contracts/proto/identity.proto

syntax = "proto3";

package identity;

option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";

service AuthService {
    rpc Login (LoginRequest) returns (LoginResponse);
    rpc Refresh (RefreshRequest) returns (RefreshResponse);
    rpc VerifyToken (VerifyTokenRequest) returns (VerifyTokenResponse);
    rpc Logout (LogoutRequest) returns (LogoutResponse);
    rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
    rpc Verify2Fa (Verify2FaRequest) returns (Verify2FaResponse);
}

service TwoFaService {
  rpc GetTwoFaStatus (GetTwoFaStatusRequest) returns (GetTwoFaStatusResponse);
  rpc StartTotpEnrollment (AuthenticatedAccessRequest) returns (StartTotpEnrollmentResponse);
  rpc ConfirmTotpErollment (ConfirmTotpEnrollmentRequest) returns (ConfirmTotpEnrollmentResponse);
  rpc CancelTotpEnrollment (AuthenticatedAccessRequest) returns (CancelTotpEnrollmentResponse);
  rpc DisableTotp (DisableTotpRequest) returns (DisableTotpResponse);
  rpc StartTelegramEnrollment (AuthenticatedAccessRequest) returns (StartTelegramEnrollmentResponse);
  rpc ConfirmTelegramEnrollment (ConfirmTelegramEnrollmentRequest) returns (ConfirmTelegramEnrollmentResponse);
  rpc DisableTelegram(DisableTelegramRequest) returns (DisableTelegramResponse);
}

message LoginRequest {
  string username = 1;
  string password = 2;
}

message LoginResponse {
  string access_token = 1;
  string refresh_token = 2;
  string status = 3;
  bool need2fa = 4;
  optional string temp_token = 5;
  optional string message = 6;
  optional string error_code = 7;
}

message RefreshRequest {
  string refresh_token = 1;
}

message RefreshResponse {
  string access_token = 1;
  string refresh_token = 2;
}

message LogoutRequest {
  string access_token = 1;
}

message LogoutResponse {
  bool success = 1;
  string message = 2;
}

message VerifyTokenRequest {
  string token = 1;
}

message VerifyTokenResponse {
  bool is_valid = 1;
  string error_message = 2;
  string id = 3;
  string username = 4;
  int32 role_level = 5;
  repeated string permissions = 6;
  string session_id = 7;
}

message UnlockPinRequest {
  string access_token = 1;
  string pin_code = 2;
}

message UnlockPinResponse {
  bool success = 1;
  string message = 2;
}


message Verify2FaRequest {
    string temp_token = 1;
    optional string totp_code = 2;  
    optional string telegram_code = 3;
}

message Verify2FaResponse {
  string access_token = 1;
  string refresh_token = 2;
  string status = 3;
  string message = 4;
  repeated string reserve_codes = 5;
}

message AuthenticatedAccessRequest {
  string access_token = 1;
}

message GetTwoFaStatusRequest {
  string access_token = 1;
}

message GetTwoFaStatusResponse {
  bool totp_enabled = 1;
  bool telegram_enabled = 2;
  bool totp_enrollment_pending = 3;
  bool telegram_enrollment_pending = 4;
}

message StartTotpEnrollmentResponse {
  string secret_base32 = 1;
  string otpauth_uri = 2;
  string issuer = 3;
  string account_label = 4;
}

message ConfirmTotpEnrollmentRequest {
  string access_token = 1;
  string totp_code = 2;
}

message ConfirmTotpEnrollmentResponse {
  string status = 1;
  string message = 2;
  repeated string reserve_codes = 3;
}

message CancelTotpEnrollmentResponse {
  string status = 1;
  string message = 2;
}

message DisableTotpRequest {
  string access_token = 1;
  string password = 2;
  optional string totp_code = 3;
}

message DisableTotpResponse {
  string status = 1;
  string message = 2;
}

message StartTelegramEnrollmentResponse {
  string enrollment_token = 1;
  string deep_link = 2;
  string bot_username = 3;
  string expires_at_iso = 4;
}

message ConfirmTelegramEnrollmentRequest {
  string access_token = 1;
  string enrollment_token = 2;
  string otp_code = 3;  
}

message ConfirmTelegramEnrollmentResponse {
  string status = 1;
  string message = 2;
  repeated string reserve_codes=3;
}

message DisableTelegramRequest {
  string access_token = 1;
  string password = 2;
  optional string telegram_otp_code = 3;
}

message DisableTelegramResponse {
  string status = 1;
  string message = 2;
}