kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement Phase 7: gRPC dual-stack interface

Browse Source 
- proto/mcias/v1/: AdminService, AuthService, TokenService,
  AccountService, CredentialService; generated Go stubs in gen/
- internal/grpcserver: full handler implementations sharing all
  business logic (auth, token, db, crypto) with REST server;
  interceptor chain: logging -> auth (JWT alg-first + revocation) ->
  rate-limit (token bucket, 10 req/s, burst 10, per-IP)
- internal/config: optional grpc_addr field in [server] section
- cmd/mciassrv: dual-stack startup; gRPC/TLS listener on grpc_addr
  when configured; graceful shutdown of both servers in 15s window
- cmd/mciasgrpcctl: companion gRPC CLI mirroring mciasctl commands
  (health, pubkey, account, role, token, pgcreds) using TLS with
  optional custom CA cert
- internal/grpcserver/grpcserver_test.go: 20 tests via bufconn covering
  public RPCs, auth interceptor (no token, invalid, revoked -> 401),
  non-admin -> 403, Login/Logout/RenewToken/ValidateToken flows,
  AccountService CRUD, SetPGCreds/GetPGCreds AES-GCM round-trip,
  credential fields absent from all responses
Security:
  JWT validation path identical to REST: alg header checked before
  signature, alg:none rejected, revocation table checked after sig.
  Authorization metadata value never logged by any interceptor.
  Credential fields (PasswordHash, TOTPSecret*, PGPassword) absent from
  all proto response messages — enforced by proto design and confirmed
  by test TestCredentialFieldsAbsentFromAccountResponse.
  Login dummy-Argon2 timing guard preserves timing uniformity for
  unknown users (same as REST handleLogin).
  TLS required at listener level; cmd/mciassrv uses
  credentials.NewServerTLSFromFile; no h2c offered.
137 tests pass, zero race conditions (go test -race ./...)
This commit is contained in:
Kyle Isom
2026-03-11 14:38:47 -07:00
parent 094741b56d
commit 59d51a1d38
38 changed files with 9132 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

983
gen/mcias/v1/account.pb.go Normal file
View File

@@ -0,0 +1,983 @@
// AccountService: account and role CRUD. All RPCs require admin role.
// CredentialService: Postgres credential management.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v6.33.4
// source: mcias/v1/account.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// ListAccountsRequest carries no parameters.
type ListAccountsRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListAccountsRequest) Reset() {
*x = ListAccountsRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListAccountsRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListAccountsRequest) ProtoMessage() {}
func (x *ListAccountsRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListAccountsRequest.ProtoReflect.Descriptor instead.
func (*ListAccountsRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{0}
}
// ListAccountsResponse returns all accounts. Credential fields are absent.
type ListAccountsResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Accounts []*Account `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListAccountsResponse) Reset() {
*x = ListAccountsResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListAccountsResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListAccountsResponse) ProtoMessage() {}
func (x *ListAccountsResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListAccountsResponse.ProtoReflect.Descriptor instead.
func (*ListAccountsResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{1}
}
func (x *ListAccountsResponse) GetAccounts() []*Account {
if x != nil {
return x.Accounts
}
return nil
}
// CreateAccountRequest specifies a new account to create.
type CreateAccountRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` // required for human accounts; security: never logged
AccountType string `protobuf:"bytes,3,opt,name=account_type,json=accountType,proto3" json:"account_type,omitempty"` // "human" or "system"
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateAccountRequest) Reset() {
*x = CreateAccountRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateAccountRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateAccountRequest) ProtoMessage() {}
func (x *CreateAccountRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateAccountRequest.ProtoReflect.Descriptor instead.
func (*CreateAccountRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{2}
}
func (x *CreateAccountRequest) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *CreateAccountRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
func (x *CreateAccountRequest) GetAccountType() string {
if x != nil {
return x.AccountType
}
return ""
}
// CreateAccountResponse returns the created account record.
type CreateAccountResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Account *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *CreateAccountResponse) Reset() {
*x = CreateAccountResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *CreateAccountResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*CreateAccountResponse) ProtoMessage() {}
func (x *CreateAccountResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use CreateAccountResponse.ProtoReflect.Descriptor instead.
func (*CreateAccountResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{3}
}
func (x *CreateAccountResponse) GetAccount() *Account {
if x != nil {
return x.Account
}
return nil
}
// GetAccountRequest identifies an account by UUID.
type GetAccountRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetAccountRequest) Reset() {
*x = GetAccountRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetAccountRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetAccountRequest) ProtoMessage() {}
func (x *GetAccountRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetAccountRequest.ProtoReflect.Descriptor instead.
func (*GetAccountRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{4}
}
func (x *GetAccountRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// GetAccountResponse returns the account record.
type GetAccountResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Account *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetAccountResponse) Reset() {
*x = GetAccountResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetAccountResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetAccountResponse) ProtoMessage() {}
func (x *GetAccountResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetAccountResponse.ProtoReflect.Descriptor instead.
