chore: auto-generate protobuf files [skip ci]

.github/workflows/publish.yml

@@ -48,9 +48,22 @@ jobs:
       - name: Generate Protobuf
         run: |
           npm install -g ts-proto
+          mkdir -p ./gen/go  # Создаем вложенную папку для Go
           protoc -I ./proto ./proto/*.proto \
-            --ts_proto_out=nestJs=true,package=omit:./gen \
+            --ts_proto_out=nestJs=true,addGrpcMetadata=true,package=omit:./gen \
-            --go-grpc_out=paths=source_relative:./gen
+            --go_out=paths=source_relative:./gen/go \
+            --go-grpc_out=paths=source_relative:./gen/go
 
+      - name: Commit and push changes
+        run: |
+          # Представляемся Git-ботом
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Добавляем папку gen в индекс
+          git add ./gen
+
+          # Проверяем, есть ли изменения. Если есть — коммитим и пушим.
+          git diff --quiet && git diff --staged --quiet || (git commit -m "chore: auto-generate protobuf files [skip ci]" && git push)
       - name: Publish package
         run: npm publish

gen/go/identity_grpc.pb.go

@@ -0,0 +1,755 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: identity.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	AuthService_Login_FullMethodName               = "/identity.AuthService/Login"
+	AuthService_Refresh_FullMethodName             = "/identity.AuthService/Refresh"
+	AuthService_VerifyToken_FullMethodName         = "/identity.AuthService/VerifyToken"
+	AuthService_GetAccountRoleLevel_FullMethodName = "/identity.AuthService/GetAccountRoleLevel"
+	AuthService_Logout_FullMethodName              = "/identity.AuthService/Logout"
+	AuthService_LogoutAll_FullMethodName           = "/identity.AuthService/LogoutAll"
+	AuthService_UnlockPin_FullMethodName           = "/identity.AuthService/UnlockPin"
+	AuthService_Verify2Fa_FullMethodName           = "/identity.AuthService/Verify2Fa"
+)
+
+// AuthServiceClient is the client API for AuthService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type AuthServiceClient interface {
+	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
+	Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error)
+	VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error)
+	Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
+	UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error)
+	Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error)
+}
+
+type authServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
+	return &authServiceClient{cc}
+}
+
+func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LoginResponse)
+	err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Refresh(ctx context.Context, in *RefreshRequest, opts ...grpc.CallOption) (*RefreshResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(RefreshResponse)
+	err := c.cc.Invoke(ctx, AuthService_Refresh_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) VerifyToken(ctx context.Context, in *VerifyTokenRequest, opts ...grpc.CallOption) (*VerifyTokenResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyTokenResponse)
+	err := c.cc.Invoke(ctx, AuthService_VerifyToken_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) GetAccountRoleLevel(ctx context.Context, in *GetAccountRoleLevelRequest, opts ...grpc.CallOption) (*GetAccountRoleLevelResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetAccountRoleLevelResponse)
+	err := c.cc.Invoke(ctx, AuthService_GetAccountRoleLevel_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) LogoutAll(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(LogoutResponse)
+	err := c.cc.Invoke(ctx, AuthService_LogoutAll_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) UnlockPin(ctx context.Context, in *UnlockPinRequest, opts ...grpc.CallOption) (*UnlockPinResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UnlockPinResponse)
+	err := c.cc.Invoke(ctx, AuthService_UnlockPin_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) Verify2Fa(ctx context.Context, in *Verify2FaRequest, opts ...grpc.CallOption) (*Verify2FaResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(Verify2FaResponse)
+	err := c.cc.Invoke(ctx, AuthService_Verify2Fa_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuthServiceServer is the server API for AuthService service.
+// All implementations must embed UnimplementedAuthServiceServer
+// for forward compatibility.
+type AuthServiceServer interface {
+	Login(context.Context, *LoginRequest) (*LoginResponse, error)
+	Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error)
+	VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error)
+	GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error)
+	Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error)
+	UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error)
+	Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error)
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+// UnimplementedAuthServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedAuthServiceServer struct{}
+
+func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Login not implemented")
+}
+func (UnimplementedAuthServiceServer) Refresh(context.Context, *RefreshRequest) (*RefreshResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Refresh not implemented")
+}
+func (UnimplementedAuthServiceServer) VerifyToken(context.Context, *VerifyTokenRequest) (*VerifyTokenResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyToken not implemented")
+}
+func (UnimplementedAuthServiceServer) GetAccountRoleLevel(context.Context, *GetAccountRoleLevelRequest) (*GetAccountRoleLevelResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetAccountRoleLevel not implemented")
+}
+func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
+}
+func (UnimplementedAuthServiceServer) LogoutAll(context.Context, *LogoutRequest) (*LogoutResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method LogoutAll not implemented")
+}
+func (UnimplementedAuthServiceServer) UnlockPin(context.Context, *UnlockPinRequest) (*UnlockPinResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UnlockPin not implemented")
+}
+func (UnimplementedAuthServiceServer) Verify2Fa(context.Context, *Verify2FaRequest) (*Verify2FaResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method Verify2Fa not implemented")
+}
+func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
+func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
+
+// UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to AuthServiceServer will
+// result in compilation errors.
+type UnsafeAuthServiceServer interface {
+	mustEmbedUnimplementedAuthServiceServer()
+}
+
+func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
+	// If the following call panics, it indicates UnimplementedAuthServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&AuthService_ServiceDesc, srv)
+}
+
+func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Login_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Refresh_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RefreshRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Refresh(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Refresh_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Refresh(ctx, req.(*RefreshRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_VerifyToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyTokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).VerifyToken(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_VerifyToken_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).VerifyToken(ctx, req.(*VerifyTokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_GetAccountRoleLevel_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetAccountRoleLevelRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_GetAccountRoleLevel_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).GetAccountRoleLevel(ctx, req.(*GetAccountRoleLevelRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Logout(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Logout_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_LogoutAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LogoutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).LogoutAll(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_LogoutAll_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).LogoutAll(ctx, req.(*LogoutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_UnlockPin_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UnlockPinRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).UnlockPin(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_UnlockPin_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).UnlockPin(ctx, req.(*UnlockPinRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_Verify2Fa_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(Verify2FaRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).Verify2Fa(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_Verify2Fa_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).Verify2Fa(ctx, req.(*Verify2FaRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var AuthService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "identity.AuthService",
+	HandlerType: (*AuthServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _AuthService_Login_Handler,
+		},
+		{
+			MethodName: "Refresh",
+			Handler:    _AuthService_Refresh_Handler,
+		},
+		{
+			MethodName: "VerifyToken",
+			Handler:    _AuthService_VerifyToken_Handler,
+		},
+		{
+			MethodName: "GetAccountRoleLevel",
+			Handler:    _AuthService_GetAccountRoleLevel_Handler,
+		},
+		{
