add go_package account proto file

.github/workflows/publish.yml

@@ -50,7 +50,7 @@ jobs:
           npm install -g ts-proto
           mkdir -p ./gen/go  # Создаем вложенную папку для Go
           protoc -I ./proto ./proto/*.proto \
-            --ts_proto_out=nestJs=true,package=omit:./gen \
+            --ts_proto_out=nestJs=true,addGrpcMetadata=true,package=omit:./gen \
             --go_out=paths=source_relative:./gen/go \
             --go-grpc_out=paths=source_relative:./gen/go
 

gen/identity.ts

@@ -1,276 +0,0 @@
-// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
-// versions:
-//   protoc-gen-ts_proto  v2.11.6
-//   protoc               v7.34.1
-// source: identity.proto
-
-/* eslint-disable */
-import { GrpcMethod, GrpcStreamMethod } from "@nestjs/microservices";
-import { Observable } from "rxjs";
-import { Status } from "./google/rpc/status";
-
-export const protobufPackage = "identity";
-
-export interface LoginRequest {
-  username: string;
-  password: string;
-}
-
-export interface LoginResponse {
-  accessToken: string;
-  refreshToken: string;
-  status: string;
-  need2fa: boolean;
-  tempToken?: string | undefined;
-  message?: string | undefined;
-  errorCode?: string | undefined;
-  error?: Status | undefined;
-}
-
-export interface RefreshRequest {
-  refreshToken: string;
-}
-
-export interface RefreshResponse {
-  accessToken: string;
-  refreshToken: string;
-}
-
-export interface LogoutRequest {
-  accessToken: string;
-}
-
-export interface LogoutResponse {
-  success: boolean;
-  message: string;
-}
-
-export interface UnlockPinRequest {
-  accessToken: string;
-  pinCode: string;
-}
-
-export interface UnlockPinResponse {
-  success: boolean;
-  message: string;
-}
-
-export interface Verify2FaRequest {
-  tempToken: string;
-  totpCode?: string | undefined;
-  telegramCode?: string | undefined;
-}
-
-export interface Verify2FaResponse {
-  accessToken: string;
-  refreshToken: string;
-  status: string;
-  message: string;
-  reserveCodes: string[];
-}
-
-export interface AuthenticatedAccessRequest {
-  accessToken: string;
-}
-
-export interface GetTwoFaStatusRequest {
-  accessToken: string;
-}
-
-export interface GetTwoFaStatusResponse {
-  totpEnabled: boolean;
-  telegramEnabled: boolean;
-  totpEnrollmentPending: boolean;
-  telegramEnrollmentPending: boolean;
-}
-
-export interface StartTotpEnrollmentResponse {
-  secretBase32: string;
-  otpauthUri: string;
-  issuer: string;
-  accountLabel: string;
-}
-
-export interface ConfirmTotpEnrollmentRequest {
-  accessToken: string;
-  totpCode: string;
-}
-
-export interface ConfirmTotpEnrollmentResponse {
-  status: string;
-  message: string;
-  reserveCodes: string[];
-}
-
-export interface CancelTotpEnrollmentResponse {
-  status: string;
-  message: string;
-}
-
-export interface DisableTotpRequest {
-  accessToken: string;
-  password: string;
-  totpCode?: string | undefined;
-}
-
-export interface DisableTotpResponse {
-  status: string;
-  message: string;
-}
-
-export interface StartTelegramEnrollmentResponse {
-  enrollmentToken: string;
-  deepLink: string;
-  botUsername: string;
-  expiresAtIso: string;
-}
-
-export interface ConfirmTelegramEnrollmentRequest {
-  accessToken: string;
-  enrollmentToken: string;
-  otpCode: string;
-}
-
-export interface ConfirmTelegramEnrollmentResponse {
-  status: string;
-  message: string;
-  reserveCodes: string[];
-}
-
-export interface DisableTelegramRequest {
-  accessToken: string;
-  password: string;
-  telegramOtpCode?: string | undefined;
-}
-
-export interface DisableTelegramResponse {
-  status: string;
-  message: string;
-}
-
-export const IDENTITY_PACKAGE_NAME = "identity";
-
-export interface AuthServiceClient {
-  login(request: LoginRequest): Observable<LoginResponse>;
-
-  refresh(request: RefreshRequest): Observable<RefreshResponse>;
-
-  logout(request: LogoutRequest): Observable<LogoutResponse>;
-
-  unlockPin(request: UnlockPinRequest): Observable<UnlockPinResponse>;
-
-  verify2Fa(request: Verify2FaRequest): Observable<Verify2FaResponse>;
-}
-
-export interface AuthServiceController {
-  login(request: LoginRequest): Promise<LoginResponse> | Observable<LoginResponse> | LoginResponse;
-