func (*GetAccountResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{5}
}
func (x *GetAccountResponse) GetAccount() *Account {
if x != nil {
return x.Account
}
return nil
}
// UpdateAccountRequest updates mutable fields. Only non-empty fields are applied.
type UpdateAccountRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
Status string `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` // "active" or "inactive" (omit to leave unchanged)
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateAccountRequest) Reset() {
*x = UpdateAccountRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateAccountRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateAccountRequest) ProtoMessage() {}
func (x *UpdateAccountRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateAccountRequest.ProtoReflect.Descriptor instead.
func (*UpdateAccountRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{6}
}
func (x *UpdateAccountRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *UpdateAccountRequest) GetStatus() string {
if x != nil {
return x.Status
}
return ""
}
// UpdateAccountResponse confirms the update.
type UpdateAccountResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *UpdateAccountResponse) Reset() {
*x = UpdateAccountResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *UpdateAccountResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UpdateAccountResponse) ProtoMessage() {}
func (x *UpdateAccountResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UpdateAccountResponse.ProtoReflect.Descriptor instead.
func (*UpdateAccountResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{7}
}
// DeleteAccountRequest soft-deletes an account and revokes its tokens.
type DeleteAccountRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteAccountRequest) Reset() {
*x = DeleteAccountRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteAccountRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteAccountRequest) ProtoMessage() {}
func (x *DeleteAccountRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteAccountRequest.ProtoReflect.Descriptor instead.
func (*DeleteAccountRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{8}
}
func (x *DeleteAccountRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// DeleteAccountResponse confirms deletion.
type DeleteAccountResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *DeleteAccountResponse) Reset() {
*x = DeleteAccountResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *DeleteAccountResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*DeleteAccountResponse) ProtoMessage() {}
func (x *DeleteAccountResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[9]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use DeleteAccountResponse.ProtoReflect.Descriptor instead.
func (*DeleteAccountResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{9}
}
// GetRolesRequest identifies an account by UUID.
type GetRolesRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetRolesRequest) Reset() {
*x = GetRolesRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetRolesRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetRolesRequest) ProtoMessage() {}
func (x *GetRolesRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[10]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetRolesRequest.ProtoReflect.Descriptor instead.
func (*GetRolesRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{10}
}
func (x *GetRolesRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// GetRolesResponse lists the current roles.
type GetRolesResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Roles []string `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetRolesResponse) Reset() {
*x = GetRolesResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetRolesResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetRolesResponse) ProtoMessage() {}
func (x *GetRolesResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[11]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetRolesResponse.ProtoReflect.Descriptor instead.
func (*GetRolesResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{11}
}
func (x *GetRolesResponse) GetRoles() []string {
if x != nil {
return x.Roles
}
return nil
}
// SetRolesRequest replaces the role set for an account.
type SetRolesRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
Roles []string `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *SetRolesRequest) Reset() {
*x = SetRolesRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SetRolesRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SetRolesRequest) ProtoMessage() {}
func (x *SetRolesRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[12]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SetRolesRequest.ProtoReflect.Descriptor instead.
func (*SetRolesRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{12}
}
func (x *SetRolesRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *SetRolesRequest) GetRoles() []string {
if x != nil {
return x.Roles
}
return nil
}
// SetRolesResponse confirms the update.
type SetRolesResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *SetRolesResponse) Reset() {
*x = SetRolesResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SetRolesResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SetRolesResponse) ProtoMessage() {}
func (x *SetRolesResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[13]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SetRolesResponse.ProtoReflect.Descriptor instead.
func (*SetRolesResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{13}
}
// GetPGCredsRequest identifies an account by UUID.
type GetPGCredsRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetPGCredsRequest) Reset() {
*x = GetPGCredsRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetPGCredsRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetPGCredsRequest) ProtoMessage() {}
func (x *GetPGCredsRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[14]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetPGCredsRequest.ProtoReflect.Descriptor instead.
func (*GetPGCredsRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{14}
}
func (x *GetPGCredsRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
// GetPGCredsResponse returns decrypted Postgres credentials.
// Security: password is present only in this response; never in list output.
type GetPGCredsResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Creds *PGCreds `protobuf:"bytes,1,opt,name=creds,proto3" json:"creds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetPGCredsResponse) Reset() {
*x = GetPGCredsResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetPGCredsResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetPGCredsResponse) ProtoMessage() {}
func (x *GetPGCredsResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[15]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetPGCredsResponse.ProtoReflect.Descriptor instead.
func (*GetPGCredsResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{15}
}
func (x *GetPGCredsResponse) GetCreds() *PGCreds {
if x != nil {
return x.Creds
}
return nil
}
// SetPGCredsRequest stores Postgres credentials for an account.
type SetPGCredsRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
Creds *PGCreds `protobuf:"bytes,2,opt,name=creds,proto3" json:"creds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *SetPGCredsRequest) Reset() {
*x = SetPGCredsRequest{}
mi := &file_mcias_v1_account_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SetPGCredsRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SetPGCredsRequest) ProtoMessage() {}
func (x *SetPGCredsRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SetPGCredsRequest.ProtoReflect.Descriptor instead.