+			MethodName: "Logout",
+			Handler:    _AuthService_Logout_Handler,
+		},
+		{
+			MethodName: "LogoutAll",
+			Handler:    _AuthService_LogoutAll_Handler,
+		},
+		{
+			MethodName: "UnlockPin",
+			Handler:    _AuthService_UnlockPin_Handler,
+		},
+		{
+			MethodName: "Verify2Fa",
+			Handler:    _AuthService_Verify2Fa_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "identity.proto",
+}
+
+const (
+	TwoFaService_GetTwoFaStatus_FullMethodName            = "/identity.TwoFaService/GetTwoFaStatus"
+	TwoFaService_StartTotpEnrollment_FullMethodName       = "/identity.TwoFaService/StartTotpEnrollment"
+	TwoFaService_ConfirmTotpErollment_FullMethodName      = "/identity.TwoFaService/ConfirmTotpErollment"
+	TwoFaService_CancelTotpEnrollment_FullMethodName      = "/identity.TwoFaService/CancelTotpEnrollment"
+	TwoFaService_DisableTotp_FullMethodName               = "/identity.TwoFaService/DisableTotp"
+	TwoFaService_StartTelegramEnrollment_FullMethodName   = "/identity.TwoFaService/StartTelegramEnrollment"
+	TwoFaService_ConfirmTelegramEnrollment_FullMethodName = "/identity.TwoFaService/ConfirmTelegramEnrollment"
+	TwoFaService_DisableTelegram_FullMethodName           = "/identity.TwoFaService/DisableTelegram"
+)
+
+// TwoFaServiceClient is the client API for TwoFaService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type TwoFaServiceClient interface {
+	GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error)
+}
+
+type twoFaServiceClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewTwoFaServiceClient(cc grpc.ClientConnInterface) TwoFaServiceClient {
+	return &twoFaServiceClient{cc}
+}
+
+func (c *twoFaServiceClient) GetTwoFaStatus(ctx context.Context, in *GetTwoFaStatusRequest, opts ...grpc.CallOption) (*GetTwoFaStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetTwoFaStatusResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_GetTwoFaStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTotpErollment(ctx context.Context, in *ConfirmTotpEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTotpErollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) CancelTotpEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*CancelTotpEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CancelTotpEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_CancelTotpEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTotp(ctx context.Context, in *DisableTotpRequest, opts ...grpc.CallOption) (*DisableTotpResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTotpResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTotp_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) StartTelegramEnrollment(ctx context.Context, in *AuthenticatedAccessRequest, opts ...grpc.CallOption) (*StartTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_StartTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) ConfirmTelegramEnrollment(ctx context.Context, in *ConfirmTelegramEnrollmentRequest, opts ...grpc.CallOption) (*ConfirmTelegramEnrollmentResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ConfirmTelegramEnrollmentResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_ConfirmTelegramEnrollment_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *twoFaServiceClient) DisableTelegram(ctx context.Context, in *DisableTelegramRequest, opts ...grpc.CallOption) (*DisableTelegramResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DisableTelegramResponse)
+	err := c.cc.Invoke(ctx, TwoFaService_DisableTelegram_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// TwoFaServiceServer is the server API for TwoFaService service.
+// All implementations must embed UnimplementedTwoFaServiceServer
+// for forward compatibility.
+type TwoFaServiceServer interface {
+	GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error)
+	StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error)
+	ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error)
+	CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error)
+	DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error)
+	StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error)
+	ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error)
+	DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error)
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+// UnimplementedTwoFaServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedTwoFaServiceServer struct{}
+
+func (UnimplementedTwoFaServiceServer) GetTwoFaStatus(context.Context, *GetTwoFaStatusRequest) (*GetTwoFaStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetTwoFaStatus not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTotpErollment(context.Context, *ConfirmTotpEnrollmentRequest) (*ConfirmTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTotpErollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) CancelTotpEnrollment(context.Context, *AuthenticatedAccessRequest) (*CancelTotpEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CancelTotpEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTotp(context.Context, *DisableTotpRequest) (*DisableTotpResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTotp not implemented")
+}
+func (UnimplementedTwoFaServiceServer) StartTelegramEnrollment(context.Context, *AuthenticatedAccessRequest) (*StartTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) ConfirmTelegramEnrollment(context.Context, *ConfirmTelegramEnrollmentRequest) (*ConfirmTelegramEnrollmentResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ConfirmTelegramEnrollment not implemented")
+}
+func (UnimplementedTwoFaServiceServer) DisableTelegram(context.Context, *DisableTelegramRequest) (*DisableTelegramResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method DisableTelegram not implemented")
+}
+func (UnimplementedTwoFaServiceServer) mustEmbedUnimplementedTwoFaServiceServer() {}
+func (UnimplementedTwoFaServiceServer) testEmbeddedByValue()                      {}
+
+// UnsafeTwoFaServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to TwoFaServiceServer will
+// result in compilation errors.
+type UnsafeTwoFaServiceServer interface {
+	mustEmbedUnimplementedTwoFaServiceServer()
+}
+
+func RegisterTwoFaServiceServer(s grpc.ServiceRegistrar, srv TwoFaServiceServer) {
+	// If the following call panics, it indicates UnimplementedTwoFaServiceServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&TwoFaService_ServiceDesc, srv)
+}
+
+func _TwoFaService_GetTwoFaStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetTwoFaStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_GetTwoFaStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).GetTwoFaStatus(ctx, req.(*GetTwoFaStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTotpErollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTotpEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTotpErollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTotpErollment(ctx, req.(*ConfirmTotpEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_CancelTotpEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_CancelTotpEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).CancelTotpEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTotp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTotpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTotp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTotp(ctx, req.(*DisableTotpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_StartTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AuthenticatedAccessRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_StartTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).StartTelegramEnrollment(ctx, req.(*AuthenticatedAccessRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_ConfirmTelegramEnrollment_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfirmTelegramEnrollmentRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_ConfirmTelegramEnrollment_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).ConfirmTelegramEnrollment(ctx, req.(*ConfirmTelegramEnrollmentRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _TwoFaService_DisableTelegram_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DisableTelegramRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: TwoFaService_DisableTelegram_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(TwoFaServiceServer).DisableTelegram(ctx, req.(*DisableTelegramRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// TwoFaService_ServiceDesc is the grpc.ServiceDesc for TwoFaService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var TwoFaService_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "identity.TwoFaService",
+	HandlerType: (*TwoFaServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "GetTwoFaStatus",
+			Handler:    _TwoFaService_GetTwoFaStatus_Handler,
+		},
+		{
+			MethodName: "StartTotpEnrollment",
+			Handler:    _TwoFaService_StartTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTotpErollment",
+			Handler:    _TwoFaService_ConfirmTotpErollment_Handler,
+		},
+		{
+			MethodName: "CancelTotpEnrollment",
+			Handler:    _TwoFaService_CancelTotpEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTotp",
+			Handler:    _TwoFaService_DisableTotp_Handler,
+		},
+		{
+			MethodName: "StartTelegramEnrollment",
+			Handler:    _TwoFaService_StartTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "ConfirmTelegramEnrollment",
+			Handler:    _TwoFaService_ConfirmTelegramEnrollment_Handler,
+		},
+		{
+			MethodName: "DisableTelegram",
+			Handler:    _TwoFaService_DisableTelegram_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "identity.proto",
+}