-  refresh(request: RefreshRequest): Promise<RefreshResponse> | Observable<RefreshResponse> | RefreshResponse;
-
-  logout(request: LogoutRequest): Promise<LogoutResponse> | Observable<LogoutResponse> | LogoutResponse;
-
-  unlockPin(request: UnlockPinRequest): Promise<UnlockPinResponse> | Observable<UnlockPinResponse> | UnlockPinResponse;
-
-  verify2Fa(request: Verify2FaRequest): Promise<Verify2FaResponse> | Observable<Verify2FaResponse> | Verify2FaResponse;
-}
-
-export function AuthServiceControllerMethods() {
-  return function (constructor: Function) {
-    const grpcMethods: string[] = ["login", "refresh", "logout", "unlockPin", "verify2Fa"];
-    for (const method of grpcMethods) {
-      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
-    }
-    const grpcStreamMethods: string[] = [];
-    for (const method of grpcStreamMethods) {
-      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcStreamMethod("AuthService", method)(constructor.prototype[method], method, descriptor);
-    }
-  };
-}
-
-export const AUTH_SERVICE_NAME = "AuthService";
-
-export interface TwoFaServiceClient {
-  getTwoFaStatus(request: GetTwoFaStatusRequest): Observable<GetTwoFaStatusResponse>;
-
-  startTotpEnrollment(request: AuthenticatedAccessRequest): Observable<StartTotpEnrollmentResponse>;
-
-  confirmTotpErollment(request: ConfirmTotpEnrollmentRequest): Observable<ConfirmTotpEnrollmentResponse>;
-
-  cancelTotpEnrollment(request: AuthenticatedAccessRequest): Observable<CancelTotpEnrollmentResponse>;
-
-  disableTotp(request: DisableTotpRequest): Observable<DisableTotpResponse>;
-
-  startTelegramEnrollment(request: AuthenticatedAccessRequest): Observable<StartTelegramEnrollmentResponse>;
-
-  confirmTelegramEnrollment(request: ConfirmTelegramEnrollmentRequest): Observable<ConfirmTelegramEnrollmentResponse>;
-
-  disableTelegram(request: DisableTelegramRequest): Observable<DisableTelegramResponse>;
-}
-
-export interface TwoFaServiceController {
-  getTwoFaStatus(
-    request: GetTwoFaStatusRequest,
-  ): Promise<GetTwoFaStatusResponse> | Observable<GetTwoFaStatusResponse> | GetTwoFaStatusResponse;
-
-  startTotpEnrollment(
-    request: AuthenticatedAccessRequest,
-  ): Promise<StartTotpEnrollmentResponse> | Observable<StartTotpEnrollmentResponse> | StartTotpEnrollmentResponse;
-
-  confirmTotpErollment(
-    request: ConfirmTotpEnrollmentRequest,
-  ): Promise<ConfirmTotpEnrollmentResponse> | Observable<ConfirmTotpEnrollmentResponse> | ConfirmTotpEnrollmentResponse;
-
-  cancelTotpEnrollment(
-    request: AuthenticatedAccessRequest,
-  ): Promise<CancelTotpEnrollmentResponse> | Observable<CancelTotpEnrollmentResponse> | CancelTotpEnrollmentResponse;
-
-  disableTotp(
-    request: DisableTotpRequest,
-  ): Promise<DisableTotpResponse> | Observable<DisableTotpResponse> | DisableTotpResponse;
-
-  startTelegramEnrollment(
-    request: AuthenticatedAccessRequest,
-  ):
-    | Promise<StartTelegramEnrollmentResponse>
-    | Observable<StartTelegramEnrollmentResponse>
-    | StartTelegramEnrollmentResponse;
-
-  confirmTelegramEnrollment(
-    request: ConfirmTelegramEnrollmentRequest,
-  ):
-    | Promise<ConfirmTelegramEnrollmentResponse>
-    | Observable<ConfirmTelegramEnrollmentResponse>
-    | ConfirmTelegramEnrollmentResponse;
-
-  disableTelegram(
-    request: DisableTelegramRequest,
-  ): Promise<DisableTelegramResponse> | Observable<DisableTelegramResponse> | DisableTelegramResponse;
-}
-
-export function TwoFaServiceControllerMethods() {
-  return function (constructor: Function) {
-    const grpcMethods: string[] = [
-      "getTwoFaStatus",
-      "startTotpEnrollment",
-      "confirmTotpErollment",
-      "cancelTotpEnrollment",
-      "disableTotp",
-      "startTelegramEnrollment",
-      "confirmTelegramEnrollment",
-      "disableTelegram",
-    ];
-    for (const method of grpcMethods) {
-      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
-    }
-    const grpcStreamMethods: string[] = [];
-    for (const method of grpcStreamMethods) {
-      const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
-      GrpcStreamMethod("TwoFaService", method)(constructor.prototype[method], method, descriptor);
-    }
-  };
-}
-
-export const TWO_FA_SERVICE_NAME = "TwoFaService";

