syntax = "proto3";

package identity;
import "google/rpc/status.proto";


service AuthService {
    rpc Login (LoginRequest) returns (LoginResponse);
    rpc Register (RegisterRequest) returns (RegisterResponse);
    rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
}

service TwoFaService {
  rpc GetTwoFaStatus (GetTwoFaStatusRequest) returns (GetTwoFaStatusResponse);
  rpc StartTotpEnrollment (AuthenticatedAccessRequest) returns (StartTotpEnrollmentResponse);
  rpc ConfirmTotpErollment (ConfirmTotpEnrollmentRequest) returns (ConfirmTotpEnrollmentResponse);
  rpc CancelTotpEnrollment (AuthenticatedAccessRequest) returns (CancelTotpEnrollmentResponse);
  rpc DisableTotp (DisableTotpRequest) returns (DisableTotpResponse);
  rpc StartTelegramEnrollment (AuthenticatedAccessRequest) returns (StartTelegramEnrollmentResponse);
  rpc ConfirmTelegramEnrollment (ConfirmTelegramEnrollmentRequest) returns (ConfirmTelegramEnrollmentResponse);
  rpc DisableTelegram(DisableTelegramRequest) returns (DisableTelegramResponse);
}

message LoginRequest {
  string username = 1;
  string password = 2;
}

message LoginResponse {
  string access_token = 1;
  string refresh_token = 2;
  string status = 3;
  bool need2fa = 4;
  string temp_token = 5;
  string message = 6;
  string error_code = 7;
  google.rpc.Status error = 8;
}

message RegisterRequest {
  string username = 1;
  string password = 2;
}

message RegisterResponse {
  string user_id = 1;
  string status = 2;
  string message = 3;
}

message Verify2FaRequest {
    string temp_token = 1;
    optional string totp_code = 2;  
    optional string telegram_code = 3;
}

message Verify2FaResponse {
  string access_token = 1;
  string refresh_token = 2;
  string status = 3;
  string message = 4;
  repeated string reserve_codes = 5;
}

message AuthenticatedAccessRequest {
  string access_token = 1;
}

message GetTwoFaStatusRequest {
  string access_token = 1;
}

message GetTwoFaStatusResponse {
  bool totp_enabled = 1;
  bool telegram_enabled = 2;
  bool totp_enrollment_pending = 3;
  bool telegram_enrollment_pending = 4;
}

message StartTotpEnrollmentResponse {
  string secret_base32 = 1;
  string otpauth_uri = 2;
  string issuer = 3;
  string account_label = 4;
}

message ConfirmTotpEnrollmentRequest {
  string access_token = 1;
  string totp_code = 2;
}

message ConfirmTotpEnrollmentResponse {
  string status = 1;
  string message = 2;
  repeated string reserve_codes = 3;
}

message CancelTotpEnrollmentResponse {
  string status = 1;
  string message = 2;
}

message DisableTotpRequest {
  string access_token = 1;
  string password = 2;
  optional string totp_code = 3;
}

message DisableTotpResponse {
  string status = 1;
  string message = 2;
}

message StartTelegramEnrollmentResponse {
  string enrollment_token = 1;
  string deep_link = 2;
  string bot_username = 3;
  string expires_at_iso = 4;
}

message ConfirmTelegramEnrollmentRequest {
  string access_token = 1;
  string enrollment_token = 2;
  string otp_code = 3;  
}

message ConfirmTelegramEnrollmentResponse {
  string status = 1;
  string message = 2;
  repeated string reserve_codes=3;
}

message DisableTelegramRequest {
  string access_token = 1;
  string password = 2;
  optional string telegram_otp_code = 3;
}

message DisableTelegramResponse {
  string status = 1;
  string message = 2;
}