gen/go/ldap.pb.go

@@ -0,0 +1,965 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.36.11
+// 	protoc        v3.21.12
+// source: ldap.proto
+
+package pb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+	unsafe "unsafe"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+type EmptyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *EmptyRequest) Reset() {
+	*x = EmptyRequest{}
+	mi := &file_ldap_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *EmptyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EmptyRequest) ProtoMessage() {}
+
+func (x *EmptyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[0]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EmptyRequest.ProtoReflect.Descriptor instead.
+func (*EmptyRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{0}
+}
+
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+type StatusResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *StatusResponse) Reset() {
+	*x = StatusResponse{}
+	mi := &file_ldap_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *StatusResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StatusResponse) ProtoMessage() {}
+
+func (x *StatusResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[1]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StatusResponse.ProtoReflect.Descriptor instead.
+func (*StatusResponse) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *StatusResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *StatusResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+// Полная модель пользователя
+type UserData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`                                      // Полный путь в AD (Distinguished Name)
+	Username      string                 `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`                          // Логин (sAMAccountName)
+	DisplayName   string                 `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` // ФИО (displayName)
+	Email         string                 `protobuf:"bytes,4,opt,name=email,proto3" json:"email,omitempty"`                                // Почта (mail)
+	Description   string                 `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"`                    // Описание/Должность (description)
+	Avatar        []byte                 `protobuf:"bytes,6,opt,name=avatar,proto3" json:"avatar,omitempty"`                              // Аватарка в байтах (thumbnailPhoto)
+	Groups        []string               `protobuf:"bytes,7,rep,name=groups,proto3" json:"groups,omitempty"`                              // Список групп
+	IsActive      bool                   `protobuf:"varint,8,opt,name=is_active,json=isActive,proto3" json:"is_active,omitempty"`         // Статус аккаунта
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserData) Reset() {
+	*x = UserData{}
+	mi := &file_ldap_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserData) ProtoMessage() {}
+
+func (x *UserData) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[2]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserData.ProtoReflect.Descriptor instead.
+func (*UserData) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *UserData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *UserData) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UserData) GetDisplayName() string {
+	if x != nil {
+		return x.DisplayName
+	}
+	return ""
+}
+
+func (x *UserData) GetEmail() string {
+	if x != nil {
+		return x.Email
+	}
+	return ""
+}
+
+func (x *UserData) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *UserData) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+func (x *UserData) GetGroups() []string {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+func (x *UserData) GetIsActive() bool {
+	if x != nil {
+		return x.IsActive
+	}
+	return false
+}
+
+// Модель группы
+type GroupData struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Dn            string                 `protobuf:"bytes,1,opt,name=dn,proto3" json:"dn,omitempty"`
+	Name          string                 `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` // Короткое имя группы (cn)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupData) Reset() {
+	*x = GroupData{}
+	mi := &file_ldap_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupData) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupData) ProtoMessage() {}
+
+func (x *GroupData) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[3]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupData.ProtoReflect.Descriptor instead.
+func (*GroupData) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *GroupData) GetDn() string {
+	if x != nil {
+		return x.Dn
+	}
+	return ""
+}
+
+func (x *GroupData) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+// --- Авторизация ---
+type VerifyRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	Password      string                 `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyRequest) Reset() {
+	*x = VerifyRequest{}
+	mi := &file_ldap_proto_msgTypes[4]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyRequest) ProtoMessage() {}
+
+func (x *VerifyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[4]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
+func (*VerifyRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *VerifyRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *VerifyRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+type VerifyResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	User          *UserData              `protobuf:"bytes,3,opt,name=user,proto3" json:"user,omitempty"` // Отдаем полные данные при успешном входе
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *VerifyResponse) Reset() {
+	*x = VerifyResponse{}
+	mi := &file_ldap_proto_msgTypes[5]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *VerifyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*VerifyResponse) ProtoMessage() {}
+
+func (x *VerifyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[5]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
+func (*VerifyResponse) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *VerifyResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *VerifyResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *VerifyResponse) GetUser() *UserData {
+	if x != nil {
+		return x.User
+	}
+	return nil
+}
+
+// --- Списки ---
+type UserListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Users         []*UserData            `protobuf:"bytes,3,rep,name=users,proto3" json:"users,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UserListResponse) Reset() {
+	*x = UserListResponse{}
+	mi := &file_ldap_proto_msgTypes[6]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UserListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UserListResponse) ProtoMessage() {}
+
+func (x *UserListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[6]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UserListResponse.ProtoReflect.Descriptor instead.
+func (*UserListResponse) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *UserListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *UserListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *UserListResponse) GetUsers() []*UserData {
+	if x != nil {
+		return x.Users
+	}
+	return nil
+}
+
+type GroupListResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Success       bool                   `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
+	ErrorMessage  string                 `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
+	Groups        []*GroupData           `protobuf:"bytes,3,rep,name=groups,proto3" json:"groups,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupListResponse) Reset() {
+	*x = GroupListResponse{}
+	mi := &file_ldap_proto_msgTypes[7]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupListResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupListResponse) ProtoMessage() {}
+
+func (x *GroupListResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[7]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupListResponse.ProtoReflect.Descriptor instead.
+func (*GroupListResponse) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *GroupListResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
+func (x *GroupListResponse) GetErrorMessage() string {
+	if x != nil {
+		return x.ErrorMessage
+	}
+	return ""
+}
+
+func (x *GroupListResponse) GetGroups() []*GroupData {
+	if x != nil {
+		return x.Groups
+	}
+	return nil
+}
+
+// --- Управление профилем ---
+type CreateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	FullName      string                 `protobuf:"bytes,2,opt,name=full_name,json=fullName,proto3" json:"full_name,omitempty"`
+	Password      string                 `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
+	Email         *string                `protobuf:"bytes,4,opt,name=email,proto3,oneof" json:"email,omitempty"` // Сразу при создании можно задать почту
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *CreateUserRequest) Reset() {
+	*x = CreateUserRequest{}
+	mi := &file_ldap_proto_msgTypes[8]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *CreateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateUserRequest) ProtoMessage() {}
+
+func (x *CreateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[8]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateUserRequest.ProtoReflect.Descriptor instead.
+func (*CreateUserRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *CreateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetFullName() string {
+	if x != nil {
+		return x.FullName
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetPassword() string {
+	if x != nil {
+		return x.Password
+	}
+	return ""
+}
+
+func (x *CreateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+type UpdateUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`                                // Обязательное поле: кого обновляем
+	DisplayName   *string                `protobuf:"bytes,2,opt,name=display_name,json=displayName,proto3,oneof" json:"display_name,omitempty"` // Новое ФИО (повлечет Rename CN)
+	Email         *string                `protobuf:"bytes,3,opt,name=email,proto3,oneof" json:"email,omitempty"`                                // Новая почта
+	Description   *string                `protobuf:"bytes,4,opt,name=description,proto3,oneof" json:"description,omitempty"`                    // Новое описание
+	Avatar        []byte                 `protobuf:"bytes,5,opt,name=avatar,proto3,oneof" json:"avatar,omitempty"`                              // Новая аватарка (бинарник картинки)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *UpdateUserRequest) Reset() {
+	*x = UpdateUserRequest{}
+	mi := &file_ldap_proto_msgTypes[9]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *UpdateUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateUserRequest) ProtoMessage() {}
+
+func (x *UpdateUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[9]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateUserRequest.ProtoReflect.Descriptor instead.
+func (*UpdateUserRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *UpdateUserRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDisplayName() string {
+	if x != nil && x.DisplayName != nil {
+		return *x.DisplayName
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetEmail() string {