go.mod

@@ -1,3 +1,3 @@
-module git.lendry.ru/lendry-erp/proto
+module git.lendry.ru/lendry-erp/contracts.git
 
 go 1.26.1

package-lock.json

@@ -1,14 +1,15 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.2",
+  "version": "1.0.24",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@lendry-erp/contracts",
-      "version": "1.0.2",
+      "version": "1.0.24",
       "dependencies": {
-        "@lendry-erp/contracts": "^1.0.2",
+        "@lendry-erp/contracts": "^1.0.24",
+        "@lendry-erp/passport": "^1.0.3",
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
@@ -23,7 +24,6 @@
       "resolved": "https://registry.npmjs.org/@borewit/text-codec/-/text-codec-0.2.2.tgz",
       "integrity": "sha512-DDaRehssg1aNrH4+2hnj1B7vnUGEjU6OIlyRdkMd0aUdIUvKXrJfXsy8LVtXAy7DRvYVluWbMspsRhz2lcW0mQ==",
       "license": "MIT",
-      "peer": true,
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/Borewit"
@@ -36,21 +36,32 @@
       "license": "(Apache-2.0 AND BSD-3-Clause)"
     },
     "node_modules/@lendry-erp/contracts": {
-      "version": "1.0.2",
+      "version": "1.0.24",
-      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.2/contracts-1.0.2.tgz",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fcontracts/-/1.0.24/contracts-1.0.24.tgz",
-      "integrity": "sha512-39NulQ6mn3dmrX/GXwzYYPyX/rE+4gO1En+uJJR9bHXZ3awWi0U3drIvgwM25gyi829Ae0U8vVtzMaP3gON90A==",
+      "integrity": "sha512-Bn4RgU22O6IDFhYEbQicBLpRtSGHrEgqOSAljQh4lT5shMeLedlE0V3jFxzFu9xpyTzcM/o+C96vpsAHab0tbg==",
       "dependencies": {
         "@nestjs/microservices": "^11.1.17",
         "rxjs": "^7.8.2",
         "ts-proto": "^2.11.6"
       }
     },
+    "node_modules/@lendry-erp/passport": {
+      "version": "1.0.3",
+      "resolved": "https://git.lendry.ru/api/packages/lendry-erp/npm/%40lendry-erp%2Fpassport/-/1.0.3/passport-1.0.3.tgz",
+      "integrity": "sha512-gaPdlZahkXmOUnLBlzNdk41nJ1BI6TPZY5xUaCmlIkpqZKr8D5TSBBkFrw4Vlw+TLImqL2Y1JUT4k60gHHtjiw==",
+      "license": "ISC",
+      "dependencies": {
+        "@nestjs/common": "^11.1.17",
+        "@nestjs/core": "^11.1.17",
+        "reflect-metadata": "^0.2.2",
+        "rxjs": "^7.8.2"
+      }
+    },
     "node_modules/@lukeed/csprng": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/@lukeed/csprng/-/csprng-1.1.0.tgz",
       "integrity": "sha512-Z7C/xXCiGWsg0KuKsHTKJxbWhpI3Vs5GwLfOean7MGyVFGqdRgBbAjOCh6u4bbjPc/8MJ2pZmK/0DLdCbivLDA==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=8"
       }
@@ -60,7 +71,6 @@
       "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-11.1.17.tgz",
       "integrity": "sha512-hLODw5Abp8OQgA+mUO4tHou4krKgDtUcM9j5Ihxncst9XeyxYBTt2bwZm4e4EQr5E352S4Fyy6V3iFx9ggxKAg==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "file-type": "21.3.2",
         "iterare": "1.2.1",
@@ -93,7 +103,6 @@
       "integrity": "sha512-lD5mAYekTTurF3vDaa8C2OKPnjiz4tsfxIc5XlcSUzOhkwWf6Ay3HKvt6FmvuWQam6uIIHX52Clg+e6tAvf/cg==",
       "hasInstallScript": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@nuxt/opencollective": "0.4.1",
         "fast-safe-stringify": "2.1.1",
@@ -192,7 +201,6 @@
       "resolved": "https://registry.npmjs.org/@nuxt/opencollective/-/opencollective-0.4.1.tgz",
       "integrity": "sha512-GXD3wy50qYbxCJ652bDrDzgMr3NFEkIS374+IgFQKkCvk9yiYcLvX2XDYr7UyQxf4wK0e+yqDYRubZ0DtOxnmQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "consola": "^3.2.3"
       },
@@ -209,7 +217,6 @@
       "resolved": "https://registry.npmjs.org/@tokenizer/inflate/-/inflate-0.4.1.tgz",
       "integrity": "sha512-2mAv+8pkG6GIZiF1kNg1jAjh27IDxEPKwdGul3snfztFerfPGI1LjDezZp3i7BElXompqEtPmoPx6c2wgtWsOA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "debug": "^4.4.3",
         "token-types": "^6.1.1"
@@ -226,8 +233,7 @@
       "version": "0.3.0",
       "resolved": "https://registry.npmjs.org/@tokenizer/token/-/token-0.3.0.tgz",
