObject: Struct.wrap, toObject: Struct.unwrap } as any;
+
+/**
+ * -----------------------------------------------------------------------------
+ * Сервис Уведомлений
+ * -----------------------------------------------------------------------------
+ */
+
+export interface NotificationServiceClient {
+  /** Получить список уведомлений пользователя с пагинацией */
+
+  getUserNotifications(request: GetNotificationsRequest, metadata?: Metadata): Observable<GetNotificationsResponse>;
+
+  /** Получить количество непрочитанных уведомлений (для бейджика на иконке) */
+
+  getUnreadCount(request: GetUnreadCountRequest, metadata?: Metadata): Observable<GetUnreadCountResponse>;
+
+  /** Отметить конкретное уведомление как прочитанное */
+
+  markAsRead(request: MarkAsReadRequest, metadata?: Metadata): Observable<MarkAsReadResponse>;
+
+  /** Отметить все уведомления пользователя как прочитанные */
+
+  markAllAsRead(request: MarkAllAsReadRequest, metadata?: Metadata): Observable<MarkAllAsReadResponse>;
+
+  /** Отправить уведомление (CRM/ERP вызывает этот метод, а NestJS уже кидает в RabbitMQ) */
+
+  sendNotification(request: SendNotificationRequest, metadata?: Metadata): Observable<SendNotificationResponse>;
+}
+
+/**
+ * -----------------------------------------------------------------------------
+ * Сервис Уведомлений
+ * -----------------------------------------------------------------------------
+ */
+
+export interface NotificationServiceController {
+  /** Получить список уведомлений пользователя с пагинацией */
+
+  getUserNotifications(
+    request: GetNotificationsRequest,
+    metadata?: Metadata,
+  ): Promise<GetNotificationsResponse> | Observable<GetNotificationsResponse> | GetNotificationsResponse;
+
+  /** Получить количество непрочитанных уведомлений (для бейджика на иконке) */
+
+  getUnreadCount(
+    request: GetUnreadCountRequest,
+    metadata?: Metadata,
+  ): Promise<GetUnreadCountResponse> | Observable<GetUnreadCountResponse> | GetUnreadCountResponse;
+
+  /** Отметить конкретное уведомление как прочитанное */
+
+  markAsRead(
+    request: MarkAsReadRequest,
+    metadata?: Metadata,
+  ): Promise<MarkAsReadResponse> | Observable<MarkAsReadResponse> | MarkAsReadResponse;
+
+  /** Отметить все уведомления пользователя как прочитанные */
+
+  markAllAsRead(
+    request: MarkAllAsReadRequest,
+    metadata?: Metadata,
+  ): Promise<MarkAllAsReadResponse> | Observable<MarkAllAsReadResponse> | MarkAllAsReadResponse;
+
+  /** Отправить уведомление (CRM/ERP вызывает этот метод, а NestJS уже кидает в RabbitMQ) */
+
+  sendNotification(
+    request: SendNotificationRequest,
+    metadata?: Metadata,
+  ): Promise<SendNotificationResponse> | Observable<SendNotificationResponse> | SendNotificationResponse;
+}
+
+export function NotificationServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "getUserNotifications",
+      "getUnreadCount",
+      "markAsRead",
+      "markAllAsRead",
+      "sendNotification",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("NotificationService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("NotificationService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const NOTIFICATION_SERVICE_NAME = "NotificationService";

gen/rbac.ts

@@ -0,0 +1,172 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v3.21.12
+// source: rbac.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "rbac.v1";
+
+export interface GetAllPermissionsRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllPermissionsResponse {
+  permissions: Permission[];
+}
+
+export interface Permission {
+  id: string;
+  code: string;
+  description: string;
+  module: string;
+  roles: string[];
+}
+
+export interface GetAllRolesRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllRolesResponse {
+  roles: Roles[];
+}
+
+export interface CreateRoleRequest {
+  name: string;
+  level: number;
+  permissionCodes: string[];
+}
+
+export interface UpdateRoleRequest {
+  id: string;
+  name?: string | undefined;
+  level?: number | undefined;
+  permissionCodes: string[];
+}
+
+export interface ModifyRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteRoleRequest {
+  id: string;
+}
+
+export interface DeleteRoleResponse {
+  success: boolean;
+  message: string;
+  fallbackRoleName?: string | undefined;
+}
+
+export interface CreatePermissionRequest {
+  code: string;
+  description: string;
+  module: string;
+}
+
+export interface UpdatePermissionRequest {
+  id: string;
+  /** Привязка к конкретным ролям */
+  roleIds: string[];
+}
+
+export interface ModifyPermissionResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface Roles {
+  id: string;
+  name: string;
+  level: number;
+  permissions: string[];
+  ldapMapping: string[];
+  accounts: string[];
+}
+
+export const RBAC_V1_PACKAGE_NAME = "rbac.v1";
+
+export interface RbacServiceClient {
+  createRole(request: CreateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  updateRole(request: UpdateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  deleteRole(request: DeleteRoleRequest, metadata?: Metadata): Observable<DeleteRoleResponse>;
+
+  createPermission(request: CreatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  updatePermission(request: UpdatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  getAllPermissions(request: GetAllPermissionsRequest, metadata?: Metadata): Observable<GetAllPermissionsResponse>;
+
+  getAllRoles(request: GetAllRolesRequest, metadata?: Metadata): Observable<GetAllRolesResponse>;
+}
+
+export interface RbacServiceController {
+  createRole(
+    request: CreateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  updateRole(
+    request: UpdateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  deleteRole(
+    request: DeleteRoleRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteRoleResponse> | Observable<DeleteRoleResponse> | DeleteRoleResponse;
+
+  createPermission(
+    request: CreatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  updatePermission(
+    request: UpdatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  getAllPermissions(
+    request: GetAllPermissionsRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllPermissionsResponse> | Observable<GetAllPermissionsResponse> | GetAllPermissionsResponse;
+
+  getAllRoles(
+    request: GetAllRolesRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllRolesResponse> | Observable<GetAllRolesResponse> | GetAllRolesResponse;
+}
+
+export function RbacServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "createRole",
+      "updateRole",
+      "deleteRole",
+      "createPermission",
+      "updatePermission",
+      "getAllPermissions",
+      "getAllRoles",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const RBAC_SERVICE_NAME = "RbacService";

gen/search/search.ts

@@ -0,0 +1,74 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: search/search.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "search.v1";
+
+export interface SearchUsersRequest {
+  query: string;
+  userId: string;
+  sessionId: string;
+  status?: string | undefined;
+}
+
+export interface SearchUserItem {
+  id: string;
+  username: string;
+  fullName: string;
+  avatarUrl: string;
+  status: string;
+  isPublic: boolean;
+}
+
+export interface SearchUsersResponse {
+  users: SearchUserItem[];
+}
+
+export const SEARCH_V1_PACKAGE_NAME = "search.v1";
+
+export interface SearchServiceClient {
+  /**
+   * В будущем сюда добавятся:
+   * rpc SearchMessages (SearchMessagesRequest) returns (SearchMessagesResponse);
+   * rpc SearchTickets (SearchTicketsRequest) returns (SearchTicketsResponse);
+   */
+
+  searchUsers(request: SearchUsersRequest, metadata?: Metadata): Observable<SearchUsersResponse>;
+}
+
+export interface SearchServiceController {
+  /**
+   * В будущем сюда добавятся:
+   * rpc SearchMessages (SearchMessagesRequest) returns (SearchMessagesResponse);
+   * rpc SearchTickets (SearchTicketsRequest) returns (SearchTicketsResponse);
+   */
+
+  searchUsers(
+    request: SearchUsersRequest,
+    metadata?: Metadata,
+  ): Promise<SearchUsersResponse> | Observable<SearchUsersResponse> | SearchUsersResponse;
+}
+
+export function SearchServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = ["searchUsers"];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("SearchService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("SearchService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const SEARCH_SERVICE_NAME = "SearchService";

gen/sso/account.ts

@@ -0,0 +1,159 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/account.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "account.v1";
+
+export interface GetAccountRequest {
+  id: string;
+}
+
+export interface GetAccountResponse {
+  id: string;
+  username: string;
+  email: string;
+  phone: string;
+  fullName: string;
+  isLdap: boolean;
+  status: string;
+  roles: string[];
+  avatarUrl: string;
+  employeeId?: string | undefined;
+  presence: string;
+  lastActive: string;
+  customStatusText: string;
+  customStatusEmoji: string;
+  timezone: string;
+  language: string;
+  twoFaEnabled: boolean;
+  hasPin: boolean;
+}
+
+export interface ChangePasswordRequest {
+  userId: string;
+  oldPassword: string;
+  newPassword: string;
+  code?: string | undefined;
+  sessionId: string;
+}
+
+export interface ChangePasswordResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface SetPinRequest {
+  userId: string;
+  sessionId: string;
+  pin: string;
+}
+
+export interface SetPinResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface UnlockPinRequest {
+  userId: string;
+  sessionId: string;
+  pin: string;
+}
+
+export interface UnlockPinResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface GetPinStatusRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetPinStatusResponse {
+  hasPin: boolean;
+  isLocked: boolean;
+  lockUntil: string;
+}
+
+export interface RemovePinRequest {
+  pin: string;
+  userId: string;
+  sessionId: string;
+}
+
+export interface RemovePinResponse {
+  success: boolean;
+  message: string;
+}
+
+export const ACCOUNT_V1_PACKAGE_NAME = "account.v1";
+
+export interface AccountServiceClient {
+  getAccount(request: GetAccountRequest, metadata?: Metadata): Observable<GetAccountResponse>;
+
+  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<ChangePasswordResponse>;
+
+  setPin(request: SetPinRequest, metadata?: Metadata): Observable<SetPinResponse>;
+
+  unlockPin(request: UnlockPinRequest, metadata?: Metadata): Observable<UnlockPinResponse>;
+
+  getPinStatus(request: GetPinStatusRequest, metadata?: Metadata): Observable<GetPinStatusResponse>;
+
+  removePin(request: RemovePinRequest, metadata?: Metadata): Observable<RemovePinResponse>;
+}
+
+export interface AccountServiceController {
+  getAccount(
+    request: GetAccountRequest,
+    metadata?: Metadata,
+  ): Promise<GetAccountResponse> | Observable<GetAccountResponse> | GetAccountResponse;
+
+  changePassword(
+    request: ChangePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<ChangePasswordResponse> | Observable<ChangePasswordResponse> | ChangePasswordResponse;
+
+  setPin(
+    request: SetPinRequest,
+    metadata?: Metadata,
+  ): Promise<SetPinResponse> | Observable<SetPinResponse> | SetPinResponse;
+
+  unlockPin(
+    request: UnlockPinRequest,
+    metadata?: Metadata,
+  ): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
+
+  getPinStatus(
+    request: GetPinStatusRequest,
+    metadata?: Metadata,
+  ): Promise<GetPinStatusResponse> | Observable<GetPinStatusResponse> | GetPinStatusResponse;
+
+  removePin(
+    request: RemovePinRequest,
+    metadata?: Metadata,
+  ): Promise<RemovePinResponse> | Observable<RemovePinResponse> | RemovePinResponse;
+}
+
+export function AccountServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = ["getAccount", "changePassword", "setPin", "unlockPin", "getPinStatus", "removePin"];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("AccountService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("AccountService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const ACCOUNT_SERVICE_NAME = "AccountService";