func (*SetPGCredsRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{16}
}
func (x *SetPGCredsRequest) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *SetPGCredsRequest) GetCreds() *PGCreds {
if x != nil {
return x.Creds
}
return nil
}
// SetPGCredsResponse confirms the update.
type SetPGCredsResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *SetPGCredsResponse) Reset() {
*x = SetPGCredsResponse{}
mi := &file_mcias_v1_account_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SetPGCredsResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SetPGCredsResponse) ProtoMessage() {}
func (x *SetPGCredsResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_account_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SetPGCredsResponse.ProtoReflect.Descriptor instead.
func (*SetPGCredsResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_account_proto_rawDescGZIP(), []int{17}
}
var File_mcias_v1_account_proto protoreflect.FileDescriptor
const file_mcias_v1_account_proto_rawDesc = "" +
"\n" +
"\x16mcias/v1/account.proto\x12\bmcias.v1\x1a\x15mcias/v1/common.proto\"\x15\n" +
"\x13ListAccountsRequest\"E\n" +
"\x14ListAccountsResponse\x12-\n" +
"\baccounts\x18\x01 \x03(\v2\x11.mcias.v1.AccountR\baccounts\"q\n" +
"\x14CreateAccountRequest\x12\x1a\n" +
"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
"\bpassword\x18\x02 \x01(\tR\bpassword\x12!\n" +
"\faccount_type\x18\x03 \x01(\tR\vaccountType\"D\n" +
"\x15CreateAccountResponse\x12+\n" +
"\aaccount\x18\x01 \x01(\v2\x11.mcias.v1.AccountR\aaccount\"#\n" +
"\x11GetAccountRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\"A\n" +
"\x12GetAccountResponse\x12+\n" +
"\aaccount\x18\x01 \x01(\v2\x11.mcias.v1.AccountR\aaccount\">\n" +
"\x14UpdateAccountRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\x12\x16\n" +
"\x06status\x18\x02 \x01(\tR\x06status\"\x17\n" +
"\x15UpdateAccountResponse\"&\n" +
"\x14DeleteAccountRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\"\x17\n" +
"\x15DeleteAccountResponse\"!\n" +
"\x0fGetRolesRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\"(\n" +
"\x10GetRolesResponse\x12\x14\n" +
"\x05roles\x18\x01 \x03(\tR\x05roles\"7\n" +
"\x0fSetRolesRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\x12\x14\n" +
"\x05roles\x18\x02 \x03(\tR\x05roles\"\x12\n" +
"\x10SetRolesResponse\"#\n" +
"\x11GetPGCredsRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\"=\n" +
"\x12GetPGCredsResponse\x12'\n" +
"\x05creds\x18\x01 \x01(\v2\x11.mcias.v1.PGCredsR\x05creds\"L\n" +
"\x11SetPGCredsRequest\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\x12'\n" +
"\x05creds\x18\x02 \x01(\v2\x11.mcias.v1.PGCredsR\x05creds\"\x14\n" +
"\x12SetPGCredsResponse2\xa4\x04\n" +
"\x0eAccountService\x12M\n" +
"\fListAccounts\x12\x1d.mcias.v1.ListAccountsRequest\x1a\x1e.mcias.v1.ListAccountsResponse\x12P\n" +
"\rCreateAccount\x12\x1e.mcias.v1.CreateAccountRequest\x1a\x1f.mcias.v1.CreateAccountResponse\x12G\n" +
"\n" +
"GetAccount\x12\x1b.mcias.v1.GetAccountRequest\x1a\x1c.mcias.v1.GetAccountResponse\x12P\n" +
"\rUpdateAccount\x12\x1e.mcias.v1.UpdateAccountRequest\x1a\x1f.mcias.v1.UpdateAccountResponse\x12P\n" +
"\rDeleteAccount\x12\x1e.mcias.v1.DeleteAccountRequest\x1a\x1f.mcias.v1.DeleteAccountResponse\x12A\n" +
"\bGetRoles\x12\x19.mcias.v1.GetRolesRequest\x1a\x1a.mcias.v1.GetRolesResponse\x12A\n" +
"\bSetRoles\x12\x19.mcias.v1.SetRolesRequest\x1a\x1a.mcias.v1.SetRolesResponse2\xa5\x01\n" +
"\x11CredentialService\x12G\n" +
"\n" +
"GetPGCreds\x12\x1b.mcias.v1.GetPGCredsRequest\x1a\x1c.mcias.v1.GetPGCredsResponse\x12G\n" +
"\n" +
"SetPGCreds\x12\x1b.mcias.v1.SetPGCredsRequest\x1a\x1c.mcias.v1.SetPGCredsResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_account_proto_rawDescOnce sync.Once
file_mcias_v1_account_proto_rawDescData []byte
)
func file_mcias_v1_account_proto_rawDescGZIP() []byte {
file_mcias_v1_account_proto_rawDescOnce.Do(func() {
file_mcias_v1_account_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_account_proto_rawDesc), len(file_mcias_v1_account_proto_rawDesc)))
})
return file_mcias_v1_account_proto_rawDescData
}
var file_mcias_v1_account_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
var file_mcias_v1_account_proto_goTypes = []any{
(*ListAccountsRequest)(nil), // 0: mcias.v1.ListAccountsRequest