       "integrity": "sha512-OvjF+z51L3ov0OyAU0duzsYuvO01PH7x4t6DJx+guahgTnBHkhJdG7soQeTSFLWN3efnHyibZ4Z8l2EuWwJN3A==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/@types/node": {
       "version": "25.5.0",
@@ -256,7 +262,6 @@
       "resolved": "https://registry.npmjs.org/consola/-/consola-3.4.2.tgz",
       "integrity": "sha512-5IKcdX0nnYavi6G7TtOhwkYzyjfJlatbjMjuLSfE2kYT5pMDOilZ4OvMhi637CcDICTmz3wARPoyhqyX1Y+XvA==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": "^14.18.0 || >=16.10.0"
       }
@@ -266,7 +271,6 @@
       "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
       "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "ms": "^2.1.3"
       },
@@ -304,15 +308,13 @@
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz",
       "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/file-type": {
       "version": "21.3.2",
       "resolved": "https://registry.npmjs.org/file-type/-/file-type-21.3.2.tgz",
       "integrity": "sha512-DLkUvGwep3poOV2wpzbHCOnSKGk1LzyXTv+aHFgN2VFl96wnp8YA9YjO2qPzg5PuL8q/SW9Pdi6WTkYOIh995w==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@tokenizer/inflate": "^0.4.1",
         "strtok3": "^10.3.4",
@@ -344,8 +346,7 @@
           "url": "https://feross.org/support"
         }
       ],
-      "license": "BSD-3-Clause",
+      "license": "BSD-3-Clause"
-      "peer": true
     },
     "node_modules/iterare": {
       "version": "1.2.1",
@@ -371,7 +372,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=13.2.0"
       }
@@ -380,15 +380,13 @@
       "version": "2.1.3",
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
       "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
-      "license": "MIT",
+      "license": "MIT"
-      "peer": true
     },
     "node_modules/path-to-regexp": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
       "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
       "license": "MIT",
-      "peer": true,
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/express"
@@ -398,8 +396,7 @@
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
       "integrity": "sha512-urBwgfrvVP/eAyXx4hluJivBKzuEbSQs9rKWCrCkbSxNv8mxPcUZKeuoF3Uy4mJl3Lwprp6yy5/39VWigZ4K6Q==",
-      "license": "Apache-2.0",
+      "license": "Apache-2.0"
-      "peer": true
     },
     "node_modules/rxjs": {
       "version": "7.8.2",
@@ -415,7 +412,6 @@
       "resolved": "https://registry.npmjs.org/strtok3/-/strtok3-10.3.5.tgz",
       "integrity": "sha512-ki4hZQfh5rX0QDLLkOCj+h+CVNkqmp/CMf8v8kZpkNVK6jGQooMytqzLZYUVYIZcFZ6yDB70EfD8POcFXiF5oA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@tokenizer/token": "^0.3.0"
       },
@@ -432,7 +428,6 @@
       "resolved": "https://registry.npmjs.org/token-types/-/token-types-6.1.2.tgz",
       "integrity": "sha512-dRXchy+C0IgK8WPC6xvCHFRIWYUbqqdEIKPaKo/AcTUNzwLTK6AH7RjdLWsEZcAN/TBdtfUw3PYEgPr5VPr6ww==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@borewit/text-codec": "^0.2.1",
         "@tokenizer/token": "^0.3.0",
@@ -504,7 +499,6 @@
       "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
       "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@lukeed/csprng": "^1.0.0"
       },
@@ -517,7 +511,6 @@
       "resolved": "https://registry.npmjs.org/uint8array-extras/-/uint8array-extras-1.5.0.tgz",
       "integrity": "sha512-rvKSBiC5zqCCiDZ9kAOszZcDvdAHwwIKJG33Ykj43OKcWsnmcBRL09YTU4nOeHZ8Y2a7l1MgTd08SBe9A8Qj6A==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=18"
       },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lendry-erp/contracts",
-  "version": "1.0.11",
+  "version": "1.0.29",
   "description": "Protobuf definitions and generated TypeScript types",
   "type": "commonjs",
   "main": "./dist/index.js",
@@ -17,6 +17,8 @@
     "access": "public"
   },
   "dependencies": {
+    "@lendry-erp/contracts": "^1.0.24",
+    "@lendry-erp/passport": "^1.0.3",
     "@nestjs/microservices": "^11.1.17",
     "rxjs": "^7.8.2",
     "ts-proto": "^2.11.6"