gen/sso/auth.ts

@@ -0,0 +1,338 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/auth.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "auth.v1";
+
+export interface LoginRequest {
+  username: string;
+  password: string;
+  /** Уникальный идентификатор устройства клиента */
+  deviceId: string;
+  /** Публичный ключ устройства для шифрования сообщений */
+  publicKey: string;
+}
+
+export interface LoginResponse {
+  accessToken: string;
+  refreshToken: string;
+  status: string;
+  need2fa: boolean;
+  tempToken?: string | undefined;
+  message?: string | undefined;
+  errorCode?: string | undefined;
+}
+
+export interface RefreshRequest {
+  refreshToken: string;
+}
+
+export interface RefreshResponse {
+  accessToken: string;
+  refreshToken: string;
+}
+
+export interface LogoutRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface LogoutResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface VerifyTokenRequest {
+  token: string;
+}
+
+export interface VerifyTokenResponse {
+  isValid: boolean;
+  errorMessage?: string | undefined;
+  id?: string | undefined;
+  username?: string | undefined;
+  roleLevel?: number | undefined;
+  permissions: string[];
+  sessionId?: string | undefined;
+  requiresPin?: boolean | undefined;
+  deviceId?: string | undefined;
+}
+
+export interface GetAccountRoleLevelRequest {
+  accountId: string;
+}
+
+export interface GetAccountRoleLevelResponse {
+  found: boolean;
+  roleLevel: number;
+}
+
+export interface GetSessionRequest {
+  userId: string;
+  currentSessionId: string;
+}
+
+export interface SessionItem {
+  /** Здесь будет лежать захэшированный ID */
+  id: string;
+  ipAddress: string;
+  userAgent: string;
+  /** Unix timestamp в миллисекундах */
+  lastActivity: number;
+  /** Флаг текущей сессии */
+  isCurrent: boolean;
+  deviceId: string;
+}
+
+export interface GetSessionsResponse {
+  sessions: SessionItem[];
+}
+
+export interface TerminateSessionRequest {
+  userId: string;
+  /** Хэш сессии, которую нужно убить */
+  targetHash: string;
+}
+
+export interface TerminateSessionResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface SystemCreateAccountRequest {
+  username: string;
+  /** Хеш пароля генерирует Admin Service и передает сюда */
+  passwordHash: string;
+  isLdap: boolean;
+}
+
+export interface SystemCreateAccountResponse {
+  accountId: string;
+}
+
+export interface SystemChangeStatusRequest {
+  accountId: string;
+  /** 'ACTIVE', 'BLOCKED', 'DELETED' */
+  status: string;
+}
+
+export interface SystemChangeStatusResponse {
+  success: boolean;
+}
+
+export interface SystemUpdatePasswordRequest {
+  accountId: string;
+  newPasswordHash: string;
+}
+
+export interface SystemUpdatePasswordResponse {
+  success: boolean;
+}
+
+export interface SystemUpdatePinRequest {
+  accountId: string;
+  /** null если удаляем */
+  pinHash?: string | undefined;
+}
+
+export interface SystemUpdatePinResponse {
+  success: boolean;
+}
+
+export interface SystemBlockIpRequest {
+  ipAddress: string;
+  adminId: string;
+  reason?: string | undefined;
+}
+
+export interface SystemBlockIpResponse {
+  success: boolean;
+}
+
+export interface SystemUnblockIpRequest {
+  ipAddress: string;
+}
+
+export interface SystemUnblockIpResponse {
+  success: boolean;
+}
+
+export interface SystemGetAllAccountsRequest {
+  limit: number;
+  offset: number;
+}
+
+export interface AccountBasicItem {
+  id: string;
+  username: string;
+  status: string;
+}
+
+export interface SystemGetAllAccountsResponse {
+  accounts: AccountBasicItem[];
+  total: number;
+}
+
+export const AUTH_V1_PACKAGE_NAME = "auth.v1";
+
+export interface AuthServiceClient {
+  login(request: LoginRequest, metadata?: Metadata): Observable<LoginResponse>;
+
+  refresh(request: RefreshRequest, metadata?: Metadata): Observable<RefreshResponse>;
+
+  verifyToken(request: VerifyTokenRequest, metadata?: Metadata): Observable<VerifyTokenResponse>;
+
+  getAccountRoleLevel(
+    request: GetAccountRoleLevelRequest,
+    metadata?: Metadata,
+  ): Observable<GetAccountRoleLevelResponse>;
+
+  logout(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+
+  logoutOther(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+
+  getSessions(request: GetSessionRequest, metadata?: Metadata): Observable<GetSessionsResponse>;
+
+  terminateSession(request: TerminateSessionRequest, metadata?: Metadata): Observable<TerminateSessionResponse>;
+
+  /** Системные методы для админа */
+
+  systemCreateAccount(
+    request: SystemCreateAccountRequest,
+    metadata?: Metadata,
+  ): Observable<SystemCreateAccountResponse>;
+
+  systemChangeStatus(request: SystemChangeStatusRequest, metadata?: Metadata): Observable<SystemChangeStatusResponse>;
+
+  systemUpdatePassword(
+    request: SystemUpdatePasswordRequest,
+    metadata?: Metadata,
+  ): Observable<SystemUpdatePasswordResponse>;
+
+  systemUpdatePin(request: SystemUpdatePinRequest, metadata?: Metadata): Observable<SystemUpdatePinResponse>;
+
+  systemBlockIp(request: SystemBlockIpRequest, metadata?: Metadata): Observable<SystemBlockIpResponse>;
+
+  systemUnblockIp(request: SystemUnblockIpRequest, metadata?: Metadata): Observable<SystemUnblockIpResponse>;
+
+  systemGetAllAccounts(
+    request: SystemGetAllAccountsRequest,
+    metadata?: Metadata,
+  ): Observable<SystemGetAllAccountsResponse>;
+}
+
+export interface AuthServiceController {
+  login(request: LoginRequest, metadata?: Metadata): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
+
+  refresh(
+    request: RefreshRequest,
+    metadata?: Metadata,
+  ): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
+
+  verifyToken(
+    request: VerifyTokenRequest,
+    metadata?: Metadata,
+  ): Promise<VerifyTokenResponse> | Observable<VerifyTokenResponse> | VerifyTokenResponse;
+
+  getAccountRoleLevel(
+    request: GetAccountRoleLevelRequest,
+    metadata?: Metadata,
+  ): Promise<GetAccountRoleLevelResponse> | Observable<GetAccountRoleLevelResponse> | GetAccountRoleLevelResponse;
+
+  logout(
+    request: LogoutRequest,
+    metadata?: Metadata,
+  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+
+  logoutOther(
+    request: LogoutRequest,
+    metadata?: Metadata,
+  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+
+  getSessions(
+    request: GetSessionRequest,
+    metadata?: Metadata,
+  ): Promise<GetSessionsResponse> | Observable<GetSessionsResponse> | GetSessionsResponse;
+
+  terminateSession(
+    request: TerminateSessionRequest,
+    metadata?: Metadata,
+  ): Promise<TerminateSessionResponse> | Observable<TerminateSessionResponse> | TerminateSessionResponse;
+
+  /** Системные методы для админа */
+
+  systemCreateAccount(
+    request: SystemCreateAccountRequest,
+    metadata?: Metadata,
+  ): Promise<SystemCreateAccountResponse> | Observable<SystemCreateAccountResponse> | SystemCreateAccountResponse;
+
+  systemChangeStatus(
+    request: SystemChangeStatusRequest,
+    metadata?: Metadata,
+  ): Promise<SystemChangeStatusResponse> | Observable<SystemChangeStatusResponse> | SystemChangeStatusResponse;
+
+  systemUpdatePassword(
+    request: SystemUpdatePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<SystemUpdatePasswordResponse> | Observable<SystemUpdatePasswordResponse> | SystemUpdatePasswordResponse;
+
+  systemUpdatePin(
+    request: SystemUpdatePinRequest,
+    metadata?: Metadata,
+  ): Promise<SystemUpdatePinResponse> | Observable<SystemUpdatePinResponse> | SystemUpdatePinResponse;
+
+  systemBlockIp(
+    request: SystemBlockIpRequest,
+    metadata?: Metadata,
+  ): Promise<SystemBlockIpResponse> | Observable<SystemBlockIpResponse> | SystemBlockIpResponse;
+
+  systemUnblockIp(
+    request: SystemUnblockIpRequest,
+    metadata?: Metadata,
+  ): Promise<SystemUnblockIpResponse> | Observable<SystemUnblockIpResponse> | SystemUnblockIpResponse;
+
+  systemGetAllAccounts(
+    request: SystemGetAllAccountsRequest,
+    metadata?: Metadata,
+  ): Promise<SystemGetAllAccountsResponse> | Observable<SystemGetAllAccountsResponse> | SystemGetAllAccountsResponse;
+}
+
+export function AuthServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "login",
+      "refresh",
+      "verifyToken",
+      "getAccountRoleLevel",
+      "logout",
+      "logoutOther",
+      "getSessions",
+      "terminateSession",
+      "systemCreateAccount",
+      "systemChangeStatus",
+      "systemUpdatePassword",
+      "systemUpdatePin",
+      "systemBlockIp",
+      "systemUnblockIp",
+      "systemGetAllAccounts",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const AUTH_SERVICE_NAME = "AuthService";

gen/sso/ldap-auth.ts

@@ -0,0 +1,75 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/ldap-auth.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "ldap_auth.v1";
+
+export interface LdapUserData {
+  /** Полный путь в AD (Distinguished Name) */
+  dn: string;
+  /** Логин (sAMAccountName) */
+  username: string;
+  /** ФИО (displayName) */
+  displayName: string;
+  /** Почта (mail) */
+  email: string;
+  /** Описание/Должность (description) */
+  description: string;
+  /** Аватарка в байтах (thumbnailPhoto) */
+  avatar: Uint8Array;
+  /** Список групп */
+  groups: string[];
+  /** Статус аккаунта */
+  isActive: boolean;
+  phone: string;
+}
+
+/** --- Авторизация --- */
+export interface VerifyRequest {
+  username: string;
+  password: string;
+}
+
+export interface VerifyResponse {
+  success: boolean;
+  errorMessage: string;
+  /** Отдаем полные данные при успешном входе */
+  user: LdapUserData | undefined;
+}
+
+export const LDAP_AUTH_V1_PACKAGE_NAME = "ldap_auth.v1";
+
+export interface LdapAuthServiceClient {
+  verifyUser(request: VerifyRequest, metadata?: Metadata): Observable<VerifyResponse>;
+}
+
+export interface LdapAuthServiceController {
+  verifyUser(
+    request: VerifyRequest,
+    metadata?: Metadata,
+  ): Promise<VerifyResponse> | Observable<VerifyResponse> | VerifyResponse;
+}
+
+export function LdapAuthServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = ["verifyUser"];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("LdapAuthService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("LdapAuthService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const LDAP_AUTH_SERVICE_NAME = "LdapAuthService";

gen/sso/ldap.ts

@@ -0,0 +1,211 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/ldap.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "ldap.v1";
+
+/**
+ * ==========================================
+ * БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+ * ==========================================
+ */
+export interface EmptyRequest {
+}
+
+/** Стандартный ответ для мутаций (создание, обновление, удаление) */
+export interface StatusResponse {
+  success: boolean;
+  errorMessage: string;
+}
+
+/** Полная модель пользователя */
+export interface UserData {
+  /** Полный путь в AD (Distinguished Name) */
+  dn: string;
+  /** Логин (sAMAccountName) */
+  username: string;
+  /** ФИО (displayName) */
+  displayName: string;
+  /** Почта (mail) */
+  email: string;
+  /** Описание/Должность (description) */
+  description: string;
+  /** Аватарка в байтах (thumbnailPhoto) */
+  avatar: Uint8Array;
+  /** Список групп */
+  groups: string[];
+  /** Статус аккаунта */
+  isActive: boolean;
+  phone: string;
+}
+
+/** Модель группы */
+export interface GroupData {
+  dn: string;
+  /** Короткое имя группы (cn) */
+  name: string;
+}
+
+/** --- Списки --- */
+export interface UserListResponse {
+  success: boolean;
+  errorMessage: string;
+  users: UserData[];
+}
+
+export interface GroupListResponse {
+  success: boolean;
+  errorMessage: string;
+  groups: GroupData[];
+}
+
+/** --- Управление профилем --- */
+export interface CreateUserRequest {
+  username: string;
+  fullName: string;
+  password: string;
+  /** Сразу при создании можно задать почту */
+  email?: string | undefined;
+}
+
+/** Запрос на обновление. Используем optional для частичного обновления. */
+export interface UpdateUserRequest {
+  /** Обязательное поле: кого обновляем */
+  username: string;
+  /** Новое ФИО (повлечет Rename CN) */
+  displayName?:
+    | string
+    | undefined;
+  /** Новая почта */
+  email?:
+    | string
+    | undefined;
+  /** Новое описание */
+  description?:
+    | string
+    | undefined;
+  /** Новая аватарка (бинарник картинки) */
+  avatar?: Uint8Array | undefined;
+}
+
+export interface ChangePasswordRequest {
+  username: string;
+  newPassword: string;
+}
+
+export interface ToggleStatusRequest {
+  username: string;
+  /** true - включить (512), false - отключить (514) */
+  setActive: boolean;
+}
+
+/** --- Управление членством в группах --- */
+export interface GroupMemberRequest {
+  /** Логин пользователя */
+  username: string;
+  /** Полный путь группы (в которую добавляем / из которой удаляем) */
+  groupDn: string;
+}
+
+export const LDAP_V1_PACKAGE_NAME = "ldap.v1";
+
+export interface LdapServiceClient {
+  /** Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(request: EmptyRequest, metadata?: Metadata): Observable<UserListResponse>;
+
+  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  updateUser(request: UpdateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  toggleUserStatus(request: ToggleStatusRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  /** Управление Группами --- */
+
+  getGroups(request: EmptyRequest, metadata?: Metadata): Observable<GroupListResponse>;
+
+  addUserToGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  removeUserFromGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+}
+
+export interface LdapServiceController {
+  /** Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<UserListResponse> | Observable<UserListResponse> | UserListResponse;
+
+  createUser(
+    request: CreateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  updateUser(
+    request: UpdateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  changePassword(
+    request: ChangePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  toggleUserStatus(
+    request: ToggleStatusRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  /** Управление Группами --- */
+
+  getGroups(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<GroupListResponse> | Observable<GroupListResponse> | GroupListResponse;
+
+  addUserToGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  removeUserFromGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+}
+
+export function LdapServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "getUsers",
+      "createUser",
+      "updateUser",
+      "changePassword",
+      "toggleUserStatus",
+      "getGroups",
+      "addUserToGroup",
+      "removeUserFromGroup",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("LdapService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("LdapService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const LDAP_SERVICE_NAME = "LdapService";