(*ListAccountsResponse)(nil), // 1: mcias.v1.ListAccountsResponse
(*CreateAccountRequest)(nil), // 2: mcias.v1.CreateAccountRequest
(*CreateAccountResponse)(nil), // 3: mcias.v1.CreateAccountResponse
(*GetAccountRequest)(nil), // 4: mcias.v1.GetAccountRequest
(*GetAccountResponse)(nil), // 5: mcias.v1.GetAccountResponse
(*UpdateAccountRequest)(nil), // 6: mcias.v1.UpdateAccountRequest
(*UpdateAccountResponse)(nil), // 7: mcias.v1.UpdateAccountResponse
(*DeleteAccountRequest)(nil), // 8: mcias.v1.DeleteAccountRequest
(*DeleteAccountResponse)(nil), // 9: mcias.v1.DeleteAccountResponse
(*GetRolesRequest)(nil), // 10: mcias.v1.GetRolesRequest
(*GetRolesResponse)(nil), // 11: mcias.v1.GetRolesResponse
(*SetRolesRequest)(nil), // 12: mcias.v1.SetRolesRequest
(*SetRolesResponse)(nil), // 13: mcias.v1.SetRolesResponse
(*GetPGCredsRequest)(nil), // 14: mcias.v1.GetPGCredsRequest
(*GetPGCredsResponse)(nil), // 15: mcias.v1.GetPGCredsResponse
(*SetPGCredsRequest)(nil), // 16: mcias.v1.SetPGCredsRequest
(*SetPGCredsResponse)(nil), // 17: mcias.v1.SetPGCredsResponse
(*Account)(nil), // 18: mcias.v1.Account
(*PGCreds)(nil), // 19: mcias.v1.PGCreds
}
var file_mcias_v1_account_proto_depIdxs = []int32{
18, // 0: mcias.v1.ListAccountsResponse.accounts:type_name -> mcias.v1.Account
18, // 1: mcias.v1.CreateAccountResponse.account:type_name -> mcias.v1.Account
18, // 2: mcias.v1.GetAccountResponse.account:type_name -> mcias.v1.Account
19, // 3: mcias.v1.GetPGCredsResponse.creds:type_name -> mcias.v1.PGCreds
19, // 4: mcias.v1.SetPGCredsRequest.creds:type_name -> mcias.v1.PGCreds
0, // 5: mcias.v1.AccountService.ListAccounts:input_type -> mcias.v1.ListAccountsRequest
2, // 6: mcias.v1.AccountService.CreateAccount:input_type -> mcias.v1.CreateAccountRequest
4, // 7: mcias.v1.AccountService.GetAccount:input_type -> mcias.v1.GetAccountRequest
6, // 8: mcias.v1.AccountService.UpdateAccount:input_type -> mcias.v1.UpdateAccountRequest
8, // 9: mcias.v1.AccountService.DeleteAccount:input_type -> mcias.v1.DeleteAccountRequest
10, // 10: mcias.v1.AccountService.GetRoles:input_type -> mcias.v1.GetRolesRequest
12, // 11: mcias.v1.AccountService.SetRoles:input_type -> mcias.v1.SetRolesRequest
14, // 12: mcias.v1.CredentialService.GetPGCreds:input_type -> mcias.v1.GetPGCredsRequest
16, // 13: mcias.v1.CredentialService.SetPGCreds:input_type -> mcias.v1.SetPGCredsRequest
1, // 14: mcias.v1.AccountService.ListAccounts:output_type -> mcias.v1.ListAccountsResponse
3, // 15: mcias.v1.AccountService.CreateAccount:output_type -> mcias.v1.CreateAccountResponse
5, // 16: mcias.v1.AccountService.GetAccount:output_type -> mcias.v1.GetAccountResponse
7, // 17: mcias.v1.AccountService.UpdateAccount:output_type -> mcias.v1.UpdateAccountResponse
9, // 18: mcias.v1.AccountService.DeleteAccount:output_type -> mcias.v1.DeleteAccountResponse
11, // 19: mcias.v1.AccountService.GetRoles:output_type -> mcias.v1.GetRolesResponse
13, // 20: mcias.v1.AccountService.SetRoles:output_type -> mcias.v1.SetRolesResponse
15, // 21: mcias.v1.CredentialService.GetPGCreds:output_type -> mcias.v1.GetPGCredsResponse
17, // 22: mcias.v1.CredentialService.SetPGCreds:output_type -> mcias.v1.SetPGCredsResponse
14, // [14:23] is the sub-list for method output_type
5, // [5:14] is the sub-list for method input_type
5, // [5:5] is the sub-list for extension type_name
5, // [5:5] is the sub-list for extension extendee
0, // [0:5] is the sub-list for field type_name
}
func init() { file_mcias_v1_account_proto_init() }
func file_mcias_v1_account_proto_init() {
if File_mcias_v1_account_proto != nil {
return
}
file_mcias_v1_common_proto_init()
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_account_proto_rawDesc), len(file_mcias_v1_account_proto_rawDesc)),
NumEnums: 0,
NumMessages: 18,
NumExtensions: 0,
NumServices: 2,
},
GoTypes: file_mcias_v1_account_proto_goTypes,
DependencyIndexes: file_mcias_v1_account_proto_depIdxs,
MessageInfos: file_mcias_v1_account_proto_msgTypes,
}.Build()
File_mcias_v1_account_proto = out.File
file_mcias_v1_account_proto_goTypes = nil
file_mcias_v1_account_proto_depIdxs = nil
}

502
gen/mcias/v1/account_grpc.pb.go Normal file
View File

@@ -0,0 +1,502 @@
// AccountService: account and role CRUD. All RPCs require admin role.