proto/account.proto

@@ -0,0 +1,41 @@
+syntax = "proto3";
+
+package account;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service AccountService {
+  rpc GetAccount(GetAccountRequest) returns (GetAccountResponse);
+}
+
+message GetAccountRequest {
+  string id = 1;
+}
+
+message GetAccountResponse {
+  string id = 1;
+  string username = 2;
+  string email = 3;
+  string phone = 4;
+  string full_name = 5;
+  bool is_ldap = 6;
+  string status = 7;
+  repeated string roles = 8;
+  string avatar_url = 9;
+  optional string employee_id = 10;
+  Presence presence = 11;
+  string last_active = 12;
+  string custom_status_text = 13;
+  string custom_status_emoji = 14;
+  string timezone = 15;
+  string language = 16;
+  bool two_fa_enabled = 17;
+  bool has_pin = 18;
+}
+
+enum Presence {
+  PRESENCE_UNSPECIFIED = 0;
+  OFFLINE = 1;
+  ONLINE = 2;
+}
+

proto/auth.proto

@@ -0,0 +1,85 @@
+syntax = "proto3";
+
+package auth.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+service AuthService {
+    rpc Login (LoginRequest) returns (LoginResponse);
+    rpc Refresh (RefreshRequest) returns (RefreshResponse);
+    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
+    rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
+    rpc Logout (LogoutRequest) returns (LogoutResponse);
+    rpc LogoutAll (LogoutRequest) returns (LogoutResponse);
+    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
+    
+}
+
+message LoginRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message LoginResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+  string status = 3;
+  bool need2fa = 4;
+  optional string temp_token = 5;
+  optional string message = 6;
+  optional string error_code = 7;
+}
+
+message RefreshRequest {
+  string refresh_token = 1;
+}
+
+message RefreshResponse {
+  string access_token = 1;
+  string refresh_token = 2;
+}
+
+message LogoutRequest {
+  string access_token = 1;
+}
+
+message LogoutResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+message VerifyTokenRequest {
+  string token = 1;
+}
+
+message VerifyTokenResponse {
+  bool is_valid = 1;
+  optional string error_message = 2;
+  optional string id = 3;
+  optional string username = 4;
+  optional int32 role_level = 5;
+  repeated string permissions = 6;
+  optional string session_id = 7;
+  optional bool requires_pin = 8;
+}
+
+message GetAccountRoleLevelRequest {
+  string account_id = 1;
+}
+
+message GetAccountRoleLevelResponse {
+  bool found = 1;
+  int32 role_level = 2;
+}
+
+message UnlockPinRequest {
+  string access_token = 1;
+  string pin_code = 2;
+}
+
+message UnlockPinResponse {
+  bool success = 1;
+  string message = 2;
+}
+
+