gen/sso/rbac.ts

@@ -0,0 +1,172 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/rbac.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "rbac.v1";
+
+export interface GetAllPermissionsRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllPermissionsResponse {
+  permissions: Permission[];
+}
+
+export interface Permission {
+  id: string;
+  code: string;
+  description: string;
+  module: string;
+  roles: string[];
+}
+
+export interface GetAllRolesRequest {
+  userId: string;
+  sessionId: string;
+}
+
+export interface GetAllRolesResponse {
+  roles: Roles[];
+}
+
+export interface CreateRoleRequest {
+  name: string;
+  level: number;
+  permissionCodes: string[];
+}
+
+export interface UpdateRoleRequest {
+  id: string;
+  name?: string | undefined;
+  level?: number | undefined;
+  permissionCodes: string[];
+}
+
+export interface ModifyRoleResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface DeleteRoleRequest {
+  id: string;
+}
+
+export interface DeleteRoleResponse {
+  success: boolean;
+  message: string;
+  fallbackRoleName?: string | undefined;
+}
+
+export interface CreatePermissionRequest {
+  code: string;
+  description: string;
+  module: string;
+}
+
+export interface UpdatePermissionRequest {
+  id: string;
+  /** Привязка к конкретным ролям */
+  roleIds: string[];
+}
+
+export interface ModifyPermissionResponse {
+  success: boolean;
+  message: string;
+}
+
+export interface Roles {
+  id: string;
+  name: string;
+  level: number;
+  permissions: string[];
+  ldapMapping: string[];
+  accounts: string[];
+}
+
+export const RBAC_V1_PACKAGE_NAME = "rbac.v1";
+
+export interface RbacServiceClient {
+  createRole(request: CreateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  updateRole(request: UpdateRoleRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  deleteRole(request: DeleteRoleRequest, metadata?: Metadata): Observable<DeleteRoleResponse>;
+
+  createPermission(request: CreatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  updatePermission(request: UpdatePermissionRequest, metadata?: Metadata): Observable<ModifyPermissionResponse>;
+
+  getAllPermissions(request: GetAllPermissionsRequest, metadata?: Metadata): Observable<GetAllPermissionsResponse>;
+
+  getAllRoles(request: GetAllRolesRequest, metadata?: Metadata): Observable<GetAllRolesResponse>;
+}
+
+export interface RbacServiceController {
+  createRole(
+    request: CreateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  updateRole(
+    request: UpdateRoleRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  deleteRole(
+    request: DeleteRoleRequest,
+    metadata?: Metadata,
+  ): Promise<DeleteRoleResponse> | Observable<DeleteRoleResponse> | DeleteRoleResponse;
+
+  createPermission(
+    request: CreatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  updatePermission(
+    request: UpdatePermissionRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyPermissionResponse> | Observable<ModifyPermissionResponse> | ModifyPermissionResponse;
+
+  getAllPermissions(
+    request: GetAllPermissionsRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllPermissionsResponse> | Observable<GetAllPermissionsResponse> | GetAllPermissionsResponse;
+
+  getAllRoles(
+    request: GetAllRolesRequest,
+    metadata?: Metadata,
+  ): Promise<GetAllRolesResponse> | Observable<GetAllRolesResponse> | GetAllRolesResponse;
+}
+
+export function RbacServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "createRole",
+      "updateRole",
+      "deleteRole",
+      "createPermission",
+      "updatePermission",
+      "getAllPermissions",
+      "getAllRoles",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("RbacService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const RBAC_SERVICE_NAME = "RbacService";

gen/sso/twofa.ts

@@ -0,0 +1,222 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: sso/twofa.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "twofa.v1";
+
+export interface Verify2FaRequest {
+  tempToken: string;
+  totpCode?: string | undefined;
+  telegramCode?: string | undefined;
+}
+
+export interface Verify2FaResponse {
+  accessToken: string;
+  refreshToken: string;
+  status: string;
+  message: string;
+  reserveCodes: string[];
+}
+
+export interface AuthenticatedAccessRequest {
+  accessToken: string;
+}
+
+export interface GetTwoFaStatusRequest {
+  accessToken: string;
+}
+
+export interface GetTwoFaStatusResponse {
+  totpEnabled: boolean;
+  telegramEnabled: boolean;
+  totpEnrollmentPending: boolean;
+  telegramEnrollmentPending: boolean;
+}
+
+export interface StartTotpEnrollmentResponse {
+  secretBase32: string;
+  otpauthUri: string;
+  issuer: string;
+  accountLabel: string;
+}
+
+export interface ConfirmTotpEnrollmentRequest {
+  accessToken: string;
+  totpCode: string;
+}
+
+export interface ConfirmTotpEnrollmentResponse {
+  status: string;
+  message: string;
+  reserveCodes: string[];
+}
+
+export interface CancelTotpEnrollmentResponse {
+  status: string;
+  message: string;
+}
+
+export interface DisableTotpRequest {
+  accessToken: string;
+  password: string;
+  totpCode?: string | undefined;
+}
+
+export interface DisableTotpResponse {
+  status: string;
+  message: string;
+}
+
+export interface StartTelegramEnrollmentResponse {
+  enrollmentToken: string;
+  deepLink: string;
+  botUsername: string;
+  expiresAtIso: string;
+}
+
+export interface ConfirmTelegramEnrollmentRequest {
+  accessToken: string;
+  enrollmentToken: string;
+  otpCode: string;
+}
+
+export interface ConfirmTelegramEnrollmentResponse {
+  status: string;
+  message: string;
+  reserveCodes: string[];
+}
+
+export interface DisableTelegramRequest {
+  accessToken: string;
+  password: string;
+  telegramOtpCode?: string | undefined;
+}
+
+export interface DisableTelegramResponse {
+  status: string;
+  message: string;
+}
+
+export const TWOFA_V1_PACKAGE_NAME = "twofa.v1";
+
+export interface TwoFaServiceClient {
+  verify2Fa(request: Verify2FaRequest, metadata?: Metadata): Observable<Verify2FaResponse>;
+
+  getTwoFaStatus(request: GetTwoFaStatusRequest, metadata?: Metadata): Observable<GetTwoFaStatusResponse>;
+
+  startTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<StartTotpEnrollmentResponse>;
+
+  confirmTotpErollment(
+    request: ConfirmTotpEnrollmentRequest,
+    metadata?: Metadata,
+  ): Observable<ConfirmTotpEnrollmentResponse>;
+
+  cancelTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<CancelTotpEnrollmentResponse>;
+
+  disableTotp(request: DisableTotpRequest, metadata?: Metadata): Observable<DisableTotpResponse>;
+
+  startTelegramEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<StartTelegramEnrollmentResponse>;
+
+  confirmTelegramEnrollment(
+    request: ConfirmTelegramEnrollmentRequest,
+    metadata?: Metadata,
+  ): Observable<ConfirmTelegramEnrollmentResponse>;
+
+  disableTelegram(request: DisableTelegramRequest, metadata?: Metadata): Observable<DisableTelegramResponse>;
+}
+
+export interface TwoFaServiceController {
+  verify2Fa(
+    request: Verify2FaRequest,
+    metadata?: Metadata,
+  ): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
+
+  getTwoFaStatus(
+    request: GetTwoFaStatusRequest,
+    metadata?: Metadata,
+  ): Promise<GetTwoFaStatusResponse> | Observable<GetTwoFaStatusResponse> | GetTwoFaStatusResponse;
+
+  startTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Promise<StartTotpEnrollmentResponse> | Observable<StartTotpEnrollmentResponse> | StartTotpEnrollmentResponse;
+
+  confirmTotpErollment(
+    request: ConfirmTotpEnrollmentRequest,
+    metadata?: Metadata,
+  ): Promise<ConfirmTotpEnrollmentResponse> | Observable<ConfirmTotpEnrollmentResponse> | ConfirmTotpEnrollmentResponse;
+
+  cancelTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Promise<CancelTotpEnrollmentResponse> | Observable<CancelTotpEnrollmentResponse> | CancelTotpEnrollmentResponse;
+
+  disableTotp(
+    request: DisableTotpRequest,
+    metadata?: Metadata,
+  ): Promise<DisableTotpResponse> | Observable<DisableTotpResponse> | DisableTotpResponse;
+
+  startTelegramEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ):
+    | Promise<StartTelegramEnrollmentResponse>
+    | Observable<StartTelegramEnrollmentResponse>
+    | StartTelegramEnrollmentResponse;
+
+  confirmTelegramEnrollment(
+    request: ConfirmTelegramEnrollmentRequest,
+    metadata?: Metadata,
+  ):
+    | Promise<ConfirmTelegramEnrollmentResponse>
+    | Observable<ConfirmTelegramEnrollmentResponse>
+    | ConfirmTelegramEnrollmentResponse;
+
+  disableTelegram(
+    request: DisableTelegramRequest,
+    metadata?: Metadata,
+  ): Promise<DisableTelegramResponse> | Observable<DisableTelegramResponse> | DisableTelegramResponse;
+}
+
+export function TwoFaServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "verify2Fa",
+      "getTwoFaStatus",
+      "startTotpEnrollment",
+      "confirmTotpErollment",
+      "cancelTotpEnrollment",
+      "disableTotp",
+      "startTelegramEnrollment",
+      "confirmTelegramEnrollment",
+      "disableTelegram",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const TWO_FA_SERVICE_NAME = "TwoFaService";

gen/twofa.ts

@@ -19,7 +19,6 @@ export interface Verify2FaRequest {
 
 export interface Verify2FaResponse {
   accessToken: string;
-  refreshToken: string;
   status: string;
   message: string;
   reserveCodes: string[];

gen/users/ldap.ts

@@ -0,0 +1,211 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: users/ldap.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "ldap.v1";
+
+/**
+ * ==========================================
+ * БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+ * ==========================================
+ */
+export interface EmptyRequest {
+}
+
+/** Стандартный ответ для мутаций (создание, обновление, удаление) */
+export interface StatusResponse {
+  success: boolean;
+  errorMessage: string;
+}
+
+/** Полная модель пользователя */
+export interface UserData {
+  /** Полный путь в AD (Distinguished Name) */
+  dn: string;
+  /** Логин (sAMAccountName) */
+  username: string;
+  /** ФИО (displayName) */
+  displayName: string;
+  /** Почта (mail) */
+  email: string;
+  /** Описание/Должность (description) */
+  description: string;
+  /** Аватарка в байтах (thumbnailPhoto) */
+  avatar: Uint8Array;
+  /** Список групп */
+  groups: string[];
+  /** Статус аккаунта */
+  isActive: boolean;
+  phone: string;
+}
+
+/** Модель группы */
+export interface GroupData {
+  dn: string;
+  /** Короткое имя группы (cn) */
+  name: string;
+}
+
+/** --- Списки --- */
+export interface UserListResponse {
+  success: boolean;
+  errorMessage: string;
+  users: UserData[];
+}
+
+export interface GroupListResponse {
+  success: boolean;
+  errorMessage: string;
+  groups: GroupData[];
+}
+
+/** --- Управление профилем --- */
+export interface CreateUserRequest {
+  username: string;
+  fullName: string;
+  password: string;
+  /** Сразу при создании можно задать почту */
+  email?: string | undefined;
+}
+
+/** Запрос на обновление. Используем optional для частичного обновления. */
+export interface UpdateUserRequest {
+  /** Обязательное поле: кого обновляем */
+  username: string;
+  /** Новое ФИО (повлечет Rename CN) */
+  displayName?:
+    | string
+    | undefined;
+  /** Новая почта */
+  email?:
+    | string
+    | undefined;
+  /** Новое описание */
+  description?:
+    | string
+    | undefined;
+  /** Новая аватарка (бинарник картинки) */
+  avatar?: Uint8Array | undefined;
+}
+
+export interface ChangePasswordRequest {
+  username: string;
+  newPassword: string;
+}
+
+export interface ToggleStatusRequest {
+  username: string;
+  /** true - включить (512), false - отключить (514) */
+  setActive: boolean;
+}
+
+/** --- Управление членством в группах --- */
+export interface GroupMemberRequest {
+  /** Логин пользователя */
+  username: string;
+  /** Полный путь группы (в которую добавляем / из которой удаляем) */
+  groupDn: string;
+}
+
+export const LDAP_V1_PACKAGE_NAME = "ldap.v1";
+
+export interface LdapServiceClient {
+  /** Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(request: EmptyRequest, metadata?: Metadata): Observable<UserListResponse>;
+
+  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  updateUser(request: UpdateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  toggleUserStatus(request: ToggleStatusRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  /** Управление Группами --- */
+
+  getGroups(request: EmptyRequest, metadata?: Metadata): Observable<GroupListResponse>;
+
+  addUserToGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  removeUserFromGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+}
+
+export interface LdapServiceController {
+  /** Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<UserListResponse> | Observable<UserListResponse> | UserListResponse;
+
+  createUser(
+    request: CreateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  updateUser(
+    request: UpdateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  changePassword(
+    request: ChangePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  toggleUserStatus(
+    request: ToggleStatusRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  /** Управление Группами --- */
+
+  getGroups(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<GroupListResponse> | Observable<GroupListResponse> | GroupListResponse;
+
+  addUserToGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  removeUserFromGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+}
+
+export function LdapServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "getUsers",
+      "createUser",
+      "updateUser",
+      "changePassword",
+      "toggleUserStatus",
+      "getGroups",
+      "addUserToGroup",
+      "removeUserFromGroup",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("LdapService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("LdapService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const LDAP_SERVICE_NAME = "LdapService";