+	if x != nil && x.Email != nil {
+		return *x.Email
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetDescription() string {
+	if x != nil && x.Description != nil {
+		return *x.Description
+	}
+	return ""
+}
+
+func (x *UpdateUserRequest) GetAvatar() []byte {
+	if x != nil {
+		return x.Avatar
+	}
+	return nil
+}
+
+type ChangePasswordRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	NewPassword   string                 `protobuf:"bytes,2,opt,name=new_password,json=newPassword,proto3" json:"new_password,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ChangePasswordRequest) Reset() {
+	*x = ChangePasswordRequest{}
+	mi := &file_ldap_proto_msgTypes[10]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ChangePasswordRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ChangePasswordRequest) ProtoMessage() {}
+
+func (x *ChangePasswordRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[10]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ChangePasswordRequest.ProtoReflect.Descriptor instead.
+func (*ChangePasswordRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ChangePasswordRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ChangePasswordRequest) GetNewPassword() string {
+	if x != nil {
+		return x.NewPassword
+	}
+	return ""
+}
+
+type ToggleStatusRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
+	SetActive     bool                   `protobuf:"varint,2,opt,name=set_active,json=setActive,proto3" json:"set_active,omitempty"` // true - включить (512), false - отключить (514)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *ToggleStatusRequest) Reset() {
+	*x = ToggleStatusRequest{}
+	mi := &file_ldap_proto_msgTypes[11]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *ToggleStatusRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ToggleStatusRequest) ProtoMessage() {}
+
+func (x *ToggleStatusRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[11]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ToggleStatusRequest.ProtoReflect.Descriptor instead.
+func (*ToggleStatusRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *ToggleStatusRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *ToggleStatusRequest) GetSetActive() bool {
+	if x != nil {
+		return x.SetActive
+	}
+	return false
+}
+
+// --- Управление членством в группах ---
+type GroupMemberRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Username      string                 `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`              // Логин пользователя
+	GroupDn       string                 `protobuf:"bytes,2,opt,name=group_dn,json=groupDn,proto3" json:"group_dn,omitempty"` // Полный путь группы (в которую добавляем / из которой удаляем)
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GroupMemberRequest) Reset() {
+	*x = GroupMemberRequest{}
+	mi := &file_ldap_proto_msgTypes[12]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GroupMemberRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GroupMemberRequest) ProtoMessage() {}
+
+func (x *GroupMemberRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_ldap_proto_msgTypes[12]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GroupMemberRequest.ProtoReflect.Descriptor instead.
+func (*GroupMemberRequest) Descriptor() ([]byte, []int) {
+	return file_ldap_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *GroupMemberRequest) GetUsername() string {
+	if x != nil {
+		return x.Username
+	}
+	return ""
+}
+
+func (x *GroupMemberRequest) GetGroupDn() string {
+	if x != nil {
+		return x.GroupDn
+	}
+	return ""
+}
+
+var File_ldap_proto protoreflect.FileDescriptor
+
+const file_ldap_proto_rawDesc = "" +
+	"\n" +
+	"\n" +
+	"ldap.proto\x12\fldap_service\"\x0e\n" +
+	"\fEmptyRequest\"O\n" +
+	"\x0eStatusResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xde\x01\n" +
+	"\bUserData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x1a\n" +
+	"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
+	"\fdisplay_name\x18\x03 \x01(\tR\vdisplayName\x12\x14\n" +
+	"\x05email\x18\x04 \x01(\tR\x05email\x12 \n" +
+	"\vdescription\x18\x05 \x01(\tR\vdescription\x12\x16\n" +
+	"\x06avatar\x18\x06 \x01(\fR\x06avatar\x12\x16\n" +
+	"\x06groups\x18\a \x03(\tR\x06groups\x12\x1b\n" +
+	"\tis_active\x18\b \x01(\bR\bisActive\"/\n" +
+	"\tGroupData\x12\x0e\n" +
+	"\x02dn\x18\x01 \x01(\tR\x02dn\x12\x12\n" +
+	"\x04name\x18\x02 \x01(\tR\x04name\"G\n" +
+	"\rVerifyRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
+	"\bpassword\x18\x02 \x01(\tR\bpassword\"{\n" +
+	"\x0eVerifyResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12*\n" +
+	"\x04user\x18\x03 \x01(\v2\x16.ldap_service.UserDataR\x04user\"\x7f\n" +
+	"\x10UserListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12,\n" +
+	"\x05users\x18\x03 \x03(\v2\x16.ldap_service.UserDataR\x05users\"\x83\x01\n" +
+	"\x11GroupListResponse\x12\x18\n" +
+	"\asuccess\x18\x01 \x01(\bR\asuccess\x12#\n" +
+	"\rerror_message\x18\x02 \x01(\tR\ferrorMessage\x12/\n" +
+	"\x06groups\x18\x03 \x03(\v2\x17.ldap_service.GroupDataR\x06groups\"\x8d\x01\n" +
+	"\x11CreateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1b\n" +
+	"\tfull_name\x18\x02 \x01(\tR\bfullName\x12\x1a\n" +
+	"\bpassword\x18\x03 \x01(\tR\bpassword\x12\x19\n" +
+	"\x05email\x18\x04 \x01(\tH\x00R\x05email\x88\x01\x01B\b\n" +
+	"\x06_email\"\xec\x01\n" +
+	"\x11UpdateUserRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12&\n" +
+	"\fdisplay_name\x18\x02 \x01(\tH\x00R\vdisplayName\x88\x01\x01\x12\x19\n" +
+	"\x05email\x18\x03 \x01(\tH\x01R\x05email\x88\x01\x01\x12%\n" +
+	"\vdescription\x18\x04 \x01(\tH\x02R\vdescription\x88\x01\x01\x12\x1b\n" +
+	"\x06avatar\x18\x05 \x01(\fH\x03R\x06avatar\x88\x01\x01B\x0f\n" +
+	"\r_display_nameB\b\n" +
+	"\x06_emailB\x0e\n" +
+	"\f_descriptionB\t\n" +
+	"\a_avatar\"V\n" +
+	"\x15ChangePasswordRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12!\n" +
+	"\fnew_password\x18\x02 \x01(\tR\vnewPassword\"P\n" +
+	"\x13ToggleStatusRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x1d\n" +
+	"\n" +
+	"set_active\x18\x02 \x01(\bR\tsetActive\"K\n" +
+	"\x12GroupMemberRequest\x12\x1a\n" +
+	"\busername\x18\x01 \x01(\tR\busername\x12\x19\n" +
+	"\bgroup_dn\x18\x02 \x01(\tR\agroupDn2\xd2\x05\n" +
+	"\bLdapAuth\x12G\n" +
+	"\n" +
+	"VerifyUser\x12\x1b.ldap_service.VerifyRequest\x1a\x1c.ldap_service.VerifyResponse\x12F\n" +
+	"\bGetUsers\x12\x1a.ldap_service.EmptyRequest\x1a\x1e.ldap_service.UserListResponse\x12K\n" +
+	"\n" +
+	"CreateUser\x12\x1f.ldap_service.CreateUserRequest\x1a\x1c.ldap_service.StatusResponse\x12K\n" +
+	"\n" +
+	"UpdateUser\x12\x1f.ldap_service.UpdateUserRequest\x1a\x1c.ldap_service.StatusResponse\x12S\n" +
+	"\x0eChangePassword\x12#.ldap_service.ChangePasswordRequest\x1a\x1c.ldap_service.StatusResponse\x12S\n" +
+	"\x10ToggleUserStatus\x12!.ldap_service.ToggleStatusRequest\x1a\x1c.ldap_service.StatusResponse\x12H\n" +
+	"\tGetGroups\x12\x1a.ldap_service.EmptyRequest\x1a\x1f.ldap_service.GroupListResponse\x12P\n" +
+	"\x0eAddUserToGroup\x12 .ldap_service.GroupMemberRequest\x1a\x1c.ldap_service.StatusResponse\x12U\n" +
+	"\x13RemoveUserFromGroup\x12 .ldap_service.GroupMemberRequest\x1a\x1c.ldap_service.StatusResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+
+var (
+	file_ldap_proto_rawDescOnce sync.Once
+	file_ldap_proto_rawDescData []byte
+)
+
+func file_ldap_proto_rawDescGZIP() []byte {
+	file_ldap_proto_rawDescOnce.Do(func() {
+		file_ldap_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)))
+	})
+	return file_ldap_proto_rawDescData
+}
+
+var file_ldap_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_ldap_proto_goTypes = []any{
+	(*EmptyRequest)(nil),          // 0: ldap_service.EmptyRequest
+	(*StatusResponse)(nil),        // 1: ldap_service.StatusResponse
+	(*UserData)(nil),              // 2: ldap_service.UserData
+	(*GroupData)(nil),             // 3: ldap_service.GroupData
+	(*VerifyRequest)(nil),         // 4: ldap_service.VerifyRequest
+	(*VerifyResponse)(nil),        // 5: ldap_service.VerifyResponse
+	(*UserListResponse)(nil),      // 6: ldap_service.UserListResponse
+	(*GroupListResponse)(nil),     // 7: ldap_service.GroupListResponse
+	(*CreateUserRequest)(nil),     // 8: ldap_service.CreateUserRequest
+	(*UpdateUserRequest)(nil),     // 9: ldap_service.UpdateUserRequest
+	(*ChangePasswordRequest)(nil), // 10: ldap_service.ChangePasswordRequest
+	(*ToggleStatusRequest)(nil),   // 11: ldap_service.ToggleStatusRequest
+	(*GroupMemberRequest)(nil),    // 12: ldap_service.GroupMemberRequest
+}
+var file_ldap_proto_depIdxs = []int32{
+	2,  // 0: ldap_service.VerifyResponse.user:type_name -> ldap_service.UserData
+	2,  // 1: ldap_service.UserListResponse.users:type_name -> ldap_service.UserData
+	3,  // 2: ldap_service.GroupListResponse.groups:type_name -> ldap_service.GroupData
+	4,  // 3: ldap_service.LdapAuth.VerifyUser:input_type -> ldap_service.VerifyRequest
+	0,  // 4: ldap_service.LdapAuth.GetUsers:input_type -> ldap_service.EmptyRequest
+	8,  // 5: ldap_service.LdapAuth.CreateUser:input_type -> ldap_service.CreateUserRequest
+	9,  // 6: ldap_service.LdapAuth.UpdateUser:input_type -> ldap_service.UpdateUserRequest
+	10, // 7: ldap_service.LdapAuth.ChangePassword:input_type -> ldap_service.ChangePasswordRequest
+	11, // 8: ldap_service.LdapAuth.ToggleUserStatus:input_type -> ldap_service.ToggleStatusRequest
+	0,  // 9: ldap_service.LdapAuth.GetGroups:input_type -> ldap_service.EmptyRequest
+	12, // 10: ldap_service.LdapAuth.AddUserToGroup:input_type -> ldap_service.GroupMemberRequest
+	12, // 11: ldap_service.LdapAuth.RemoveUserFromGroup:input_type -> ldap_service.GroupMemberRequest
+	5,  // 12: ldap_service.LdapAuth.VerifyUser:output_type -> ldap_service.VerifyResponse
+	6,  // 13: ldap_service.LdapAuth.GetUsers:output_type -> ldap_service.UserListResponse
+	1,  // 14: ldap_service.LdapAuth.CreateUser:output_type -> ldap_service.StatusResponse
+	1,  // 15: ldap_service.LdapAuth.UpdateUser:output_type -> ldap_service.StatusResponse
+	1,  // 16: ldap_service.LdapAuth.ChangePassword:output_type -> ldap_service.StatusResponse
+	1,  // 17: ldap_service.LdapAuth.ToggleUserStatus:output_type -> ldap_service.StatusResponse
+	7,  // 18: ldap_service.LdapAuth.GetGroups:output_type -> ldap_service.GroupListResponse
+	1,  // 19: ldap_service.LdapAuth.AddUserToGroup:output_type -> ldap_service.StatusResponse
+	1,  // 20: ldap_service.LdapAuth.RemoveUserFromGroup:output_type -> ldap_service.StatusResponse
+	12, // [12:21] is the sub-list for method output_type
+	3,  // [3:12] is the sub-list for method input_type
+	3,  // [3:3] is the sub-list for extension type_name
+	3,  // [3:3] is the sub-list for extension extendee
+	0,  // [0:3] is the sub-list for field type_name
+}
+
+func init() { file_ldap_proto_init() }
+func file_ldap_proto_init() {
+	if File_ldap_proto != nil {
+		return
+	}
+	file_ldap_proto_msgTypes[8].OneofWrappers = []any{}
+	file_ldap_proto_msgTypes[9].OneofWrappers = []any{}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_ldap_proto_rawDesc), len(file_ldap_proto_rawDesc)),
+			NumEnums:      0,
+			NumMessages:   13,
+			NumExtensions: 0,
+			NumServices:   1,
+		},
+		GoTypes:           file_ldap_proto_goTypes,
+		DependencyIndexes: file_ldap_proto_depIdxs,
+		MessageInfos:      file_ldap_proto_msgTypes,
+	}.Build()
+	File_ldap_proto = out.File
+	file_ldap_proto_goTypes = nil
+	file_ldap_proto_depIdxs = nil
+}

