159 lines
4.3 KiB
Protocol Buffer
159 lines
4.3 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package auth.v1;
|
|
|
|
option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
|
|
|
|
service AuthService {
|
|
rpc Login (LoginRequest) returns (LoginResponse);
|
|
rpc Refresh (RefreshRequest) returns (RefreshResponse);
|
|
rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
|
|
rpc GetAccountRoleLevel (GetAccountRoleLevelRequest) returns (GetAccountRoleLevelResponse);
|
|
rpc Logout (LogoutRequest) returns (LogoutResponse);
|
|
rpc LogoutOther (LogoutRequest) returns (LogoutResponse);
|
|
rpc GetSessions(GetSessionRequest) returns (GetSessionsResponse);
|
|
rpc TerminateSession(TerminateSessionRequest) returns (TerminateSessionResponse);
|
|
|
|
// Системные методы для админа
|
|
rpc SystemCreateAccount (SystemCreateAccountRequest) returns (SystemCreateAccountResponse);
|
|
rpc SystemChangeStatus (SystemChangeStatusRequest) returns (SystemChangeStatusResponse);
|
|
rpc SystemUpdatePassword (SystemUpdatePasswordRequest) returns (SystemUpdatePasswordResponse);
|
|
rpc SystemUpdatePin (SystemUpdatePinRequest) returns (SystemUpdatePinResponse);
|
|
rpc SystemBlockIp(SystemBlockIpRequest) returns (SystemBlockIpResponse);
|
|
rpc SystemUnblockIp(SystemUnblockIpRequest) returns (SystemUnblockIpResponse);
|
|
}
|
|
|
|
message LoginRequest {
|
|
string username = 1;
|
|
string password = 2;
|
|
string device_id = 3; // Уникальный идентификатор устройства клиента
|
|
string public_key = 4; // Публичный ключ устройства для шифрования сообщений
|
|
}
|
|
|
|
message LoginResponse {
|
|
string access_token = 1;
|
|
string refresh_token = 2;
|
|
string status = 3;
|
|
bool need2fa = 4;
|
|
optional string temp_token = 5;
|
|
optional string message = 6;
|
|
optional string error_code = 7;
|
|
}
|
|
|
|
message RefreshRequest {
|
|
string refresh_token = 1;
|
|
}
|
|
|
|
message RefreshResponse {
|
|
string access_token = 1;
|
|
string refresh_token = 2;
|
|
}
|
|
|
|
message LogoutRequest {
|
|
string user_id = 1;
|
|
string session_id = 2;
|
|
}
|
|
|
|
message LogoutResponse {
|
|
bool success = 1;
|
|
string message = 2;
|
|
}
|
|
|
|
message VerifyTokenRequest {
|
|
string token = 1;
|
|
}
|
|
|
|
message VerifyTokenResponse {
|
|
bool is_valid = 1;
|
|
optional string error_message = 2;
|
|
optional string id = 3;
|
|
optional string username = 4;
|
|
optional int32 role_level = 5;
|
|
repeated string permissions = 6;
|
|
optional string session_id = 7;
|
|
optional bool requires_pin = 8;
|
|
optional string device_id = 9;
|
|
}
|
|
|
|
message GetAccountRoleLevelRequest {
|
|
string account_id = 1;
|
|
}
|
|
|
|
message GetAccountRoleLevelResponse {
|
|
bool found = 1;
|
|
int32 role_level = 2;
|
|
}
|
|
|
|
message GetSessionRequest {
|
|
string user_id = 1;
|
|
string current_session_id = 2;
|
|
}
|
|
|
|
message SessionItem {
|
|
string id = 1; // Здесь будет лежать захэшированный ID
|
|
string ip_address = 2;
|
|
string user_agent = 3;
|
|
int64 last_activity = 4; // Unix timestamp в миллисекундах
|
|
bool is_current = 5; // Флаг текущей сессии
|
|
string device_id = 6;
|
|
}
|
|
|
|
message GetSessionsResponse {
|
|
repeated SessionItem sessions = 1;
|
|
}
|
|
|
|
message TerminateSessionRequest {
|
|
string user_id = 1;
|
|
string target_hash = 2; // Хэш сессии, которую нужно убить
|
|
}
|
|
|
|
message TerminateSessionResponse {
|
|
bool success = 1;
|
|
string message = 2;
|
|
}
|
|
|
|
message SystemCreateAccountRequest {
|
|
string username = 1;
|
|
string password_hash = 2; // Хеш пароля генерирует Admin Service и передает сюда
|
|
bool is_ldap = 3;
|
|
}
|
|
message SystemCreateAccountResponse {
|
|
string account_id = 1;
|
|
}
|
|
|
|
message SystemChangeStatusRequest {
|
|
string account_id = 1;
|
|
string status = 2; // 'ACTIVE', 'BLOCKED', 'DELETED'
|
|
}
|
|
message SystemChangeStatusResponse { bool success = 1; }
|
|
|
|
message SystemUpdatePasswordRequest {
|
|
string account_id = 1;
|
|
string new_password_hash = 2;
|
|
}
|
|
message SystemUpdatePasswordResponse { bool success = 1; }
|
|
|
|
message SystemUpdatePinRequest {
|
|
string account_id = 1;
|
|
optional string pin_hash = 2; // null если удаляем
|
|
}
|
|
|
|
message SystemUpdatePinResponse { bool success = 1; }
|
|
|
|
message SystemBlockIpRequest {
|
|
string ip_address = 1;
|
|
string admin_id = 2;
|
|
optional string reason = 3;
|
|
}
|
|
|
|
message SystemBlockIpResponse {
|
|
bool success = 1;
|
|
}
|
|
|
|
message SystemUnblockIpRequest {
|
|
string ip_address = 1;
|
|
}
|
|
|
|
message SystemUnblockIpResponse {
|
|
bool success = 2;
|
|
} |