gen/users/users.ts

@@ -0,0 +1,274 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v4.25.9
+// source: users/users.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "users.v1";
+
+export interface UserSettingsMessage {
+  privacyPhone?: string | undefined;
+  privacyLastSeen?: string | undefined;
+  privacyPhoto?: string | undefined;
+  privacyBio?: string | undefined;
+  privacyCalls?: string | undefined;
+  privacyGroups?: string | undefined;
+  privacyVoiceMsgs?: string | undefined;
+  notifyPrivateChats?: boolean | undefined;
+  notifyGroups?: boolean | undefined;
+  notifyChannels?: boolean | undefined;
+  showMessagePreview?: boolean | undefined;
+  theme?: string | undefined;
+  textSize?: number | undefined;
+  chatBackground?: string | undefined;
+}
+
+export interface GetProfileRequest {
+  /** Берется из access токена на API шлюзе */
+  userId: string;
+}
+
+export interface GetProfileResponse {
+  id: string;
+  email?: string | undefined;
+  phone?: string | undefined;
+  fullName?: string | undefined;
+  avatarUrl?: string | undefined;
+  isPublic: boolean;
+  timezone: string;
+  language: string;
+  customStatusText?: string | undefined;
+  customStatusEmoji?: string | undefined;
+  settings?: UserSettingsMessage | undefined;
+}
+
+export interface UpdateProfileRequest {
+  userId: string;
+  email?: string | undefined;
+  phone?: string | undefined;
+  fullName?: string | undefined;
+  avatarUrl?: string | undefined;
+  customStatusText?: string | undefined;
+  customStatusEmoji?: string | undefined;
+  timezone?: string | undefined;
+  language?: string | undefined;
+  isPublic?: boolean | undefined;
+  settings?: UserSettingsMessage | undefined;
+}
+
+export interface UpdateProfileResponse {
+  success: boolean;
+  message: string;
+}
+
+/** Вызывается другими сервисами при создании аккаунта */
+export interface CreateProfileRequest {
+  /** Обязательно передаем ID созданного аккаунта! */
+  userId: string;
+  email?: string | undefined;
+  fullName?: string | undefined;
+  phone?: string | undefined;
+  avatarUrl?: string | undefined;
+}
+
+export interface CreateProfileResponse {
+  success: boolean;
+}
+
+export interface SoftDeleteProfileRequest {
+  userId: string;
+}
+
+export interface SoftDeleteProfileResponse {
+  success: boolean;
+}
+
+export interface ContactItem {
+  contactId: string;
+  alias?: string | undefined;
+}
+
+export interface AddContactRequest {
+  userId: string;
+  contactId: string;
+  alias?: string | undefined;
+}
+
+export interface AddContactResponse {
+  success: boolean;
+}
+
+export interface GetContactsRequest {
+  userId: string;
+}
+
+export interface GetContactsResponse {
+  contacts: ContactItem[];
+}
+
+export interface BlockedUserItem {
+  blockedId: string;
+  blockedAt: string;
+}
+
+export interface BlockUserRequest {
+  blockerId: string;
+  blockedId: string;
+}
+
+export interface BlockUserResponse {
+  success: boolean;
+}
+
+export interface UnblockUserRequest {
+  blockerId: string;
+  blockedId: string;
+}
+
+export interface UnblockUserResponse {
+  success: boolean;
+}
+
+export interface GetBlockedUsersRequest {
+  blockerId: string;
+}
+
+export interface GetBlockedUsersResponse {
+  blockedUsers: BlockedUserItem[];
+}
+
+export interface SystemGetProfileBatchRequest {
+  userIds: string[];
+}
+
+export interface ProfileBasicItem {
+  id: string;
+  email?: string | undefined;
+  phone?: string | undefined;
+  fullName?: string | undefined;
+  isPublic: boolean;
+}
+
+export interface SystemGetProfileBatchResponse {
+  profiles: ProfileBasicItem[];
+}
+
+export const USERS_V1_PACKAGE_NAME = "users.v1";
+
+export interface UsersServiceClient {
+  getProfile(request: GetProfileRequest, metadata?: Metadata): Observable<GetProfileResponse>;
+
+  updateProfile(request: UpdateProfileRequest, metadata?: Metadata): Observable<UpdateProfileResponse>;
+
+  /** Для системного использования (вызывается из Auth/Admin) */
+
+  createProfile(request: CreateProfileRequest, metadata?: Metadata): Observable<CreateProfileResponse>;
+
+  softDeleteProfile(request: SoftDeleteProfileRequest, metadata?: Metadata): Observable<SoftDeleteProfileResponse>;
+
+  /** --- НОВЫЕ МЕТОДЫ МЕССЕНДЖЕРА --- */
+
+  blockUser(request: BlockUserRequest, metadata?: Metadata): Observable<BlockUserResponse>;
+
+  unblockUser(request: UnblockUserRequest, metadata?: Metadata): Observable<UnblockUserResponse>;
+
+  getBlockedUsers(request: GetBlockedUsersRequest, metadata?: Metadata): Observable<GetBlockedUsersResponse>;
+
+  addContact(request: AddContactRequest, metadata?: Metadata): Observable<AddContactResponse>;
+
+  getContacts(request: GetContactsRequest, metadata?: Metadata): Observable<GetContactsResponse>;
+
+  systemGetProfileBatch(
+    request: SystemGetProfileBatchRequest,
+    metadata?: Metadata,
+  ): Observable<SystemGetProfileBatchResponse>;
+}
+
+export interface UsersServiceController {
+  getProfile(
+    request: GetProfileRequest,
+    metadata?: Metadata,
+  ): Promise<GetProfileResponse> | Observable<GetProfileResponse> | GetProfileResponse;
+
+  updateProfile(
+    request: UpdateProfileRequest,
+    metadata?: Metadata,
+  ): Promise<UpdateProfileResponse> | Observable<UpdateProfileResponse> | UpdateProfileResponse;
+
+  /** Для системного использования (вызывается из Auth/Admin) */
+
+  createProfile(
+    request: CreateProfileRequest,
+    metadata?: Metadata,
+  ): Promise<CreateProfileResponse> | Observable<CreateProfileResponse> | CreateProfileResponse;
+
+  softDeleteProfile(
+    request: SoftDeleteProfileRequest,
+    metadata?: Metadata,
+  ): Promise<SoftDeleteProfileResponse> | Observable<SoftDeleteProfileResponse> | SoftDeleteProfileResponse;
+
+  /** --- НОВЫЕ МЕТОДЫ МЕССЕНДЖЕРА --- */
+
+  blockUser(
+    request: BlockUserRequest,
+    metadata?: Metadata,
+  ): Promise<BlockUserResponse> | Observable<BlockUserResponse> | BlockUserResponse;
+
+  unblockUser(
+    request: UnblockUserRequest,
+    metadata?: Metadata,
+  ): Promise<UnblockUserResponse> | Observable<UnblockUserResponse> | UnblockUserResponse;
+
+  getBlockedUsers(
+    request: GetBlockedUsersRequest,
+    metadata?: Metadata,
+  ): Promise<GetBlockedUsersResponse> | Observable<GetBlockedUsersResponse> | GetBlockedUsersResponse;
+
+  addContact(
+    request: AddContactRequest,
+    metadata?: Metadata,
+  ): Promise<AddContactResponse> | Observable<AddContactResponse> | AddContactResponse;
+
+  getContacts(
+    request: GetContactsRequest,
+    metadata?: Metadata,
+  ): Promise<GetContactsResponse> | Observable<GetContactsResponse> | GetContactsResponse;
+
+  systemGetProfileBatch(
+    request: SystemGetProfileBatchRequest,
+    metadata?: Metadata,
+  ): Promise<SystemGetProfileBatchResponse> | Observable<SystemGetProfileBatchResponse> | SystemGetProfileBatchResponse;
+}
+
+export function UsersServiceControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "getProfile",
+      "updateProfile",
+      "createProfile",
+      "softDeleteProfile",
+      "blockUser",
+      "unblockUser",
+      "getBlockedUsers",
+      "addContact",
+      "getContacts",
+      "systemGetProfileBatch",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("UsersService", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("UsersService", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const USERS_SERVICE_NAME = "UsersService";