gen/go/ldap_grpc.pb.go

@@ -0,0 +1,439 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.1
+// - protoc             v3.21.12
+// source: ldap.proto
+
+package pb
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	LdapAuth_VerifyUser_FullMethodName          = "/ldap_service.LdapAuth/VerifyUser"
+	LdapAuth_GetUsers_FullMethodName            = "/ldap_service.LdapAuth/GetUsers"
+	LdapAuth_CreateUser_FullMethodName          = "/ldap_service.LdapAuth/CreateUser"
+	LdapAuth_UpdateUser_FullMethodName          = "/ldap_service.LdapAuth/UpdateUser"
+	LdapAuth_ChangePassword_FullMethodName      = "/ldap_service.LdapAuth/ChangePassword"
+	LdapAuth_ToggleUserStatus_FullMethodName    = "/ldap_service.LdapAuth/ToggleUserStatus"
+	LdapAuth_GetGroups_FullMethodName           = "/ldap_service.LdapAuth/GetGroups"
+	LdapAuth_AddUserToGroup_FullMethodName      = "/ldap_service.LdapAuth/AddUserToGroup"
+	LdapAuth_RemoveUserFromGroup_FullMethodName = "/ldap_service.LdapAuth/RemoveUserFromGroup"
+)
+
+// LdapAuthClient is the client API for LdapAuth service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// ==========================================
+// ГЛАВНЫЙ СЕРВИС
+// ==========================================
+type LdapAuthClient interface {
+	// --- Вектор 1: Авторизация (Bind от имени пользователя) ---
+	VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
+	// --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error)
+	CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	// --- Вектор 3: Управление Группами ---
+	GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error)
+	AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+	RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error)
+}
+
+type ldapAuthClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewLdapAuthClient(cc grpc.ClientConnInterface) LdapAuthClient {
+	return &ldapAuthClient{cc}
+}
+
+func (c *ldapAuthClient) VerifyUser(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(VerifyResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_VerifyUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) GetUsers(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*UserListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(UserListResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_GetUsers_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_CreateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) UpdateUser(ctx context.Context, in *UpdateUserRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_UpdateUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_ChangePassword_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) ToggleUserStatus(ctx context.Context, in *ToggleStatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_ToggleUserStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) GetGroups(ctx context.Context, in *EmptyRequest, opts ...grpc.CallOption) (*GroupListResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GroupListResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_GetGroups_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) AddUserToGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_AddUserToGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *ldapAuthClient) RemoveUserFromGroup(ctx context.Context, in *GroupMemberRequest, opts ...grpc.CallOption) (*StatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StatusResponse)
+	err := c.cc.Invoke(ctx, LdapAuth_RemoveUserFromGroup_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// LdapAuthServer is the server API for LdapAuth service.
+// All implementations must embed UnimplementedLdapAuthServer
+// for forward compatibility.
+//
+// ==========================================
+// ГЛАВНЫЙ СЕРВИС
+// ==========================================
+type LdapAuthServer interface {
+	// --- Вектор 1: Авторизация (Bind от имени пользователя) ---
+	VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error)
+	// --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
+	GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error)
+	CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error)
+	UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error)
+	ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error)
+	ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error)
+	// --- Вектор 3: Управление Группами ---
+	GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error)
+	AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error)
+	mustEmbedUnimplementedLdapAuthServer()
+}
+
+// UnimplementedLdapAuthServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedLdapAuthServer struct{}
+
+func (UnimplementedLdapAuthServer) VerifyUser(context.Context, *VerifyRequest) (*VerifyResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method VerifyUser not implemented")
+}
+func (UnimplementedLdapAuthServer) GetUsers(context.Context, *EmptyRequest) (*UserListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUsers not implemented")
+}
+func (UnimplementedLdapAuthServer) CreateUser(context.Context, *CreateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateUser not implemented")
+}
+func (UnimplementedLdapAuthServer) UpdateUser(context.Context, *UpdateUserRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method UpdateUser not implemented")
+}
+func (UnimplementedLdapAuthServer) ChangePassword(context.Context, *ChangePasswordRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ChangePassword not implemented")
+}
+func (UnimplementedLdapAuthServer) ToggleUserStatus(context.Context, *ToggleStatusRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ToggleUserStatus not implemented")
+}
+func (UnimplementedLdapAuthServer) GetGroups(context.Context, *EmptyRequest) (*GroupListResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetGroups not implemented")
+}
+func (UnimplementedLdapAuthServer) AddUserToGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AddUserToGroup not implemented")
+}
+func (UnimplementedLdapAuthServer) RemoveUserFromGroup(context.Context, *GroupMemberRequest) (*StatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RemoveUserFromGroup not implemented")
+}
+func (UnimplementedLdapAuthServer) mustEmbedUnimplementedLdapAuthServer() {}
+func (UnimplementedLdapAuthServer) testEmbeddedByValue()                  {}
+
+// UnsafeLdapAuthServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to LdapAuthServer will
+// result in compilation errors.
+type UnsafeLdapAuthServer interface {
+	mustEmbedUnimplementedLdapAuthServer()
+}
+
+func RegisterLdapAuthServer(s grpc.ServiceRegistrar, srv LdapAuthServer) {
+	// If the following call panics, it indicates UnimplementedLdapAuthServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&LdapAuth_ServiceDesc, srv)
+}
+
+func _LdapAuth_VerifyUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(VerifyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).VerifyUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_VerifyUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).VerifyUser(ctx, req.(*VerifyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_GetUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).GetUsers(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_GetUsers_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).GetUsers(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).CreateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_CreateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).CreateUser(ctx, req.(*CreateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).UpdateUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_UpdateUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).UpdateUser(ctx, req.(*UpdateUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_ChangePassword_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ChangePasswordRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).ChangePassword(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_ChangePassword_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_ToggleUserStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ToggleStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).ToggleUserStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_ToggleUserStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).ToggleUserStatus(ctx, req.(*ToggleStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_GetGroups_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(EmptyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).GetGroups(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_GetGroups_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).GetGroups(ctx, req.(*EmptyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_AddUserToGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).AddUserToGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_AddUserToGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).AddUserToGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _LdapAuth_RemoveUserFromGroup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GroupMemberRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(LdapAuthServer).RemoveUserFromGroup(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: LdapAuth_RemoveUserFromGroup_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(LdapAuthServer).RemoveUserFromGroup(ctx, req.(*GroupMemberRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// LdapAuth_ServiceDesc is the grpc.ServiceDesc for LdapAuth service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var LdapAuth_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "ldap_service.LdapAuth",
+	HandlerType: (*LdapAuthServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "VerifyUser",
+			Handler:    _LdapAuth_VerifyUser_Handler,
+		},
+		{
+			MethodName: "GetUsers",
+			Handler:    _LdapAuth_GetUsers_Handler,
+		},
+		{
+			MethodName: "CreateUser",
+			Handler:    _LdapAuth_CreateUser_Handler,
+		},
+		{
+			MethodName: "UpdateUser",
+			Handler:    _LdapAuth_UpdateUser_Handler,
+		},
+		{
+			MethodName: "ChangePassword",
+			Handler:    _LdapAuth_ChangePassword_Handler,
+		},
+		{
+			MethodName: "ToggleUserStatus",
+			Handler:    _LdapAuth_ToggleUserStatus_Handler,
+		},
+		{
+			MethodName: "GetGroups",
+			Handler:    _LdapAuth_GetGroups_Handler,
+		},
+		{
+			MethodName: "AddUserToGroup",
+			Handler:    _LdapAuth_AddUserToGroup_Handler,
+		},
+		{
+			MethodName: "RemoveUserFromGroup",
+			Handler:    _LdapAuth_RemoveUserFromGroup_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "ldap.proto",
+}

gen/identity.ts

@@ -1,13 +1,13 @@
 // Code generated by protoc-gen-ts_proto. DO NOT EDIT.
 // versions:
 //   protoc-gen-ts_proto  v2.11.6
-//   protoc               v7.34.1
+//   protoc               v3.21.12
 // source: identity.proto
 