// CredentialService: Postgres credential management.
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v6.33.4
// source: mcias/v1/account.proto
package mciasv1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
AccountService_ListAccounts_FullMethodName = "/mcias.v1.AccountService/ListAccounts"
AccountService_CreateAccount_FullMethodName = "/mcias.v1.AccountService/CreateAccount"
AccountService_GetAccount_FullMethodName = "/mcias.v1.AccountService/GetAccount"
AccountService_UpdateAccount_FullMethodName = "/mcias.v1.AccountService/UpdateAccount"
AccountService_DeleteAccount_FullMethodName = "/mcias.v1.AccountService/DeleteAccount"
AccountService_GetRoles_FullMethodName = "/mcias.v1.AccountService/GetRoles"
AccountService_SetRoles_FullMethodName = "/mcias.v1.AccountService/SetRoles"
)
// AccountServiceClient is the client API for AccountService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// AccountService manages accounts and roles. All RPCs require admin role.
type AccountServiceClient interface {
ListAccounts(ctx context.Context, in *ListAccountsRequest, opts ...grpc.CallOption) (*ListAccountsResponse, error)
CreateAccount(ctx context.Context, in *CreateAccountRequest, opts ...grpc.CallOption) (*CreateAccountResponse, error)
GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error)
UpdateAccount(ctx context.Context, in *UpdateAccountRequest, opts ...grpc.CallOption) (*UpdateAccountResponse, error)
DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...grpc.CallOption) (*DeleteAccountResponse, error)
GetRoles(ctx context.Context, in *GetRolesRequest, opts ...grpc.CallOption) (*GetRolesResponse, error)
SetRoles(ctx context.Context, in *SetRolesRequest, opts ...grpc.CallOption) (*SetRolesResponse, error)
}
type accountServiceClient struct {
cc grpc.ClientConnInterface
}
func NewAccountServiceClient(cc grpc.ClientConnInterface) AccountServiceClient {
return &accountServiceClient{cc}
}
func (c *accountServiceClient) ListAccounts(ctx context.Context, in *ListAccountsRequest, opts ...grpc.CallOption) (*ListAccountsResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListAccountsResponse)
err := c.cc.Invoke(ctx, AccountService_ListAccounts_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) CreateAccount(ctx context.Context, in *CreateAccountRequest, opts ...grpc.CallOption) (*CreateAccountResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CreateAccountResponse)
err := c.cc.Invoke(ctx, AccountService_CreateAccount_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(GetAccountResponse)
err := c.cc.Invoke(ctx, AccountService_GetAccount_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) UpdateAccount(ctx context.Context, in *UpdateAccountRequest, opts ...grpc.CallOption) (*UpdateAccountResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(UpdateAccountResponse)
err := c.cc.Invoke(ctx, AccountService_UpdateAccount_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...grpc.CallOption) (*DeleteAccountResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(DeleteAccountResponse)
err := c.cc.Invoke(ctx, AccountService_DeleteAccount_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) GetRoles(ctx context.Context, in *GetRolesRequest, opts ...grpc.CallOption) (*GetRolesResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(GetRolesResponse)
err := c.cc.Invoke(ctx, AccountService_GetRoles_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountServiceClient) SetRoles(ctx context.Context, in *SetRolesRequest, opts ...grpc.CallOption) (*SetRolesResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(SetRolesResponse)
err := c.cc.Invoke(ctx, AccountService_SetRoles_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// AccountServiceServer is the server API for AccountService service.
// All implementations must embed UnimplementedAccountServiceServer
// for forward compatibility.