proto/ldap-auth.proto

@@ -0,0 +1,45 @@
+syntax = "proto3";
+
+package ldap_auth.v1;
+
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
+
+
+service LdapAuthService {
+  rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
+
+}
+
+// ==========================================
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
+// ==========================================
+
+// Полная модель пользователя
+message UserData {
+  string dn = 1; // Полный путь в AD (Distinguished Name)
+  string username = 2; // Логин (sAMAccountName)
+  string display_name = 3; // ФИО (displayName)
+  string email = 4; // Почта (mail)
+  string description = 5; // Описание/Должность (description)
+  bytes avatar = 6; // Аватарка в байтах (thumbnailPhoto)
+  repeated string groups = 7; // Список групп
+  bool is_active = 8; // Статус аккаунта
+}
+
+
+// ==========================================
+// ЗАПРОСЫ И ОТВЕТЫ (REQUESTS / RESPONSES)
+// ==========================================
+
+// --- Авторизация ---
+message VerifyRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message VerifyResponse {
+  bool success = 1;
+  string error_message = 2;
+  UserData user = 3; // Отдаем полные данные при успешном входе
+}
+

proto/ldap.proto

@@ -1,28 +1,94 @@
 syntax = "proto3";
 
-package ldap_service;
+package ldap.v1;
 
-option go_package = "git.lendry.ru/lendry-erp/gen;ldap_service";
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
 
-service LdapAuth {
+service LdapService {
-    rpc VerifyUser (VerifyRequest) returns (VerifyResponse);
+  // Управление Пользователями (Bind системного аккаунта) ---
+  rpc GetUsers (EmptyRequest) returns (UserListResponse);
+  rpc CreateUser (CreateUserRequest) returns (StatusResponse);
+  rpc UpdateUser (UpdateUserRequest) returns (StatusResponse);
+  rpc ChangePassword (ChangePasswordRequest) returns (StatusResponse);
+  rpc ToggleUserStatus (ToggleStatusRequest) returns (StatusResponse);
+
+  // Управление Группами ---
+  rpc GetGroups (EmptyRequest) returns (GroupListResponse);
+  rpc AddUserToGroup (GroupMemberRequest) returns (StatusResponse);
+  rpc RemoveUserFromGroup (GroupMemberRequest) returns (StatusResponse);
 }
 
-message VerifyRequest {
+// ==========================================
-  string username = 1;
+// БАЗОВЫЕ И ПЕРЕИСПОЛЬЗУЕМЫЕ СТРУКТУРЫ
-  string password = 2;
+// ==========================================
-}
+message EmptyRequest {}
 
-message VerifyResponse {
+// Стандартный ответ для мутаций (создание, обновление, удаление)
+message StatusResponse {
   bool success = 1;
   string error_message = 2;
-  UserData user = 3;
 }
 
+// Полная модель пользователя
 message UserData {
-  string dn = 1;
+  string dn = 1; // Полный путь в AD (Distinguished Name)
-  string display_name = 2;
+  string username = 2; // Логин (sAMAccountName)
-  repeated string groups = 3;
+  string display_name = 3; // ФИО (displayName)
-  bool is_active = 4;
+  string email = 4; // Почта (mail)
+  string description = 5; // Описание/Должность (description)
+  bytes avatar = 6; // Аватарка в байтах (thumbnailPhoto)
+  repeated string groups = 7; // Список групп
+  bool is_active = 8; // Статус аккаунта
 }
 