 /* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
 import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
 import { Observable } from "rxjs";
-import { Status } from "./google/rpc/status";
 
 export const protobufPackage = "identity";
 
@@ -24,7 +24,6 @@ export interface LoginResponse {
   tempToken?: string | undefined;
   message?: string | undefined;
   errorCode?: string | undefined;
-  error?: Status | undefined;
 }
 
 export interface RefreshRequest {
@@ -45,6 +44,30 @@ export interface LogoutResponse {
   message: string;
 }
 
+export interface VerifyTokenRequest {
+  token: string;
+}
+
+export interface VerifyTokenResponse {
+  isValid: boolean;
+  errorMessage?: string | undefined;
+  id?: string | undefined;
+  username?: string | undefined;
+  roleLevel?: number | undefined;
+  permissions: string[];
+  sessionId?: string | undefined;
+  requiresPin?: boolean | undefined;
+}
+
+export interface GetAccountRoleLevelRequest {
+  accountId: string;
+}
+
+export interface GetAccountRoleLevelResponse {
+  found: boolean;
+  roleLevel: number;
+}
+
 export interface UnlockPinRequest {
   accessToken: string;
   pinCode: string;
@@ -151,32 +174,77 @@ export interface DisableTelegramResponse {
 export const IDENTITY_PACKAGE_NAME = "identity";
 
 export interface AuthServiceClient {
-  login(request: LoginRequest): Observable<LoginResponse>;
+  login(request: LoginRequest, metadata?: Metadata): Observable<LoginResponse>;
 
-  refresh(request: RefreshRequest): Observable<RefreshResponse>;
+  refresh(request: RefreshRequest, metadata?: Metadata): Observable<RefreshResponse>;
 
-  logout(request: LogoutRequest): Observable<LogoutResponse>;
+  verifyToken(request: VerifyTokenRequest, metadata?: Metadata): Observable<VerifyTokenResponse>;
 
-  unlockPin(request: UnlockPinRequest): Observable<UnlockPinResponse>;
+  getAccountRoleLevel(
+    request: GetAccountRoleLevelRequest,
+    metadata?: Metadata,
+  ): Observable<GetAccountRoleLevelResponse>;
 
-  verify2Fa(request: Verify2FaRequest): Observable<Verify2FaResponse>;
+  logout(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+
+  logoutAll(request: LogoutRequest, metadata?: Metadata): Observable<LogoutResponse>;
+
+  unlockPin(request: UnlockPinRequest, metadata?: Metadata): Observable<UnlockPinResponse>;
+
+  verify2Fa(request: Verify2FaRequest, metadata?: Metadata): Observable<Verify2FaResponse>;
 }
 
 export interface AuthServiceController {
-  login(request: LoginRequest): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
+  login(request: LoginRequest, metadata?: Metadata): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
 
-  refresh(request: RefreshRequest): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
+  refresh(
+    request: RefreshRequest,
+    metadata?: Metadata,
+  ): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
 
-  logout(request: LogoutRequest): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+  verifyToken(
+    request: VerifyTokenRequest,
+    metadata?: Metadata,
+  ): Promise<VerifyTokenResponse> | Observable<VerifyTokenResponse> | VerifyTokenResponse;
 
-  unlockPin(request: UnlockPinRequest): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
+  getAccountRoleLevel(
+    request: GetAccountRoleLevelRequest,
+    metadata?: Metadata,
+  ): Promise<GetAccountRoleLevelResponse> | Observable<GetAccountRoleLevelResponse> | GetAccountRoleLevelResponse;
 
-  verify2Fa(request: Verify2FaRequest): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
+  logout(
+    request: LogoutRequest,
+    metadata?: Metadata,
+  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+
+  logoutAll(
+    request: LogoutRequest,
+    metadata?: Metadata,
+  ): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
+
+  unlockPin(
+    request: UnlockPinRequest,
+    metadata?: Metadata,
+  ): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
+
+  verify2Fa(
+    request: Verify2FaRequest,
+    metadata?: Metadata,
+  ): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
 }
 
 export function AuthServiceControllerMethods() {
   return function (constructor: Function) {
-    const grpcMethods: string[] = ["login", "refresh", "logout", "unlockPin", "verify2Fa"];
+    const grpcMethods: string[] = [
+      "login",
+      "refresh",
+      "verifyToken",
+      "getAccountRoleLevel",
+      "logout",
+      "logoutAll",
+      "unlockPin",
+      "verify2Fa",
+    ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
       GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
@@ -192,46 +260,67 @@ export function AuthServiceControllerMethods() {
 export const AUTH_SERVICE_NAME = "AuthService";
 
 export interface TwoFaServiceClient {
-  getTwoFaStatus(request: GetTwoFaStatusRequest): Observable<GetTwoFaStatusResponse>;
+  getTwoFaStatus(request: GetTwoFaStatusRequest, metadata?: Metadata): Observable<GetTwoFaStatusResponse>;
 
-  startTotpEnrollment(request: AuthenticatedAccessRequest): Observable<StartTotpEnrollmentResponse>;
+  startTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<StartTotpEnrollmentResponse>;
 
-  confirmTotpErollment(request: ConfirmTotpEnrollmentRequest): Observable<ConfirmTotpEnrollmentResponse>;
+  confirmTotpErollment(
+    request: ConfirmTotpEnrollmentRequest,
+    metadata?: Metadata,
+  ): Observable<ConfirmTotpEnrollmentResponse>;
 
-  cancelTotpEnrollment(request: AuthenticatedAccessRequest): Observable<CancelTotpEnrollmentResponse>;
+  cancelTotpEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<CancelTotpEnrollmentResponse>;
 
-  disableTotp(request: DisableTotpRequest): Observable<DisableTotpResponse>;
+  disableTotp(request: DisableTotpRequest, metadata?: Metadata): Observable<DisableTotpResponse>;
 
-  startTelegramEnrollment(request: AuthenticatedAccessRequest): Observable<StartTelegramEnrollmentResponse>;
+  startTelegramEnrollment(
+    request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
+  ): Observable<StartTelegramEnrollmentResponse>;
 
-  confirmTelegramEnrollment(request: ConfirmTelegramEnrollmentRequest): Observable<ConfirmTelegramEnrollmentResponse>;
+  confirmTelegramEnrollment(
+    request: ConfirmTelegramEnrollmentRequest,
+    metadata?: Metadata,
+  ): Observable<ConfirmTelegramEnrollmentResponse>;
 
-  disableTelegram(request: DisableTelegramRequest): Observable<DisableTelegramResponse>;
+  disableTelegram(request: DisableTelegramRequest, metadata?: Metadata): Observable<DisableTelegramResponse>;
 }
 
 export interface TwoFaServiceController {
   getTwoFaStatus(
     request: GetTwoFaStatusRequest,
+    metadata?: Metadata,
   ): Promise<GetTwoFaStatusResponse> | Observable<GetTwoFaStatusResponse> | GetTwoFaStatusResponse;
 
   startTotpEnrollment(
     request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
   ): Promise<StartTotpEnrollmentResponse> | Observable<StartTotpEnrollmentResponse> | StartTotpEnrollmentResponse;
 
   confirmTotpErollment(
     request: ConfirmTotpEnrollmentRequest,
+    metadata?: Metadata,
   ): Promise<ConfirmTotpEnrollmentResponse> | Observable<ConfirmTotpEnrollmentResponse> | ConfirmTotpEnrollmentResponse;
 
   cancelTotpEnrollment(
     request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
   ): Promise<CancelTotpEnrollmentResponse> | Observable<CancelTotpEnrollmentResponse> | CancelTotpEnrollmentResponse;
 
   disableTotp(
     request: DisableTotpRequest,
+    metadata?: Metadata,
   ): Promise<DisableTotpResponse> | Observable<DisableTotpResponse> | DisableTotpResponse;
 
   startTelegramEnrollment(
     request: AuthenticatedAccessRequest,
+    metadata?: Metadata,
   ):
     | Promise<StartTelegramEnrollmentResponse>
     | Observable<StartTelegramEnrollmentResponse>
@@ -239,6 +328,7 @@ export interface TwoFaServiceController {
 
   confirmTelegramEnrollment(
     request: ConfirmTelegramEnrollmentRequest,
+    metadata?: Metadata,
   ):
     | Promise<ConfirmTelegramEnrollmentResponse>
     | Observable<ConfirmTelegramEnrollmentResponse>
@@ -246,6 +336,7 @@ export interface TwoFaServiceController {
 
   disableTelegram(
     request: DisableTelegramRequest,
+    metadata?: Metadata,
   ): Promise<DisableTelegramResponse> | Observable<DisableTelegramResponse> | DisableTelegramResponse;
 }
 