//
// AccountService manages accounts and roles. All RPCs require admin role.
type AccountServiceServer interface {
ListAccounts(context.Context, *ListAccountsRequest) (*ListAccountsResponse, error)
CreateAccount(context.Context, *CreateAccountRequest) (*CreateAccountResponse, error)
GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error)
UpdateAccount(context.Context, *UpdateAccountRequest) (*UpdateAccountResponse, error)
DeleteAccount(context.Context, *DeleteAccountRequest) (*DeleteAccountResponse, error)
GetRoles(context.Context, *GetRolesRequest) (*GetRolesResponse, error)
SetRoles(context.Context, *SetRolesRequest) (*SetRolesResponse, error)
mustEmbedUnimplementedAccountServiceServer()
}
// UnimplementedAccountServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedAccountServiceServer struct{}
func (UnimplementedAccountServiceServer) ListAccounts(context.Context, *ListAccountsRequest) (*ListAccountsResponse, error) {
return nil, status.Error(codes.Unimplemented, "method ListAccounts not implemented")
}
func (UnimplementedAccountServiceServer) CreateAccount(context.Context, *CreateAccountRequest) (*CreateAccountResponse, error) {
return nil, status.Error(codes.Unimplemented, "method CreateAccount not implemented")
}
func (UnimplementedAccountServiceServer) GetAccount(context.Context, *GetAccountRequest) (*GetAccountResponse, error) {
return nil, status.Error(codes.Unimplemented, "method GetAccount not implemented")
}
func (UnimplementedAccountServiceServer) UpdateAccount(context.Context, *UpdateAccountRequest) (*UpdateAccountResponse, error) {
return nil, status.Error(codes.Unimplemented, "method UpdateAccount not implemented")
}
func (UnimplementedAccountServiceServer) DeleteAccount(context.Context, *DeleteAccountRequest) (*DeleteAccountResponse, error) {
return nil, status.Error(codes.Unimplemented, "method DeleteAccount not implemented")
}
func (UnimplementedAccountServiceServer) GetRoles(context.Context, *GetRolesRequest) (*GetRolesResponse, error) {
return nil, status.Error(codes.Unimplemented, "method GetRoles not implemented")
}
func (UnimplementedAccountServiceServer) SetRoles(context.Context, *SetRolesRequest) (*SetRolesResponse, error) {
return nil, status.Error(codes.Unimplemented, "method SetRoles not implemented")
}
func (UnimplementedAccountServiceServer) mustEmbedUnimplementedAccountServiceServer() {}
func (UnimplementedAccountServiceServer) testEmbeddedByValue() {}
// UnsafeAccountServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to AccountServiceServer will
// result in compilation errors.
type UnsafeAccountServiceServer interface {
mustEmbedUnimplementedAccountServiceServer()
}
func RegisterAccountServiceServer(s grpc.ServiceRegistrar, srv AccountServiceServer) {
// If the following call panics, it indicates UnimplementedAccountServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&AccountService_ServiceDesc, srv)
}
func _AccountService_ListAccounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ListAccountsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).ListAccounts(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_ListAccounts_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).ListAccounts(ctx, req.(*ListAccountsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_CreateAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CreateAccountRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).CreateAccount(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_CreateAccount_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).CreateAccount(ctx, req.(*CreateAccountRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_GetAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetAccountRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).GetAccount(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_GetAccount_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).GetAccount(ctx, req.(*GetAccountRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_UpdateAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(UpdateAccountRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).UpdateAccount(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_UpdateAccount_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).UpdateAccount(ctx, req.(*UpdateAccountRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_DeleteAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DeleteAccountRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).DeleteAccount(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_DeleteAccount_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).DeleteAccount(ctx, req.(*DeleteAccountRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_GetRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetRolesRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).GetRoles(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_GetRoles_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).GetRoles(ctx, req.(*GetRolesRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AccountService_SetRoles_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SetRolesRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AccountServiceServer).SetRoles(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AccountService_SetRoles_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AccountServiceServer).SetRoles(ctx, req.(*SetRolesRequest))
}
return interceptor(ctx, in, info, handler)
}
// AccountService_ServiceDesc is the grpc.ServiceDesc for AccountService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var AccountService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "mcias.v1.AccountService",
HandlerType: (*AccountServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ListAccounts",
Handler: _AccountService_ListAccounts_Handler,
},
{
MethodName: "CreateAccount",
Handler: _AccountService_CreateAccount_Handler,
},
{
MethodName: "GetAccount",
Handler: _AccountService_GetAccount_Handler,
},
{
MethodName: "UpdateAccount",
Handler: _AccountService_UpdateAccount_Handler,
},
{
MethodName: "DeleteAccount",
Handler: _AccountService_DeleteAccount_Handler,
},
{
MethodName: "GetRoles",
Handler: _AccountService_GetRoles_Handler,
},
{
MethodName: "SetRoles",
Handler: _AccountService_SetRoles_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "mcias/v1/account.proto",
}
const (
CredentialService_GetPGCreds_FullMethodName = "/mcias.v1.CredentialService/GetPGCreds"
CredentialService_SetPGCreds_FullMethodName = "/mcias.v1.CredentialService/SetPGCreds"
)
// CredentialServiceClient is the client API for CredentialService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// CredentialService manages Postgres credentials for system accounts.