package-lock.json

@@ -1,15 +1,14 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.24",
+  "version": "1.0.57",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@lendry-erp/contracts",
-      "version": "1.0.24",
+      "version": "1.0.57",
       "dependencies": {
-        "@lendry-erp/contracts": "^1.0.24",
-        "@lendry-erp/passport": "^1.0.3",
+        "@grpc/grpc-js": "^1.14.3",
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
@@ -24,6 +23,7 @@
       "resolved": "https://registry.npmjs.org/@borewit/text-codec/-/text-codec-0.2.2.tgz",
       "integrity": "sha512-DDaRehssg1aNrH4+2hnj1B7vnUGEjU6OIlyRdkMd0aUdIUvKXrJfXsy8LVtXAy7DRvYVluWbMspsRhz2lcW0mQ==",
       "license": "MIT",
+      "peer": true,
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/Borewit"
@@ -35,26 +35,45 @@
       "integrity": "sha512-sBXGT13cpmPR5BMgHE6UEEfEaShh5Ror6rfN3yEK5si7QVrtZg8LEPQb0VVhiLRUslD2yLnXtnRzG035J/mZXQ==",
       "license": "(Apache-2.0 AND BSD-3-Clause)"
     },
-    "node_modules/@lendry-erp/contracts": {
-      "version": "1.0.24",
-      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.24/contracts-1.0.24.tgz",
-      "integrity": "sha512-Bn4RgU22O6IDFhYEbQicBLpRtSGHrEgqOSAljQh4lT5shMeLedlE0V3jFxzFu9xpyTzcM/o+C96vpsAHab0tbg==",
+    "node_modules/@grpc/grpc-js": {
+      "version": "1.14.3",
+      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz",
+      "integrity": "sha512-Iq8QQQ/7X3Sac15oB6p0FmUg/klxQvXLeileoqrTRGJYLV+/9tubbr9ipz0GKHjmXVsgFPo/+W+2cA8eNcR+XA==",
+      "license": "Apache-2.0",
       "dependencies": {
-        "@nestjs/microservices": "^11.1.17",
-        "rxjs": "^7.8.2",
-        "ts-proto": "^2.11.6"
+        "@grpc/proto-loader": "^0.8.0",
+        "@js-sdsl/ordered-map": "^4.4.2"
+      },
+      "engines": {
+        "node": ">=12.10.0"
       }
     },
-    "node_modules/@lendry-erp/passport": {
-      "version": "1.0.3",
-      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fpassport/-/1.0.3/passport-1.0.3.tgz",
-      "integrity": "sha512-gaPdlZahkXmOUnLBlzNdk41nJ1BI6TPZY5xUaCmlIkpqZKr8D5TSBBkFrw4Vlw+TLImqL2Y1JUT4k60gHHtjiw==",
-      "license": "ISC",
+    "node_modules/@grpc/proto-loader": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.8.0.tgz",
+      "integrity": "sha512-rc1hOQtjIWGxcxpb9aHAfLpIctjEnsDehj0DAiVfBlmT84uvR0uUtN2hEi/ecvWVjXUGf5qPF4qEgiLOx1YIMQ==",
+      "license": "Apache-2.0",
       "dependencies": {
-        "@nestjs/common": "^11.1.17",
-        "@nestjs/core": "^11.1.17",
-        "reflect-metadata": "^0.2.2",
-        "rxjs": "^7.8.2"
+        "lodash.camelcase": "^4.3.0",
+        "long": "^5.0.0",
+        "protobufjs": "^7.5.3",
+        "yargs": "^17.7.2"
+      },
+      "bin": {
+        "proto-loader-gen-types": "build/bin/proto-loader-gen-types.js"
+      },
+      "engines": {
+        "node": ">=6"
+      }
+    },
+    "node_modules/@js-sdsl/ordered-map": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/@js-sdsl/ordered-map/-/ordered-map-4.4.2.tgz",
+      "integrity": "sha512-iUKgm52T8HOE/makSxjqoWhe95ZJA1/G1sYsGev2JDKUSS14KAgg1LHb+Ba+IPow0xflbnSkOsZcO08C7w1gYw==",
+      "license": "MIT",
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/js-sdsl"
       }
     },
     "node_modules/@lukeed/csprng": {
@@ -62,6 +81,7 @@
       "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
       "integrity": "sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=8"
       }
@@ -71,6 +91,7 @@
       "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz",
       "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "file-type": "21.3.2",
         "iterare": "1.2.1",
@@ -103,6 +124,7 @@
       "integrity": "sha512-lD5mAYekTTurF3vDaa8C2OKPnjiz4tsfxIc5XlcSUzOhkwWf6Ay3HKvt6FmvuWQam6uIIHX52Clg+e6tAvf/cg==",
       "hasInstallScript": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@nuxt/opencollective": "0.4.1",
         "fast-safe-stringify": "2.1.1",
@@ -201,6 +223,7 @@
       "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.4.1.tgz",
       "integrity": "sha512-GXD3wy50qYbxCJ652bDrDzgMr3NFEkIS374+IgFQKkCvk9yiYcLvX2XDYr7UyQxf4wK0e+yqDYRubZ0DtOxnmQ==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "consola": "^3.2.3"
       },
@@ -212,11 +235,76 @@
         "npm": ">=5.10.0"
       }
     },
+    "node_modules/@protobufjs/aspromise": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
+      "integrity": "sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/base64": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz",
+      "integrity": "sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/codegen": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.4.tgz",
+      "integrity": "sha512-YyFaikqM5sH0ziFZCN3xDC7zeGaB/d0IUb9CATugHWbd1FRFwWwt4ld4OYMPWu5a3Xe01mGAULCdqhMlPl29Jg==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/eventemitter": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz",
+      "integrity": "sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/fetch": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz",
+      "integrity": "sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@protobufjs/aspromise": "^1.1.1",
+        "@protobufjs/inquire": "^1.1.0"
+      }
+    },
+    "node_modules/@protobufjs/float": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz",
+      "integrity": "sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/inquire": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.0.tgz",
+      "integrity": "sha512-kdSefcPdruJiFMVSbn801t4vFK7KB/5gd2fYvrxhuJYg8ILrmn9SKSX2tZdV6V+ksulWqS7aXjBcRXl3wHoD9Q==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/path": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz",
+      "integrity": "sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/pool": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz",
+      "integrity": "sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==",
+      "license": "BSD-3-Clause"
+    },
+    "node_modules/@protobufjs/utf8": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.0.tgz",
+      "integrity": "sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw==",
+      "license": "BSD-3-Clause"
+    },
     "node_modules/@tokenizer/inflate": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/@tokenizer/inflate/-/inflate-0.4.1.tgz",
       "integrity": "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "debug": "^4.4.3",
         "token-types": "^6.1.1"
@@ -233,18 +321,42 @@
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
       "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/@types/node": {
       "version": "25.5.0",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
       "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.18.0"
       }
     },
+    "node_modules/ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
     "node_modules/case-anything": {
       "version": "2.1.13",
       "resolved": "https://registry.npmjs.org/case-anything/-/case-anything-2.1.13.tgz",
@@ -257,11 +369,44 @@
         "url": "https://github.com/sponsors/mesqueeb"
       }
     },
+    "node_modules/cliui": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
+      "license": "ISC",
+      "dependencies": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "license": "MIT"
+    },
     "node_modules/consola": {
       "version": "3.4.2",
       "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz",
       "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": "^14.18.0 || >=16.10.0"
       }
@@ -271,6 +416,7 @@
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
       "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "ms": "^2.1.3"
       },
@@ -304,17 +450,34 @@
         "detect-libc": "^1.0.3"
       }
     },
+    "node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "license": "MIT"
+    },
+    "node_modules/escalade": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz",
+      "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/fast-safe-stringify": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
       "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/file-type": {
       "version": "21.3.2",
       "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz",
       "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@tokenizer/inflate": "^0.4.1",
         "strtok3": "^10.3.4",
@@ -328,6 +491,15 @@
         "url": "https://github.com/sindresorhus/file-type?sponsor=1"
       }
     },
+    "node_modules/get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "license": "ISC",
+      "engines": {
+        "node": "6.* || 8.* || >= 10.*"
+      }
+    },
     "node_modules/ieee754": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz",
@@ -346,7 +518,17 @@
           "url": "https://feross.org/support"
         }
       ],
-      "license": "BSD-3-Clause"
+      "license": "BSD-3-Clause",
+      "peer": true
+    },
+    "node_modules/is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
     },
     "node_modules/iterare": {
       "version": "1.2.1",
@@ -372,31 +554,80 @@
         }
       ],
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=13.2.0"
       }
     },
+    "node_modules/lodash.camelcase": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
+      "integrity": "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==",
+      "license": "MIT"
+    },
+    "node_modules/long": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/long/-/long-5.3.2.tgz",
+      "integrity": "sha512-mNAgZ1GmyNhD7AuqnTG3/VQ26o760+ZYBPKjPvugO8+nLbYfX6TVpJPseBvopbdY+qpZ/lKUnmEc1LeZYS3QAA==",
+      "license": "Apache-2.0"
+    },
     "node_modules/ms": {
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/path-to-regexp": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
       "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
       "license": "MIT",
+      "peer": true,
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/protobufjs": {
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.4.tgz",
+      "integrity": "sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg==",
+      "hasInstallScript": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@protobufjs/aspromise": "^1.1.2",
+        "@protobufjs/base64": "^1.1.2",
+        "@protobufjs/codegen": "^2.0.4",
+        "@protobufjs/eventemitter": "^1.1.0",
+        "@protobufjs/fetch": "^1.1.0",
+        "@protobufjs/float": "^1.0.2",
+        "@protobufjs/inquire": "^1.1.0",
+        "@protobufjs/path": "^1.1.2",
+        "@protobufjs/pool": "^1.1.0",
+        "@protobufjs/utf8": "^1.1.0",
+        "@types/node": ">=13.7.0",
+        "long": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
     "node_modules/reflect-metadata": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
       "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
-      "license": "Apache-2.0"
+      "license": "Apache-2.0",
+      "peer": true
+    },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
     },
     "node_modules/rxjs": {
       "version": "7.8.2",
@@ -407,11 +638,38 @@
         "tslib": "^2.1.0"
       }
     },
+    "node_modules/string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "license": "MIT",
+      "dependencies": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^5.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/strtok3": {
       "version": "10.3.5",
       "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz",
       "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@tokenizer/token": "^0.3.0"
       },
@@ -428,6 +686,7 @@
       "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.1.2.tgz",
       "integrity": "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@borewit/text-codec": "^0.2.1",
         "@tokenizer/token": "^0.3.0",
@@ -499,6 +758,7 @@
       "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
       "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@lukeed/csprng": "^1.0.0"
       },
@@ -511,6 +771,7 @@
       "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",
       "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">=18"
       },
@@ -522,8 +783,60 @@
       "version": "7.18.2",
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
       "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
-      "dev": true,
       "license": "MIT"
+    },
+    "node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
+    "node_modules/y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/yargs": {
+      "version": "17.7.2",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
+      "license": "MIT",
+      "dependencies": {
+        "cliui": "^8.0.1",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^21.1.1"
+      },
+      "engines": {
+        "node": ">=12"
+      }
+    },
+    "node_modules/yargs-parser": {
+      "version": "21.1.1",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
+      "license": "ISC",
+      "engines": {
+        "node": ">=12"
+      }
     }
   }
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.35",
+  "version": "1.2.35",
   "description": "Protobuf definitions and generated TypeScript types",
   "type": "commonjs",
   "main": "./dist/index.js",
@@ -17,11 +17,10 @@
     "access": "public"
   },
   "dependencies": {
-    "@lendry-erp/contracts": "^1.0.24",
-    "@lendry-erp/passport": "^1.0.3",
     "@nestjs/microservices": "^11.1.17",
     "rxjs": "^7.8.2",
-    "ts-proto": "^2.11.6"
+    "ts-proto": "^2.11.6",
+    "@grpc/grpc-js": "^1.14.3"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",

proto/account.proto

@@ -1,42 +0,0 @@
-syntax = "proto3";
-
-package account.v1;
-
-option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
-
-service AccountService {
-  rpc GetAccount(GetAccountRequest) returns (GetAccountResponse);
-}
-
-message GetAccountRequest {
-  string id = 1;
-}
-
-message GetAccountResponse {
-  string id = 1;
-  string username = 2;
-  string email = 3;
-  string phone = 4;
-  string full_name = 5;
-  bool is_ldap = 6;
-  string status = 7;
-  repeated string roles = 8;
-  string avatar_url = 9;
-  optional string employee_id = 10;
-  Presence presence = 11;
-  string last_active = 12;
-  string custom_status_text = 13;
-  string custom_status_emoji = 14;
-  string timezone = 15;
-  string language = 16;
-  bool two_fa_enabled = 17;
-  bool has_pin = 18;
-}
-
-enum Presence {
-  PRESENCE_UNSPECIFIED = 0;
-  OFFLINE = 1;
-  ONLINE = 2;
-  AWAY = 3;
-}
-