gen/ldap.ts

@@ -0,0 +1,247 @@
+// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
+// versions:
+//   protoc-gen-ts_proto  v2.11.6
+//   protoc               v3.21.12
+// source: ldap.proto
+
+/* eslint-disable */
+import type { Metadata } from "@grpc/grpc-js";
+import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
+import { Observable } from "rxjs";
+
+export const protobufPackage = "ldap_service";
+
+/**
+ * ==========================================
+ * БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+ * ==========================================
+ */
+export interface EmptyRequest {
+}
+
+/** Стандартный ответ для мутаций (создание, обновление, удаление) */
+export interface StatusResponse {
+  success: boolean;
+  errorMessage: string;
+}
+
+/** Полная модель пользователя */
+export interface UserData {
+  /** Полный путь в AD (Distinguished Name) */
+  dn: string;
+  /** Логин (sAMAccountName) */
+  username: string;
+  /** ФИО (displayName) */
+  displayName: string;
+  /** Почта (mail) */
+  email: string;
+  /** Описание/Должность (description) */
+  description: string;
+  /** Аватарка в байтах (thumbnailPhoto) */
+  avatar: Uint8Array;
+  /** Список групп */
+  groups: string[];
+  /** Статус аккаунта */
+  isActive: boolean;
+}
+
+/** Модель группы */
+export interface GroupData {
+  dn: string;
+  /** Короткое имя группы (cn) */
+  name: string;
+}
+
+/** --- Авторизация --- */
+export interface VerifyRequest {
+  username: string;
+  password: string;
+}
+
+export interface VerifyResponse {
+  success: boolean;
+  errorMessage: string;
+  /** Отдаем полные данные при успешном входе */
+  user: UserData | undefined;
+}
+
+/** --- Списки --- */
+export interface UserListResponse {
+  success: boolean;
+  errorMessage: string;
+  users: UserData[];
+}
+
+export interface GroupListResponse {
+  success: boolean;
+  errorMessage: string;
+  groups: GroupData[];
+}
+
+/** --- Управление профилем --- */
+export interface CreateUserRequest {
+  username: string;
+  fullName: string;
+  password: string;
+  /** Сразу при создании можно задать почту */
+  email?: string | undefined;
+}
+
+/** Запрос на обновление. Используем optional для частичного обновления. */
+export interface UpdateUserRequest {
+  /** Обязательное поле: кого обновляем */
+  username: string;
+  /** Новое ФИО (повлечет Rename CN) */
+  displayName?:
+    | string
+    | undefined;
+  /** Новая почта */
+  email?:
+    | string
+    | undefined;
+  /** Новое описание */
+  description?:
+    | string
+    | undefined;
+  /** Новая аватарка (бинарник картинки) */
+  avatar?: Uint8Array | undefined;
+}
+
+export interface ChangePasswordRequest {
+  username: string;
+  newPassword: string;
+}
+
+export interface ToggleStatusRequest {
+  username: string;
+  /** true - включить (512), false - отключить (514) */
+  setActive: boolean;
+}
+
+/** --- Управление членством в группах --- */
+export interface GroupMemberRequest {
+  /** Логин пользователя */
+  username: string;
+  /** Полный путь группы (в которую добавляем / из которой удаляем) */
+  groupDn: string;
+}
+
+export const LDAP_SERVICE_PACKAGE_NAME = "ldap_service";
+
+/**
+ * ==========================================
+ * ГЛАВНЫЙ СЕРВИС
+ * ==========================================
+ */
+
+export interface LdapAuthClient {
+  /** --- Вектор 1: Авторизация (Bind от имени пользователя) --- */
+
+  verifyUser(request: VerifyRequest, metadata?: Metadata): Observable<VerifyResponse>;
+
+  /** --- Вектор 2: Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(request: EmptyRequest, metadata?: Metadata): Observable<UserListResponse>;
+
+  createUser(request: CreateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  updateUser(request: UpdateUserRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  changePassword(request: ChangePasswordRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  toggleUserStatus(request: ToggleStatusRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  /** --- Вектор 3: Управление Группами --- */
+
+  getGroups(request: EmptyRequest, metadata?: Metadata): Observable<GroupListResponse>;
+
+  addUserToGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+
+  removeUserFromGroup(request: GroupMemberRequest, metadata?: Metadata): Observable<StatusResponse>;
+}
+
+/**
+ * ==========================================
+ * ГЛАВНЫЙ СЕРВИС
+ * ==========================================
+ */
+
+export interface LdapAuthController {
+  /** --- Вектор 1: Авторизация (Bind от имени пользователя) --- */
+
+  verifyUser(
+    request: VerifyRequest,
+    metadata?: Metadata,
+  ): Promise<VerifyResponse> | Observable<VerifyResponse> | VerifyResponse;
+
+  /** --- Вектор 2: Управление Пользователями (Bind системного аккаунта) --- */
+
+  getUsers(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<UserListResponse> | Observable<UserListResponse> | UserListResponse;
+
+  createUser(
+    request: CreateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  updateUser(
+    request: UpdateUserRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  changePassword(
+    request: ChangePasswordRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  toggleUserStatus(
+    request: ToggleStatusRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  /** --- Вектор 3: Управление Группами --- */
+
+  getGroups(
+    request: EmptyRequest,
+    metadata?: Metadata,
+  ): Promise<GroupListResponse> | Observable<GroupListResponse> | GroupListResponse;
+
+  addUserToGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+
+  removeUserFromGroup(
+    request: GroupMemberRequest,
+    metadata?: Metadata,
+  ): Promise<StatusResponse> | Observable<StatusResponse> | StatusResponse;
+}
+
+export function LdapAuthControllerMethods() {
+  return function (constructor: Function) {
+    const grpcMethods: string[] = [
+      "verifyUser",
+      "getUsers",
+      "createUser",
+      "updateUser",
+      "changePassword",
+      "toggleUserStatus",
+      "getGroups",
+      "addUserToGroup",
+      "removeUserFromGroup",
+    ];
+    for (const method of grpcMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
+    }
+    const grpcStreamMethods: string[] = [];
+    for (const method of grpcStreamMethods) {
+      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
+      GrpcStreamMethod("LdapAuth", method)(constructor.prototype[method], method, descriptor);
+    }
+  };
+}
+
+export const LDAP_AUTH_SERVICE_NAME = "LdapAuth";