// All RPCs require admin role.
type CredentialServiceClient interface {
GetPGCreds(ctx context.Context, in *GetPGCredsRequest, opts ...grpc.CallOption) (*GetPGCredsResponse, error)
SetPGCreds(ctx context.Context, in *SetPGCredsRequest, opts ...grpc.CallOption) (*SetPGCredsResponse, error)
}
type credentialServiceClient struct {
cc grpc.ClientConnInterface
}
func NewCredentialServiceClient(cc grpc.ClientConnInterface) CredentialServiceClient {
return &credentialServiceClient{cc}
}
func (c *credentialServiceClient) GetPGCreds(ctx context.Context, in *GetPGCredsRequest, opts ...grpc.CallOption) (*GetPGCredsResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(GetPGCredsResponse)
err := c.cc.Invoke(ctx, CredentialService_GetPGCreds_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *credentialServiceClient) SetPGCreds(ctx context.Context, in *SetPGCredsRequest, opts ...grpc.CallOption) (*SetPGCredsResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(SetPGCredsResponse)
err := c.cc.Invoke(ctx, CredentialService_SetPGCreds_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// CredentialServiceServer is the server API for CredentialService service.
// All implementations must embed UnimplementedCredentialServiceServer
// for forward compatibility.
//
// CredentialService manages Postgres credentials for system accounts.
// All RPCs require admin role.
type CredentialServiceServer interface {
GetPGCreds(context.Context, *GetPGCredsRequest) (*GetPGCredsResponse, error)
SetPGCreds(context.Context, *SetPGCredsRequest) (*SetPGCredsResponse, error)
mustEmbedUnimplementedCredentialServiceServer()
}
// UnimplementedCredentialServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedCredentialServiceServer struct{}
func (UnimplementedCredentialServiceServer) GetPGCreds(context.Context, *GetPGCredsRequest) (*GetPGCredsResponse, error) {
return nil, status.Error(codes.Unimplemented, "method GetPGCreds not implemented")
}
func (UnimplementedCredentialServiceServer) SetPGCreds(context.Context, *SetPGCredsRequest) (*SetPGCredsResponse, error) {
return nil, status.Error(codes.Unimplemented, "method SetPGCreds not implemented")
}
func (UnimplementedCredentialServiceServer) mustEmbedUnimplementedCredentialServiceServer() {}
func (UnimplementedCredentialServiceServer) testEmbeddedByValue() {}
// UnsafeCredentialServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to CredentialServiceServer will
// result in compilation errors.
type UnsafeCredentialServiceServer interface {
mustEmbedUnimplementedCredentialServiceServer()
}
func RegisterCredentialServiceServer(s grpc.ServiceRegistrar, srv CredentialServiceServer) {
// If the following call panics, it indicates UnimplementedCredentialServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&CredentialService_ServiceDesc, srv)
}
func _CredentialService_GetPGCreds_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetPGCredsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(CredentialServiceServer).GetPGCreds(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: CredentialService_GetPGCreds_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(CredentialServiceServer).GetPGCreds(ctx, req.(*GetPGCredsRequest))
}
return interceptor(ctx, in, info, handler)
}
func _CredentialService_SetPGCreds_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SetPGCredsRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(CredentialServiceServer).SetPGCreds(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: CredentialService_SetPGCreds_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(CredentialServiceServer).SetPGCreds(ctx, req.(*SetPGCredsRequest))
}
return interceptor(ctx, in, info, handler)
}
// CredentialService_ServiceDesc is the grpc.ServiceDesc for CredentialService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var CredentialService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "mcias.v1.CredentialService",
HandlerType: (*CredentialServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "GetPGCreds",
Handler: _CredentialService_GetPGCreds_Handler,
},
{
MethodName: "SetPGCreds",
Handler: _CredentialService_SetPGCreds_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "mcias/v1/account.proto",
}

296
gen/mcias/v1/admin.pb.go Normal file
View File

@@ -0,0 +1,296 @@
// AdminService: health check and public-key retrieval.
// These RPCs are public — no authentication is required.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v6.33.4
// source: mcias/v1/admin.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// HealthRequest carries no parameters.
type HealthRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *HealthRequest) Reset() {
*x = HealthRequest{}
mi := &file_mcias_v1_admin_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *HealthRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*HealthRequest) ProtoMessage() {}
func (x *HealthRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_admin_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use HealthRequest.ProtoReflect.Descriptor instead.
func (*HealthRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_admin_proto_rawDescGZIP(), []int{0}
}
// HealthResponse confirms the server is operational.
type HealthResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Status string `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` // "ok"
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *HealthResponse) Reset() {
*x = HealthResponse{}
mi := &file_mcias_v1_admin_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *HealthResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*HealthResponse) ProtoMessage() {}
func (x *HealthResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_admin_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use HealthResponse.ProtoReflect.Descriptor instead.
func (*HealthResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_admin_proto_rawDescGZIP(), []int{1}
}
func (x *HealthResponse) GetStatus() string {
if x != nil {
return x.Status
}
return ""
}
// GetPublicKeyRequest carries no parameters.
type GetPublicKeyRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetPublicKeyRequest) Reset() {
*x = GetPublicKeyRequest{}
mi := &file_mcias_v1_admin_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetPublicKeyRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetPublicKeyRequest) ProtoMessage() {}
func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_admin_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.
func (*GetPublicKeyRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_admin_proto_rawDescGZIP(), []int{2}
}
// GetPublicKeyResponse returns the Ed25519 public key in JWK format fields.