proto/admin/admin-account.proto

@@ -0,0 +1,257 @@
+syntax = "proto3";
+
+package admin.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+// Единый сервис для всех административных операций
+service AdminService {
+  // Управление учетными записями
+  rpc CreateUser(CreateUserRequest) returns (CreateUserResponse);
+  rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse);
+  rpc BlockUser(BlockUserRequest) returns (BlockUserResponse);
+  rpc UnblockUser(UnblockUserRequest) returns (UnblockUserResponse);
+  
+  // Управление данными и безопасностью
+  rpc ChangeData(ChangeDataRequest) returns (ChangeDataResponse);
+  rpc AdminResetPassword (AdminResetPasswordRequest) returns (AdminResetPasswordResponse);
+  
+  // Управление ролями (RBAC)
+  rpc AssignRole (AssignRoleRequest) returns (AssignRoleResponse);
+  rpc RevokeRole (RevokeRoleRequest) returns (RevokeRoleResponse);
+
+  // Управление черным списком IP
+  rpc BlockIp(BlockIpRequest) returns (BlockIpResponse);
+  rpc UnblockIp(UnblockIpRequest) returns (UnblockIpResponse);
+
+  // Синхронизация с поисковым движком (Elasticsearch)
+  rpc SyncUsersToSearch (SyncUsersToSearchRequest) returns (SyncUsersToSearchResponse);
+  rpc HandleGrafanaAlert(GrafanaAlertRequest) returns (GrafanaAlertResponse);
+
+
+  // RBAC
+  rpc GetAllPermissions (GetAllPermissionsAdminRequest) returns (GetAllPermissionsAdminResponse);
+  rpc GetAllRoles(GetAllRolesAdminRequest) returns (GetAllRolesAdminResponse);
+  rpc CreateRole(CreateRoleAdminRequest) returns (ModifyRoleAdminResponse);
+  rpc UpdateRole(UpdateRoleAdminRequest) returns (ModifyRoleAdminResponse);
+  rpc DeleteRole(DeleteRoleAdminRequest) returns (DeleteRoleAdminResponse);
+  rpc CreatePermission(CreatePermissionAdminRequest) returns (ModifyPermissionAdminResponse);
+  rpc UpdatePermission(UpdatePermissionAdminRequest) returns (ModifyPermissionAdminResponse);
+}
+
+// --- DTO для управления учетными записями ---
+
+message CreateUserRequest {
+  string username = 1;
+  string password = 2;
+  repeated string roles = 3;
+}
+
+message CreateUserResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message DeleteUserRequest {
+  string user_id = 1;
+}
+
+message DeleteUserResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message BlockUserRequest {
+  string user_id = 1; // Кого блокируем
+  string admin_id = 2; // Кто блокирует
+  optional string reason = 3;
+}
+
+message BlockUserResponse { 
+  bool success = 1; 
+  string message = 2; 
+}
+
+message UnblockUserRequest {
+  string user_id = 1;
+  string admin_id = 2;
+}
+
+message UnblockUserResponse { 
+  bool success = 1; 
+  string message = 2; 
+}
+
+// --- DTO для управления данными и безопасностью ---
+
+message ChangeDataRequest {
+  string user_id = 1;
+  string session_id = 2;
+  optional string email = 3;
+  optional string phone = 4;
+  optional string full_name = 5;
+  optional string avatar_url = 6;
+  optional string custom_status_text = 7;
+  optional string custom_status_emoji = 8;
+  optional string timezone = 9;
+  optional string language = 10;
+  optional bool is_public = 11;
+}
+
+message ChangeDataResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message AdminResetPasswordRequest {
+  string user_id = 1;
+  string new_password = 2;
+}
+
+message AdminResetPasswordResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+// --- DTO для управления ролями (RBAC) ---
+
+message AssignRoleRequest {
+  string user_id = 1;
+  string role_id = 2; // Передаем как string, внутри парсим в Int
+}
+
+message AssignRoleResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message RevokeRoleRequest {
+  string user_id = 1;
+  string role_id = 2;
+}
+
+message RevokeRoleResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+// --- DTO для управления черным списком IP ---
+
+message BlockIpRequest {
+  string ip_address = 1;
+  string admin_id = 2;
+  optional string reason = 3;
+}
+
+message BlockIpResponse { 
+  bool success = 1; 
+  string message = 2; 
+}
+
+message UnblockIpRequest {
+  string ip_address = 1;
+  string admin_id = 2;
+}
+
+message UnblockIpResponse { 
+  bool success = 1; 
+  string message = 2; 
+}
+
+// --- DTO для синхронизации с поиском ---
+
+message SyncUsersToSearchRequest {
+  // Пустой запрос, так как параметры не требуются
+}
+
+message SyncUsersToSearchResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message GetAllPermissionsAdminRequest {
+    string user_id = 1;
+    string session_id = 2;
+}
+
+message PermissionAdmin {
+    string id = 1;
+    string code = 2;
+    string description = 3;
+    string module = 4;
+    repeated string roles = 5;
+}
+
+message GetAllPermissionsAdminResponse {
+    repeated PermissionAdmin permissions = 1;
+}
+
+message GetAllRolesAdminRequest {
+    string user_id = 1;
+    string session_id = 2;
+}
+
+message RolesAdmin {
+    string id = 1;
+    string name = 2;
+    int32 level = 3;
+    repeated string permissions = 4;
+    repeated string ldap_mapping = 5;
+    repeated string accounts = 6;
+}
+
+message GetAllRolesAdminResponse {
+    repeated RolesAdmin roles = 1;
+}
+
+message CreateRoleAdminRequest {
+    string name = 1;
+    int32 level = 2;
+    repeated string permission_codes = 3;
+}
+
+message UpdateRoleAdminRequest {
+    string id = 1;
+    optional string name = 2;
+    optional int32 level = 3;
+    repeated string permission_codes = 4;
+}
+
+message ModifyRoleAdminResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message DeleteRoleAdminRequest {
+    string id = 1;
+}
+
+message DeleteRoleAdminResponse {
+    bool success = 1;
+    string message = 2;
+    optional string fallback_role_name = 3;
+}
+
+message CreatePermissionAdminRequest {
+    string code = 1;
+    string description = 2;
+    string module = 3;
+}
+
+message UpdatePermissionAdminRequest {
+    string id = 1;
+    repeated string role_ids = 2; 
+}
+
+message ModifyPermissionAdminResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message GrafanaAlertRequest {
+  string payload = 1;
+}
+// Успешно ли обработан алерт
+message GrafanaAlertResponse {
+  bool success = 1;
+}

proto/admin/audit.proto

@@ -0,0 +1,37 @@
+syntax = "proto3";
+
+package audit.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service AuditService {
+  rpc GetAuditLogs(GetAuditLogsRequest) returns (GetAuditLogsResponse);
+}
+
+message GetAuditLogsRequest {
+  optional string account_id = 1;
+  optional string type = 2;
+  optional string action = 3;
+  optional string start_date = 4; // ISO string
+  optional string end_date = 5;   // ISO string
+  int32 page = 6;
+  int32 limit = 7;
+}
+
+message AuditLogItem {
+  string id = 1;
+  string account_id = 2;
+  string type = 3;
+  string action = 4;
+  string ip_address = 5;
+  string user_agent = 6;
+  string detail = 7;
+  string created_at = 8;
+}
+
+message GetAuditLogsResponse {
+  repeated AuditLogItem logs = 1;
+  int32 total = 2;
+  int32 page = 3;
+  int32 total_pages = 4;
+}

proto/admin/rbac.proto

@@ -0,0 +1,134 @@
+syntax = "proto3";
+
+package rbac.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+
+
+service RbacService {
+  rpc CreateRole(CreateRoleRequest) returns (ModifyRoleResponse);
+  rpc UpdateRole(UpdateRoleRequest) returns (ModifyRoleResponse);
+  rpc DeleteRole(DeleteRoleRequest) returns (DeleteRoleResponse);
+  
+  rpc CreatePermission(CreatePermissionRequest) returns (ModifyPermissionResponse);
+  rpc UpdatePermission(UpdatePermissionRequest) returns (ModifyPermissionResponse);
+
+  rpc GetAllPermissions (GetAllPermissionsRequest) returns (GetAllPermissionsResponse);
+  rpc GetAllRoles(GetAllRolesRequest) returns (GetAllRolesResponse);
+
+  rpc AssignRolesByName(AssignRolesByNameRequest) returns (ModifyRoleResponse);
+  rpc GetUserRolesAndPermissions(GetUserRolesRequest) returns (GetUserRolesResponse);
+  rpc AssignRoleToUser(AssignRoleToUserRequest) returns (ModifyRoleResponse);
+  rpc RevokeRoleFromUser(RevokeRoleFromUserRequest) returns (ModifyRoleResponse);
+
+  rpc SyncLdapRoles(SyncLdapRolesRequest) returns (ModifyRoleResponse);
+}
+
+message GetAllPermissionsRequest {
+    string user_id = 1;
+    string session_id=2;
+}
+
+message GetAllPermissionsResponse {
+    repeated Permission permissions = 1;
+}
+
+message Permission {
+    string id = 1;
+    string code = 2;
+    string description = 3;
+    string module = 4;
+    repeated string roles = 5;
+}
+
+message GetAllRolesRequest {
+    string user_id = 1;
+    string session_id=2;
+}
+
+message GetAllRolesResponse {
+    repeated Roles roles = 1;
+}
+
+message CreateRoleRequest {
+    string name = 1;
+    int32 level = 2;
+    repeated string permission_codes = 3;
+}
+
+message UpdateRoleRequest {
+    string id = 1;
+    optional string name = 2;
+    optional int32 level = 3;
+    repeated string permission_codes = 4;
+}
+
+message ModifyRoleResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message DeleteRoleRequest {
+    string id = 1;
+}
+
+message DeleteRoleResponse {
+    bool success = 1;
+    string message = 2;
+    optional string fallback_role_name = 3;
+}
+
+message CreatePermissionRequest {
+    string code = 1;
+    string description = 2;
+    string module = 3;
+}
+
+message UpdatePermissionRequest {
+    string id = 1;
+    repeated string role_ids = 2; // Привязка к конкретным ролям
+}
+
+message ModifyPermissionResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message Roles {
+    string id = 1;
+    string name = 2;
+    int32 level = 3;
+    repeated string permissions = 4;
+    repeated string ldap_mapping = 5;
+    repeated string accounts = 6;
+}
+
+message GetUserRolesRequest {
+  string user_id = 1;
+}
+
+message GetUserRolesResponse {
+  repeated string roles = 1; // например: ["ADMIN", "MANAGER"]
+  repeated string permissions = 2; // например: ["users:read", "billing:write"]
+  int32 max_role_level = 3; // Максимальный уровень роли пользователя
+}
+
+message AssignRolesByNameRequest {
+  string user_id = 1;
+  repeated string roles = 2;
+}
+message AssignRoleToUserRequest {
+  string user_id = 1;
+  int32 role_id = 2;
+}
+
+message RevokeRoleFromUserRequest {
+  string user_id = 1;
+  int32 role_id = 2;
+}
+
+message SyncLdapRolesRequest {
+  string user_id = 1;
+  repeated string ldap_groups = 2;
+}

proto/auth.proto

@@ -1,85 +0,0 @@
-syntax = "proto3";
-
-package auth.v1;
-
-option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
-
-service AuthService {
-    rpc Login (LoginRequest) returns (LoginResponse);
-    rpc Refresh (RefreshRequest) returns (RefreshResponse);
-    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
-    rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
-    rpc Logout (LogoutRequest) returns (LogoutResponse);
-    rpc LogoutAll (LogoutRequest) returns (LogoutResponse);
-    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
-    
-}
-
-message LoginRequest {
-  string username = 1;
-  string password = 2;
-}
-
-message LoginResponse {
-  string access_token = 1;
-  string refresh_token = 2;
-  string status = 3;
-  bool need2fa = 4;
-  optional string temp_token = 5;
-  optional string message = 6;
-  optional string error_code = 7;
-}
-
-message RefreshRequest {
-  string refresh_token = 1;
-}
-
-message RefreshResponse {
-  string access_token = 1;
-  string refresh_token = 2;
-}
-
-message LogoutRequest {
-  string access_token = 1;
-}
-
-message LogoutResponse {
-  bool success = 1;
-  string message = 2;
-}
-
-message VerifyTokenRequest {
-  string token = 1;
-}
-
-message VerifyTokenResponse {
-  bool is_valid = 1;
-  optional string error_message = 2;
-  optional string id = 3;
-  optional string username = 4;
-  optional int32 role_level = 5;
-  repeated string permissions = 6;
-  optional string session_id = 7;
-  optional bool requires_pin = 8;
-}
-
-message GetAccountRoleLevelRequest {
-  string account_id = 1;
-}
-
-message GetAccountRoleLevelResponse {
-  bool found = 1;
-  int32 role_level = 2;
-}
-
-message UnlockPinRequest {
-  string access_token = 1;
-  string pin_code = 2;
-}
-
-message UnlockPinResponse {
-  bool success = 1;
-  string message = 2;
-}
-
-