+// Модель группы
+message GroupData {
+  string dn = 1;
+  string name = 2; // Короткое имя группы (cn)
+}
+
+// --- Списки ---
+message UserListResponse {
+  bool success = 1;
+  string error_message = 2;
+  repeated UserData users = 3;
+}
+
+message GroupListResponse {
+  bool success = 1;
+  string error_message = 2;
+  repeated GroupData groups = 3;
+}
+
+// --- Управление профилем ---
+message CreateUserRequest {
+  string username = 1;
+  string full_name = 2;
+  string password = 3;
+  optional string email = 4; // Сразу при создании можно задать почту
+}
+
+// Запрос на обновление. Используем optional для частичного обновления.
+message UpdateUserRequest {
+  string username = 1; // Обязательное поле: кого обновляем
+  optional string display_name = 2; // Новое ФИО (повлечет Rename CN)
+  optional string email = 3;        // Новая почта
+  optional string description = 4;  // Новое описание
+  optional bytes avatar = 5;        // Новая аватарка (бинарник картинки)
+}
+
+message ChangePasswordRequest {
+  string username = 1;
+  string new_password = 2;
+}
+
+message ToggleStatusRequest {
+  string username = 1;
+  bool set_active = 2; // true - включить (512), false - отключить (514)
+}
+
+// --- Управление членством в группах ---
+message GroupMemberRequest {
+  string username = 1; // Логин пользователя
+  string group_dn = 2; // Полный путь группы (в которую добавляем / из которой удаляем)
+}

proto/twofa.proto

@@ -1,72 +1,21 @@
 syntax = "proto3";
 
-package identity;
+package twofa.v1;
 
-option go_package = './gen';
+option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
-
-service AuthService {
-    rpc Login (LoginRequest) returns (LoginResponse);
-    rpc Refresh (RefreshRequest) returns (RefreshResponse);
-    rpc Logout (LogoutRequest) returns (LogoutResponse);
-    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
-    rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
-}
 
 service TwoFaService {
-  rpc GetTwoFaStatus (GetTwoFaStatusRequest) returns (GetTwoFaStatusResponse);
+    rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
-  rpc StartTotpEnrollment (AuthenticatedAccessRequest) returns (StartTotpEnrollmentResponse);
+    rpc GetTwoFaStatus (GetTwoFaStatusRequest) returns (GetTwoFaStatusResponse);
-  rpc ConfirmTotpErollment (ConfirmTotpEnrollmentRequest) returns (ConfirmTotpEnrollmentResponse);
+    rpc StartTotpEnrollment (AuthenticatedAccessRequest) returns (StartTotpEnrollmentResponse);
-  rpc CancelTotpEnrollment (AuthenticatedAccessRequest) returns (CancelTotpEnrollmentResponse);
+    rpc ConfirmTotpErollment (ConfirmTotpEnrollmentRequest) returns (ConfirmTotpEnrollmentResponse);
-  rpc DisableTotp (DisableTotpRequest) returns (DisableTotpResponse);
+    rpc CancelTotpEnrollment (AuthenticatedAccessRequest) returns (CancelTotpEnrollmentResponse);
-  rpc StartTelegramEnrollment (AuthenticatedAccessRequest) returns (StartTelegramEnrollmentResponse);
+    rpc DisableTotp (DisableTotpRequest) returns (DisableTotpResponse);
-  rpc ConfirmTelegramEnrollment (ConfirmTelegramEnrollmentRequest) returns (ConfirmTelegramEnrollmentResponse);
+    rpc StartTelegramEnrollment (AuthenticatedAccessRequest) returns (StartTelegramEnrollmentResponse);
-  rpc DisableTelegram(DisableTelegramRequest) returns (DisableTelegramResponse);
+    rpc ConfirmTelegramEnrollment (ConfirmTelegramEnrollmentRequest) returns (ConfirmTelegramEnrollmentResponse);
+    rpc DisableTelegram(DisableTelegramRequest) returns (DisableTelegramResponse);
 }
 
-message LoginRequest {
-  string username = 1;
-  string password = 2;
-}
-
-message LoginResponse {
-  string access_token = 1;
-  string refresh_token = 2;
-  string status = 3;
-  bool need2fa = 4;
-  optional string temp_token = 5;
-  optional string message = 6;
-  optional string error_code = 7;
-}
-
-message RefreshRequest {
-  string refresh_token = 1;
-}
-
-message RefreshResponse {
-  string access_token = 1;
-  string refresh_token = 2;
-}
-
-message LogoutRequest {
-  string access_token = 1;
-}
-
-message LogoutResponse {
-  bool success = 1;
-  string message = 2;
-}
-
-message UnlockPinRequest {
-  string access_token = 1;
-  string pin_code = 2;
-}
-
-message UnlockPinResponse {
-  bool success = 1;
-  string message = 2;
-}
-
-
 message Verify2FaRequest {
     string temp_token = 1;
     optional string totp_code = 2;  
@@ -158,4 +107,5 @@ message DisableTelegramRequest {
 message DisableTelegramResponse {
   string status = 1;
   string message = 2;
-}
+}
+