go.mod

@@ -0,0 +1,3 @@
+module git.lendry.ru/lendry-erp/contracts.git
+
+go 1.26.1

package-lock.json

@@ -1,14 +1,15 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.2",
+  "version": "1.0.24",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@lendry-erp/contracts",
-      "version": "1.0.2",
+      "version": "1.0.24",
       "dependencies": {
-        "@lendry-erp/contracts": "^1.0.2",
+        "@lendry-erp/contracts": "^1.0.24",
+        "@lendry-erp/passport": "^1.0.3",
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
@@ -23,7 +24,6 @@
       "resolved": "https://registry.npmjs.org/@borewit/text-codec/-/text-codec-0.2.2.tgz",
       "integrity": "sha512-DDaRehssg1aNrH4+2hnj1B7vnUGEjU6OIlyRdkMd0aUdIUvKXrJfXsy8LVtXAy7DRvYVluWbMspsRhz2lcW0mQ==",
       "license": "MIT",
-      "peer": true,
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/Borewit"
@@ -36,21 +36,32 @@
       "license": "(Apache-2.0 AND BSD-3-Clause)"
     },
     "node_modules/@lendry-erp/contracts": {
-      "version": "1.0.2",
+      "version": "1.0.24",
-      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.2/contracts-1.0.2.tgz",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.24/contracts-1.0.24.tgz",
-      "integrity": "sha512-39NulQ6mn3dmrX/GXwzYYPyX/rE+4gO1En+uJJR9bHXZ3awWi0U3drIvgwM25gyi829Ae0U8vVtzMaP3gON90A==",
+      "integrity": "sha512-Bn4RgU22O6IDFhYEbQicBLpRtSGHrEgqOSAljQh4lT5shMeLedlE0V3jFxzFu9xpyTzcM/o+C96vpsAHab0tbg==",
       "dependencies": {
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
       }
     },
+    "node_modules/@lendry-erp/passport": {
+      "version": "1.0.3",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fpassport/-/1.0.3/passport-1.0.3.tgz",
+      "integrity": "sha512-gaPdlZahkXmOUnLBlzNdk41nJ1BI6TPZY5xUaCmlIkpqZKr8D5TSBBkFrw4Vlw+TLImqL2Y1JUT4k60gHHtjiw==",
+      "license": "ISC",
+      "dependencies": {
+        "@nestjs/common": "^11.1.17",
+        "@nestjs/core": "^11.1.17",
+        "reflect-metadata": "^0.2.2",
+        "rxjs": "^7.8.2"
+      }
+    },
     "node_modules/@lukeed/csprng": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
       "integrity": "sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=8"
       }
@@ -60,7 +71,6 @@
       "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz",
       "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "file-type": "21.3.2",
         "iterare": "1.2.1",
@@ -93,7 +103,6 @@
       "integrity": "sha512-lD5mAYekTTurF3vDaa8C2OKPnjiz4tsfxIc5XlcSUzOhkwWf6Ay3HKvt6FmvuWQam6uIIHX52Clg+e6tAvf/cg==",
       "hasInstallScript": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@nuxt/opencollective": "0.4.1",
         "fast-safe-stringify": "2.1.1",
@@ -192,7 +201,6 @@
       "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.4.1.tgz",
       "integrity": "sha512-GXD3wy50qYbxCJ652bDrDzgMr3NFEkIS374+IgFQKkCvk9yiYcLvX2XDYr7UyQxf4wK0e+yqDYRubZ0DtOxnmQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "consola": "^3.2.3"
       },
@@ -209,7 +217,6 @@
       "resolved": "https://registry.npmjs.org/@tokenizer/inflate/-/inflate-0.4.1.tgz",
       "integrity": "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "debug": "^4.4.3",
         "token-types": "^6.1.1"
@@ -226,8 +233,7 @@
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
       "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/@types/node": {
       "version": "25.5.0",
@@ -256,7 +262,6 @@
       "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz",
       "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": "^14.18.0 || >=16.10.0"
       }
@@ -266,7 +271,6 @@
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
       "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "ms": "^2.1.3"
       },
@@ -304,15 +308,13 @@
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
       "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/file-type": {
       "version": "21.3.2",
       "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz",
       "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@tokenizer/inflate": "^0.4.1",
         "strtok3": "^10.3.4",
@@ -344,8 +346,7 @@
           "url": "https://feross.org/support"
         }
       ],
-      "license": "BSD-3-Clause",
+      "license": "BSD-3-Clause"
-      "peer": true
     },
     "node_modules/iterare": {
       "version": "1.2.1",
@@ -371,7 +372,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=13.2.0"
       }
@@ -380,15 +380,13 @@
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/path-to-regexp": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
       "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
       "license": "MIT",
-      "peer": true,
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/express"
@@ -398,8 +396,7 @@
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
       "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
-      "license": "Apache-2.0",
+      "license": "Apache-2.0"
-      "peer": true
     },
     "node_modules/rxjs": {
       "version": "7.8.2",
@@ -415,7 +412,6 @@
       "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz",
       "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@tokenizer/token": "^0.3.0"
       },
@@ -432,7 +428,6 @@
       "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.1.2.tgz",
       "integrity": "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@borewit/text-codec": "^0.2.1",
         "@tokenizer/token": "^0.3.0",
@@ -504,7 +499,6 @@
       "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
       "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@lukeed/csprng": "^1.0.0"
       },
@@ -517,7 +511,6 @@
       "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",
       "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=18"
       },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.9",
+  "version": "1.0.27",
   "description": "Protobuf definitions and generated TypeScript types",
   "type": "commonjs",
   "main": "./dist/index.js",
@@ -17,6 +17,8 @@
     "access": "public"
   },
   "dependencies": {
+    "@lendry-erp/contracts": "^1.0.24",
+    "@lendry-erp/passport": "^1.0.3",
     "@nestjs/microservices": "^11.1.17",
     "rxjs": "^7.8.2",
     "ts-proto": "^2.11.6"

proto/identity.proto

@@ -2,12 +2,15 @@ syntax = "proto3";
 
 package identity;
 
-option go_package = './gen';
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
 
 service AuthService {
     rpc Login (LoginRequest) returns (LoginResponse);
     rpc Refresh (RefreshRequest) returns (RefreshResponse);
+    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
+    rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
     rpc Logout (LogoutRequest) returns (LogoutResponse);
+    rpc LogoutAll (LogoutRequest) returns (LogoutResponse);
     rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
     rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
 }
@@ -56,6 +59,30 @@ message LogoutResponse {
   string message = 2;
 }
 
+message VerifyTokenRequest {
+  string token = 1;
+}
+
+message VerifyTokenResponse {
+  bool is_valid = 1;
+  optional string error_message = 2;
+  optional string id = 3;
+  optional string username = 4;
+  optional int32 role_level = 5;
+  repeated string permissions = 6;
+  optional string session_id = 7;
+  optional bool requires_pin = 8;
+}
+
+message GetAccountRoleLevelRequest {
+  string account_id = 1;
+}
+
+message GetAccountRoleLevelResponse {
+  bool found = 1;
+  int32 role_level = 2;
+}
+
 message UnlockPinRequest {
   string access_token = 1;
   string pin_code = 2;

proto/ldap.proto

@@ -2,12 +2,62 @@ syntax = "proto3";
 
 package ldap_service;
 
-option go_package = './gen';
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
 
+// ==========================================
+// ГЛАВНЫЙ СЕРВИС
+// ==========================================
 service LdapAuth {
+  // --- Вектор 1: Авторизация (Bind от имени пользователя) ---
   rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
+
+  // --- Вектор 2: Управление Пользователями (Bind системного аккаунта) ---
+  rpc GetUsers (EmptyRequest) returns (UserListResponse);
+  rpc CreateUser (CreateUserRequest) returns (StatusResponse);
+  rpc UpdateUser (UpdateUserRequest) returns (StatusResponse);
+  rpc ChangePassword (ChangePasswordRequest) returns (StatusResponse);
+  rpc ToggleUserStatus (ToggleStatusRequest) returns (StatusResponse);
+
+  // --- Вектор 3: Управление Группами ---
+  rpc GetGroups (EmptyRequest) returns (GroupListResponse);
+  rpc AddUserToGroup (GroupMemberRequest) returns (StatusResponse);
+  rpc RemoveUserFromGroup (GroupMemberRequest) returns (StatusResponse);
 }
 
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+message EmptyRequest {}
+
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+message StatusResponse {
+  bool success = 1;
+  string error_message = 2;
+}
+
+// Полная модель пользователя
+message UserData {
+  string dn = 1; // Полный путь в AD (Distinguished Name)
+  string username = 2; // Логин (sAMAccountName)
+  string display_name = 3; // ФИО (displayName)
+  string email = 4; // Почта (mail)
+  string description = 5; // Описание/Должность (description)
+  bytes avatar = 6; // Аватарка в байтах (thumbnailPhoto)
+  repeated string groups = 7; // Список групп
+  bool is_active = 8; // Статус аккаунта
+}
+
+// Модель группы
+message GroupData {
+  string dn = 1;
+  string name = 2; // Короткое имя группы (cn)
+}
+
+// ==========================================
+// ЗАПРОСЫ И ОТВЕТЫ (REQUESTS / RESPONSES)
+// ==========================================
+
+// --- Авторизация ---
 message VerifyRequest {
   string username = 1;
   string password = 2;
@@ -16,13 +66,51 @@ message VerifyRequest {
 message VerifyResponse {
   bool success = 1;
   string error_message = 2;
-  UserData user = 3;
+  UserData user = 3; // Отдаем полные данные при успешном входе
 }
 
-message UserData {
+// --- Списки ---
-  string dn = 1;
+message UserListResponse {
-  string display_name = 2;
+  bool success = 1;
-  repeated string groups = 3;
+  string error_message = 2;
-  bool is_active = 4;
+  repeated UserData users = 3;
 }
 
+message GroupListResponse {
+  bool success = 1;
+  string error_message = 2;
+  repeated GroupData groups = 3;
+}
+
+// --- Управление профилем ---
+message CreateUserRequest {
+  string username = 1;
+  string full_name = 2;
+  string password = 3;
+  optional string email = 4; // Сразу при создании можно задать почту
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+message UpdateUserRequest {
+  string username = 1; // Обязательное поле: кого обновляем
+  optional string display_name = 2; // Новое ФИО (повлечет Rename CN)
+  optional string email = 3;        // Новая почта
+  optional string description = 4;  // Новое описание
+  optional bytes avatar = 5;        // Новая аватарка (бинарник картинки)
+}
+
+message ChangePasswordRequest {
+  string username = 1;
+  string new_password = 2;
+}
+
+message ToggleStatusRequest {
+  string username = 1;
+  bool set_active = 2; // true - включить (512), false - отключить (514)
+}
+
+// --- Управление членством в группах ---
+message GroupMemberRequest {
+  string username = 1; // Логин пользователя
+  string group_dn = 2; // Полный путь группы (в которую добавляем / из которой удаляем)
+}