proto/chat/chat.proto

@@ -0,0 +1,154 @@
+syntax = "proto3";
+
+package chat.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service ChatService {
+  // Управление чатами (левая панель)
+  rpc CreateChat(CreateChatRequest) returns (CreateChatResponse);
+  rpc GetUserChats(GetUserChatsRequest) returns (GetUserChatsResponse);
+  rpc GetChatDetails(GetChatDetailsRequest) returns (GetChatDetailsResponse); // Открытие инфы о группе/собеседнике
+  
+  // Управление участниками группы
+  rpc JoinChat(JoinChatRequest) returns (JoinChatResponse);
+  rpc LeaveChat(LeaveChatRequest) returns (LeaveChatResponse);
+  rpc RemoveMember(RemoveMemberRequest) returns (RemoveMemberResponse); // Админ кикает пользователя
+  rpc MuteChat(MuteChatRequest) returns (MuteChatResponse); // Выключить/включить пуши для чата
+  
+  // Управление сообщениями (правое окно)
+  rpc GetMessages(GetMessagesRequest) returns (GetMessagesResponse);
+  rpc SendMessage(SendMessageRequest) returns (MessageDto); 
+  rpc EditMessage(EditMessageRequest) returns (MessageDto); // Новое
+  rpc DeleteMessage(DeleteMessageRequest) returns (DeleteMessageResponse);
+  
+  // Статусы
+  rpc MarkAsRead(MarkAsReadRequest) returns (MarkAsReadResponse);
+}
+
+// --- СТРУКТУРЫ ДАННЫХ --- //
+
+message MessageDto {
+  string id = 1;
+  string chat_id = 2;
+  string sender_id = 3;
+  string type = 4; // TEXT, VOICE, VIDEO_NOTE, STICKER, IMAGE
+  string content = 5; // Для текста - сам текст. Для медиа - URL S3!
+  string metadata = 6; // Ширина/высота картинки, длительность войса (JSON string)
+  string reply_to_id = 7;
+  bool is_edited = 8;
+  string created_at = 9;
+}
+
+message ChatMemberDto {
+  string account_id = 1;
+  string role = 2; // OWNER, ADMIN, MEMBER
+  bool is_muted = 3;
+  string joined_at = 4;
+}
+
+message ChatDto {
+  string id = 1;
+  string type = 2; // DIRECT, GROUP, CHANNEL
+  string title = 3;
+  string avatar_url = 4;
+  int32 unread_count = 5;
+  MessageDto last_message = 6; 
+  bool is_muted = 7; // Полезно для рендера иконки перечеркнутого колокольчика
+}
+
+// --- ЗАПРОСЫ / ОТВЕТЫ --- //
+
+message CreateChatRequest {
+  string creator_id = 1; 
+  string type = 2; 
+  string title = 3; 
+  repeated string participant_ids = 4; 
+}
+message CreateChatResponse {
+  ChatDto chat = 1;
+}
+
+message GetUserChatsRequest {
+  string user_id = 1;
+  int32 offset = 2; 
+  int32 limit = 3;
+}
+message GetUserChatsResponse {
+  repeated ChatDto chats = 1;
+}
+
+// Получаем профили всех участников и ссылку-приглашение (join_hash)
+message GetChatDetailsRequest {
+  string user_id = 1;
+  string chat_id = 2;
+}
+message GetChatDetailsResponse {
+  ChatDto chat = 1;
+  string join_hash = 2; // Для ссылки-приглашения (t.me/join/...)
+  repeated ChatMemberDto members = 3; 
+}
+
+message JoinChatRequest {
+  string user_id = 1;
+  string chat_id = 2; // Передаем либо chat_id, либо вытаскиваем его из join_hash
+}
+message JoinChatResponse { bool success = 1; }
+
+message LeaveChatRequest {
+  string user_id = 1;
+  string chat_id = 2;
+}
+message LeaveChatResponse { bool success = 1; }
+
+message RemoveMemberRequest {
+  string admin_id = 1; // Кто кикает (нужно проверить права)
+  string target_user_id = 2; // Кого кикают
+  string chat_id = 3;
+}
+message RemoveMemberResponse { bool success = 1; }
+
+message MuteChatRequest {
+  string user_id = 1;
+  string chat_id = 2;
+  bool is_muted = 3; // true = выключить звук, false = включить
+}
+message MuteChatResponse { bool success = 1; }
+
+message GetMessagesRequest {
+  string user_id = 1;
+  string chat_id = 2;
+  int32 limit = 3;
+  string before_msg_id = 4; 
+}
+message GetMessagesResponse {
+  repeated MessageDto messages = 1;
+}
+
+message SendMessageRequest {
+  string chat_id = 1;
+  string sender_id = 2;
+  string type = 3;
+  string content = 4;
+  string reply_to_id = 5;
+}
+
+message EditMessageRequest {
+  string user_id = 1;
+  string message_id = 2;
+  string new_content = 3;
+}
+
+message DeleteMessageRequest {
+  string user_id = 1;
+  string message_id = 2;
+  bool for_everyone = 3; // "Удалить только у себя" или "Удалить для всех"
+}
+message DeleteMessageResponse { bool success = 1; }
+
+message MarkAsReadRequest {
+  string user_id = 1;
+  string chat_id = 2;
+  string message_id = 3; // ID последнего видимого сообщения
+}
+message MarkAsReadResponse { bool success = 1; }

proto/ldap-auth.proto

@@ -1,26 +0,0 @@
-syntax = "proto3";
-
-package ldap_auth.v1;
-
-option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
-
-import "ldap.proto";
-
-
-service LdapAuthService {
-  rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
-
-}
-
-// --- Авторизация ---
-message VerifyRequest {
-  string username = 1;
-  string password = 2;
-}
-
-message VerifyResponse {
-  bool success = 1;
-  string error_message = 2;
-  ldap.v1.UserData user = 3; // Отдаем полные данные при успешном входе
-}
-

proto/notifications/notifications.proto

@@ -0,0 +1,107 @@
+syntax = "proto3";
+
+// Указываем пакет для логической изоляции
+package notifications.v1;
+
+// Импортируем стандартные типы Google для работы с датами и произвольным JSON
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/struct.proto";
+
+// Опции для генерации кода (особенно полезно для Go, если понадобится)
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+// -----------------------------------------------------------------------------
+// Сервис Уведомлений
+// -----------------------------------------------------------------------------
+service NotificationService {
+  // --- Публичные методы (Вызываются из API Gateway от лица клиента) ---
+
+  // Получить список уведомлений пользователя с пагинацией
+  rpc GetUserNotifications (GetNotificationsRequest) returns (GetNotificationsResponse);
+
+  // Получить количество непрочитанных уведомлений (для бейджика на иконке)
+  rpc GetUnreadCount (GetUnreadCountRequest) returns (GetUnreadCountResponse);
+
+  // Отметить конкретное уведомление как прочитанное
+  rpc MarkAsRead (MarkAsReadRequest) returns (MarkAsReadResponse);
+
+  // Отметить все уведомления пользователя как прочитанные
+  rpc MarkAllAsRead (MarkAllAsReadRequest) returns (MarkAllAsReadResponse);
+
+
+  // --- Внутренние методы (Вызываются другими микросервисами: CRM, ERP, Auth) ---
+
+  // Отправить уведомление (CRM/ERP вызывает этот метод, а NestJS уже кидает в RabbitMQ)
+  rpc SendNotification (SendNotificationRequest) returns (SendNotificationResponse);
+}
+
+// -----------------------------------------------------------------------------
+// Базовые модели
+// -----------------------------------------------------------------------------
+
+// Структура самого уведомления
+message Notification {
+  string id = 1;
+  string user_id = 2;
+  string type = 3; // Например: "SYSTEM_ALERT", "NEW_MESSAGE", "TASK_ASSIGNED"
+  string title = 4; // Заголовок (опционально)
+  string text = 5; // Текст уведомления
+  google.protobuf.Struct payload = 6; // Любая динамическая JSON-нагрузка (например, { "task_id": 123 })
+  bool is_read = 7;
+  google.protobuf.Timestamp created_at = 8;
+}
+
+// -----------------------------------------------------------------------------
+// Запросы и ответы (Requests / Responses)
+// -----------------------------------------------------------------------------
+
+message GetNotificationsRequest {
+  string user_id = 1; // ID пользователя запрашивающего данные (Gateway берет это из JWT)
+  int32 limit = 2; // Для пагинации (например, 20)
+  int32 offset = 3; // Для пагинации (например, 0)
+  optional bool unread_only = 4;                  // Фильтр: получить только непрочитанные
+}
+
+message GetNotificationsResponse {
+  repeated Notification notifications = 1; // Массив уведомлений
+  int32 total_count = 2; // Общее количество (для UI пагинации)
+}
+
+message GetUnreadCountRequest {
+  string user_id = 1;
+}
+
+message GetUnreadCountResponse {
+  int32 count = 1;
+}
+
+message MarkAsReadRequest {
+  string user_id = 1;
+  string notification_id = 2;
+}
+
+message MarkAsReadResponse {
+  bool success = 1;
+}
+
+message MarkAllAsReadRequest {
+  string user_id = 1;
+}
+
+message MarkAllAsReadResponse {
+  bool success = 1;
+  int32 updated_count = 2; // Сколько уведомлений было обновлено
+}
+
+message SendNotificationRequest {
+  string user_id = 1; // Кому отправляем (если пусто — можно сделать бродкаст, но лучше отдельный метод)
+  string type = 2;
+  string title = 3;
+  string text = 4;
+  google.protobuf.Struct payload = 5; // Метаданные для UI (ссылки, ID сущностей)
+}
+
+message SendNotificationResponse {
+  bool success = 1;
+  string notification_id = 2; // ID созданного уведомления в Postgres
+}

proto/search/search.proto

@@ -0,0 +1,32 @@
+syntax = "proto3";
+
+package search.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service SearchService {
+  rpc SearchUsers (SearchUsersRequest) returns (SearchUsersResponse);
+  // В будущем сюда добавятся:
+  // rpc SearchMessages (SearchMessagesRequest) returns (SearchMessagesResponse);
+  // rpc SearchTickets (SearchTicketsRequest) returns (SearchTicketsResponse);
+}
+
+message SearchUsersRequest {
+  string query = 1;
+  string user_id = 2; 
+  string session_id = 3; 
+  optional string status = 4; 
+}
+
+message SearchUserItem {
+  string id = 1;
+  string username = 2;
+  string full_name = 3;
+  string avatar_url = 4;
+  string status = 5;
+  bool is_public = 6;
+}
+
+message SearchUsersResponse {
+  repeated SearchUserItem users = 1;
+}

proto/sso/account.proto

@@ -0,0 +1,98 @@
+syntax = "proto3";
+
+package account.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service AccountService {
+  rpc GetAccount(GetAccountRequest) returns (GetAccountResponse);
+  rpc ChangePassword (ChangePasswordRequest) returns (ChangePasswordResponse);
+  rpc SetPin (SetPinRequest) returns (SetPinResponse);
+  rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
+  rpc GetPinStatus (GetPinStatusRequest) returns (GetPinStatusResponse);
+  rpc RemovePin (RemovePinRequest) returns (RemovePinResponse);
+}
+
+message GetAccountRequest {
+  string id = 1;
+}
+
+message GetAccountResponse {
+  string id = 1;
+  string username = 2;
+  string email = 3;
+  string phone = 4;
+  string full_name = 5;
+  bool is_ldap = 6;
+  string status = 7;
+  repeated string roles = 8;
+  string avatar_url = 9;
+  optional string employee_id = 10;
+  string presence = 11;
+  string last_active = 12;
+  string custom_status_text = 13;
+  string custom_status_emoji = 14;
+  string timezone = 15;
+  string language = 16;
+  bool two_fa_enabled = 17;
+  bool has_pin = 18;
+}
+
+message ChangePasswordRequest {
+  string user_id = 1;
+  string old_password = 3;
+  string new_password = 4;
+  optional string code = 5;
+  string session_id = 6;
+}
+
+message ChangePasswordResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+
+message SetPinRequest {
+  string user_id = 1;
+  string session_id = 2;
+  string pin = 3;
+}
+
+message SetPinResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message UnlockPinRequest {
+  string user_id = 1;
+  string session_id = 2;
+  string pin = 3;
+}
+
+message UnlockPinResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message GetPinStatusRequest {
+  string user_id = 1;
+  string session_id = 2;
+}
+
+message GetPinStatusResponse {
+  bool has_pin = 1;
+  bool is_locked = 2;
+  string lock_until = 3;
+}
+
+message RemovePinRequest {
+  string pin = 1;
+  string user_id = 2;
+  string session_id=3;
+}
+message RemovePinResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+

proto/sso/auth.proto

@@ -0,0 +1,202 @@
+syntax = "proto3";
+
+package auth.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service AuthService {
+    rpc Login (LoginRequest) returns (LoginResponse);
+    rpc Refresh (RefreshRequest) returns (RefreshResponse);
+    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
+    rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
+    rpc Logout (LogoutRequest) returns (LogoutResponse);
+    rpc LogoutOther (LogoutRequest) returns (LogoutResponse);
+    rpc GetSessions(GetSessionRequest) returns (GetSessionsResponse);
+    rpc TerminateSession(TerminateSessionRequest) returns (TerminateSessionResponse);
+
+    // === OAuth2 SSO ===
+    rpc GenerateOauthCode (GenerateOauthCodeRequest) returns (GenerateOauthCodeResponse);
+    rpc ExchangeOauthCode (ExchangeOauthCodeRequest) returns (ExchangeOauthCodeResponse);
+
+    // Системные методы для админа 
+    rpc SystemCreateAccount (SystemCreateAccountRequest) returns (SystemCreateAccountResponse);
+    rpc SystemChangeStatus (SystemChangeStatusRequest) returns (SystemChangeStatusResponse);
+    rpc SystemUpdatePassword (SystemUpdatePasswordRequest) returns (SystemUpdatePasswordResponse);
+    rpc SystemUpdatePin (SystemUpdatePinRequest) returns (SystemUpdatePinResponse);
+    rpc SystemBlockIp(SystemBlockIpRequest) returns (SystemBlockIpResponse);
+    rpc SystemUnblockIp(SystemUnblockIpRequest) returns (SystemUnblockIpResponse);
+    rpc SystemGetAllAccounts (SystemGetAllAccountsRequest) returns (SystemGetAllAccountsResponse);
+}
+
+message LoginRequest {
+  string username = 1;
+  string password = 2;
+  string device_id = 3; // Уникальный идентификатор устройства клиента
+  string public_key = 4; // Публичный ключ устройства для шифрования сообщений
+}
+
+message LoginResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  string status = 3;
+  bool need2fa = 4;
+  optional string temp_token = 5;
+  optional string message = 6;
+  optional string error_code = 7;
+}
+
+message RefreshRequest {
+  string refresh_token = 1;
+}
+
+message RefreshResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+}
+
+message LogoutRequest {
+  string user_id = 1;
+  string session_id = 2;
+}
+
+message LogoutResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message VerifyTokenRequest {
+  string token = 1;
+}
+
+message VerifyTokenResponse {
+  bool is_valid = 1;
+  optional string error_message = 2;
+  optional string id = 3;
+  optional string username = 4;
+  optional int32 role_level = 5;
+  repeated string permissions = 6;
+  optional string session_id = 7;
+  optional bool requires_pin = 8;
+  optional string device_id = 9;
+}
+
+message GetAccountRoleLevelRequest {
+  string account_id = 1;
+}
+
+message GetAccountRoleLevelResponse {
+  bool found = 1;
+  int32 role_level = 2;
+}
+
+message GetSessionRequest {
+  string user_id = 1;
+  string current_session_id = 2;
+}
+
+message SessionItem {
+  string id = 1; // Здесь будет лежать захэшированный ID
+  string ip_address = 2;
+  string user_agent = 3;
+  int64 last_activity = 4; // Unix timestamp в миллисекундах
+  bool is_current = 5; // Флаг текущей сессии
+  string device_id = 6;
+}
+
+message GetSessionsResponse {
+  repeated SessionItem sessions = 1;
+}
+
+message TerminateSessionRequest {
+  string user_id = 1;
+  string target_hash = 2; // Хэш сессии, которую нужно убить
+}
+
+message TerminateSessionResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+
+// === Сообщения для OAuth2 SSO ===
+
+message GenerateOauthCodeRequest {
+  string user_id = 1;
+}
+
+message GenerateOauthCodeResponse {
+  string code = 1;
+}
+
+message ExchangeOauthCodeRequest {
+  string code = 1;
+  string client_id = 2;
+  string client_secret = 3;
+}
+
+message ExchangeOauthCodeResponse {
+  string access_token = 1;
+  int32 expires_in = 2;
+}
+
+message SystemCreateAccountRequest {
+  string username = 1;
+  string password_hash = 2; // Хеш пароля генерирует Admin Service и передает сюда
+  bool is_ldap = 3;
+}
+message SystemCreateAccountResponse {
+  string account_id = 1;
+}
+
+message SystemChangeStatusRequest {
+  string account_id = 1;
+  string status = 2; // 'ACTIVE', 'BLOCKED', 'DELETED'
+}
+message SystemChangeStatusResponse { bool success = 1; }
+
+message SystemUpdatePasswordRequest {
+  string account_id = 1;
+  string new_password_hash = 2;
+}
+message SystemUpdatePasswordResponse { bool success = 1; }
+
+message SystemUpdatePinRequest {
+  string account_id = 1;
+  optional string pin_hash = 2; // null если удаляем
+}
+
+message SystemUpdatePinResponse { bool success = 1; }
+
+message SystemBlockIpRequest {
+  string ip_address = 1;
+  string admin_id = 2;
+  optional string reason = 3;
+}
+
+message SystemBlockIpResponse {
+  bool success = 1;
+}
+
+message SystemUnblockIpRequest {
+  string ip_address = 1;
+}
+
+message SystemUnblockIpResponse {
+  bool success = 2;
+}
+
+message SystemGetAllAccountsRequest {
+  int32 limit = 1;
+  int32 offset = 2;
+}
+
+message AccountBasicItem {
+  string id = 1;
+  string username = 2;
+  string status = 3;
+}
+
+message SystemGetAllAccountsResponse {
+  repeated AccountBasicItem accounts = 1;
+  int32 total = 2;
+}

proto/sso/ldap-auth.proto

@@ -0,0 +1,37 @@
+syntax = "proto3";
+
+package ldap_auth.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+
+
+service LdapAuthService {
+  rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
+
+}
+
+message LdapUserData {
+  string dn = 1; // Полный путь в AD (Distinguished Name)
+  string username = 2; // Логин (sAMAccountName)
+  string display_name = 3; // ФИО (displayName)
+  string email = 4; // Почта (mail)
+  string description = 5; // Описание/Должность (description)
+  bytes avatar = 6; // Аватарка в байтах (thumbnailPhoto)
+  repeated string groups = 7; // Список групп
+  bool is_active = 8; // Статус аккаунта
+  string phone = 9;
+}
+
+// --- Авторизация ---
+message VerifyRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message VerifyResponse {
+  bool success = 1;
+  string error_message = 2;
+  LdapUserData user = 3; // Отдаем полные данные при успешном входе
+}
+

proto/users/users.proto

@@ -0,0 +1,150 @@
+syntax = "proto3";
+
+package users.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service UsersService {
+  rpc GetProfile (GetProfileRequest) returns (GetProfileResponse);
+  rpc UpdateProfile (UpdateProfileRequest) returns (UpdateProfileResponse);
+  // Для системного использования (вызывается из Auth/Admin)
+  rpc CreateProfile (CreateProfileRequest) returns (CreateProfileResponse);
+  rpc SoftDeleteProfile(SoftDeleteProfileRequest) returns (SoftDeleteProfileResponse);
+
+  // --- НОВЫЕ МЕТОДЫ МЕССЕНДЖЕРА ---
+  rpc BlockUser (BlockUserRequest) returns (BlockUserResponse);
+  rpc UnblockUser (UnblockUserRequest) returns (UnblockUserResponse);
+  rpc GetBlockedUsers (GetBlockedUsersRequest) returns (GetBlockedUsersResponse);
+  rpc AddContact (AddContactRequest) returns (AddContactResponse);
+  rpc GetContacts (GetContactsRequest) returns (GetContactsResponse);
+
+  rpc SystemGetProfileBatch(SystemGetProfileBatchRequest) returns (SystemGetProfileBatchResponse);
+}
+
+message UserSettingsMessage {
+  optional string privacy_phone = 1;
+  optional string privacy_last_seen = 2;
+  optional string privacy_photo = 3;
+  optional string privacy_bio = 4;
+  optional string privacy_calls = 5;
+  optional string privacy_groups = 6;
+  optional string privacy_voice_msgs = 7;
+  optional bool notify_private_chats = 8;
+  optional bool notify_groups = 9;
+  optional bool notify_channels = 10;
+  optional bool show_message_preview = 11;
+  optional string theme = 12;
+  optional int32 text_size = 13;
+  optional string chat_background = 14;
+}
+
+message GetProfileRequest {
+  string user_id = 1; // Берется из access токена на API шлюзе
+}
+
+message GetProfileResponse {
+  string id = 1;
+  optional string email = 2;
+  optional string phone = 3;
+  optional string full_name = 4;
+  optional string avatar_url = 5;
+  bool is_public = 6;
+  string timezone = 7;
+  string language = 8;
+  optional string custom_status_text = 9;
+  optional string custom_status_emoji = 10;
+  optional UserSettingsMessage settings = 11; 
+}
+
+message UpdateProfileRequest {
+  string user_id = 1;
+  optional string email = 2;
+  optional string phone = 3;
+  optional string full_name = 4;
+  optional string avatar_url = 5;
+  optional string custom_status_text = 6;
+  optional string custom_status_emoji = 7;
+  optional string timezone = 8;
+  optional string language = 9;
+  optional bool is_public = 10;
+  optional UserSettingsMessage settings = 11; 
+}
+
+message UpdateProfileResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+// Вызывается другими сервисами при создании аккаунта
+message CreateProfileRequest {
+  string user_id = 1; // Обязательно передаем ID созданного аккаунта!
+  optional string email = 2;
+  optional string full_name = 3;
+  optional string phone = 4;
+  optional string avatar_url = 5;
+}
+
+message CreateProfileResponse {
+  bool success = 1;
+}
+
+message SoftDeleteProfileRequest {
+  string user_id = 1;
+}
+
+message SoftDeleteProfileResponse {
+  bool success = 1;
+}
+
+message ContactItem {
+  string contact_id = 1;
+  optional string alias = 2;
+}
+message AddContactRequest {
+  string user_id = 1;
+  string contact_id = 2;
+  optional string alias = 3;
+}
+message AddContactResponse { bool success = 1; }
+message GetContactsRequest {
+  string user_id = 1;
+}
+message GetContactsResponse {
+  repeated ContactItem contacts = 1;
+}
+message BlockedUserItem {
+  string blocked_id = 1;
+  string blocked_at = 2;
+}
+message BlockUserRequest {
+  string blocker_id = 1;
+  string blocked_id = 2;
+}
+message BlockUserResponse { bool success = 1; }
+message UnblockUserRequest {
+  string blocker_id = 1;
+  string blocked_id = 2;
+}
+message UnblockUserResponse { bool success = 1; }
+message GetBlockedUsersRequest {
+  string blocker_id = 1;
+}
+message GetBlockedUsersResponse {
+  repeated BlockedUserItem blocked_users = 1;
+}
+
+message SystemGetProfileBatchRequest {
+  repeated string user_ids = 1;
+}
+
+message ProfileBasicItem {
+  string id = 1;
+  optional string email = 2;
+  optional string phone = 3;
+  optional string full_name = 4;
+  bool is_public = 5;
+}
+
+message SystemGetProfileBatchResponse {
+  repeated ProfileBasicItem profiles = 1;
+}

src/events/index.ts

@@ -0,0 +1 @@
+export * from "./users";

src/events/users/audit-logs.interface.ts

@@ -0,0 +1,8 @@
+export interface AuditLog {
+  accountId?: string;
+  type?: string;
+  action?: string;
+  ipAddress?: string;
+  userAgent?: string;
+  detail?: string;
+}

src/events/users/chat.interface.ts

@@ -0,0 +1,11 @@
+export interface ChatMessageCreateEvent {
+  chatId: string;
+  senderId: string;
+  type: string;
+  content: string;
+  replyToId?: string;
+}
+export interface ChatTypingEvent {
+  chatId: string;
+  userId: string;
+}

src/events/users/index.ts

@@ -0,0 +1,3 @@
+export * from "./audit-logs.interface";
+export * from "./search-users.interface";
+export * from "./chat.interface";

src/events/users/search-users.interface.ts

@@ -0,0 +1,23 @@
+export type SearchAccountStatus = "ACTIVE" | "PENDING" | "BLOCKED" | "DELETED";
+
+export interface SearchUsersEvent {
+  /** * ID профиля или аккаунта (будет использоваться как _id документа в Elasticsearch)
+   */
+  profileId: string;
+
+  /** * Базовые данные для полнотекстового поиска
+   */
+  username: string;
+  fullName?: string;
+  email?: string;
+  phone?: string;
+
+  /** * Метаданные для отображения на фронтенде (чтобы не ходить в базу за аватаркой)
+   */
+  avatarUrl?: string;
+
+  /** * Метаданные для фильтрации и безопасности (RBAC)
+   */
+  status: SearchAccountStatus;
+  isPublic: boolean;
+}

src/index.ts

@@ -1 +1,2 @@
 export * from "./proto";
+export * from "./events";

src/proto/paths.ts

@@ -1,9 +1,19 @@
 import { join } from "path";
 
 export const PROTO_PATHS = {
-  AUTH: join(__dirname, "../../proto/auth.proto"),
-  LDAP_AUTH: join(__dirname, "../../proto/ldap-auth.proto"),
-  ACCOUNT: join(__dirname, "../../proto/account.proto"),
-  TWOFA: join(__dirname, "../../proto/twofa.proto"),
-  LDAP: join(__dirname, "../../proto/ldap.proto"),
+  AUTH: join(__dirname, "../../proto/sso/auth.proto"),
+  LDAP_AUTH: join(__dirname, "../../proto/sso/ldap-auth.proto"),
+  ACCOUNT: join(__dirname, "../../proto/sso/account.proto"),
+  TWOFA: join(__dirname, "../../proto/sso/twofa.proto"),
+  ADMIN: join(__dirname, "../../proto/admin/admin-account.proto"),
+  RBAC: join(__dirname, "../../proto/admin/rbac.proto"),
+  USERS: join(__dirname, "../../proto/users/users.proto"),
+  LDAP: join(__dirname, "../../proto/users/ldap.proto"),
+  SEARCH: join(__dirname, "../../proto/search/search.proto"),
+  AUDIT: join(__dirname, "../../proto/admin/audit.proto"),
+  NOTIFICATIONS: join(
+    __dirname,
+    "../../proto/notifications/notifications.proto",
+  ),
+  CHAT: join(__dirname, "../../proto/chat/chat.proto"),
 } as const;