// The "x" field is the base64url-encoded 32-byte public key.
type GetPublicKeyResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Kty string `protobuf:"bytes,1,opt,name=kty,proto3" json:"kty,omitempty"` // "OKP"
Crv string `protobuf:"bytes,2,opt,name=crv,proto3" json:"crv,omitempty"` // "Ed25519"
Use string `protobuf:"bytes,3,opt,name=use,proto3" json:"use,omitempty"` // "sig"
Alg string `protobuf:"bytes,4,opt,name=alg,proto3" json:"alg,omitempty"` // "EdDSA"
X string `protobuf:"bytes,5,opt,name=x,proto3" json:"x,omitempty"` // base64url-encoded public key bytes
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *GetPublicKeyResponse) Reset() {
*x = GetPublicKeyResponse{}
mi := &file_mcias_v1_admin_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *GetPublicKeyResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*GetPublicKeyResponse) ProtoMessage() {}
func (x *GetPublicKeyResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_admin_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use GetPublicKeyResponse.ProtoReflect.Descriptor instead.
func (*GetPublicKeyResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_admin_proto_rawDescGZIP(), []int{3}
}
func (x *GetPublicKeyResponse) GetKty() string {
if x != nil {
return x.Kty
}
return ""
}
func (x *GetPublicKeyResponse) GetCrv() string {
if x != nil {
return x.Crv
}
return ""
}
func (x *GetPublicKeyResponse) GetUse() string {
if x != nil {
return x.Use
}
return ""
}
func (x *GetPublicKeyResponse) GetAlg() string {
if x != nil {
return x.Alg
}
return ""
}
func (x *GetPublicKeyResponse) GetX() string {
if x != nil {
return x.X
}
return ""
}
var File_mcias_v1_admin_proto protoreflect.FileDescriptor
const file_mcias_v1_admin_proto_rawDesc = "" +
"\n" +
"\x14mcias/v1/admin.proto\x12\bmcias.v1\"\x0f\n" +
"\rHealthRequest\"(\n" +
"\x0eHealthResponse\x12\x16\n" +
"\x06status\x18\x01 \x01(\tR\x06status\"\x15\n" +
"\x13GetPublicKeyRequest\"l\n" +
"\x14GetPublicKeyResponse\x12\x10\n" +
"\x03kty\x18\x01 \x01(\tR\x03kty\x12\x10\n" +
"\x03crv\x18\x02 \x01(\tR\x03crv\x12\x10\n" +
"\x03use\x18\x03 \x01(\tR\x03use\x12\x10\n" +
"\x03alg\x18\x04 \x01(\tR\x03alg\x12\f\n" +
"\x01x\x18\x05 \x01(\tR\x01x2\x9a\x01\n" +
"\fAdminService\x12;\n" +
"\x06Health\x12\x17.mcias.v1.HealthRequest\x1a\x18.mcias.v1.HealthResponse\x12M\n" +
"\fGetPublicKey\x12\x1d.mcias.v1.GetPublicKeyRequest\x1a\x1e.mcias.v1.GetPublicKeyResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_admin_proto_rawDescOnce sync.Once
file_mcias_v1_admin_proto_rawDescData []byte
)
func file_mcias_v1_admin_proto_rawDescGZIP() []byte {
file_mcias_v1_admin_proto_rawDescOnce.Do(func() {
file_mcias_v1_admin_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_admin_proto_rawDesc), len(file_mcias_v1_admin_proto_rawDesc)))
})
return file_mcias_v1_admin_proto_rawDescData
}
var file_mcias_v1_admin_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
var file_mcias_v1_admin_proto_goTypes = []any{
(*HealthRequest)(nil), // 0: mcias.v1.HealthRequest
(*HealthResponse)(nil), // 1: mcias.v1.HealthResponse
(*GetPublicKeyRequest)(nil), // 2: mcias.v1.GetPublicKeyRequest
(*GetPublicKeyResponse)(nil), // 3: mcias.v1.GetPublicKeyResponse
}
var file_mcias_v1_admin_proto_depIdxs = []int32{
0, // 0: mcias.v1.AdminService.Health:input_type -> mcias.v1.HealthRequest
2, // 1: mcias.v1.AdminService.GetPublicKey:input_type -> mcias.v1.GetPublicKeyRequest
1, // 2: mcias.v1.AdminService.Health:output_type -> mcias.v1.HealthResponse
3, // 3: mcias.v1.AdminService.GetPublicKey:output_type -> mcias.v1.GetPublicKeyResponse
2, // [2:4] is the sub-list for method output_type
0, // [0:2] is the sub-list for method input_type
0, // [0:0] is the sub-list for extension type_name
0, // [0:0] is the sub-list for extension extendee
0, // [0:0] is the sub-list for field type_name
}
func init() { file_mcias_v1_admin_proto_init() }
func file_mcias_v1_admin_proto_init() {
if File_mcias_v1_admin_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_admin_proto_rawDesc), len(file_mcias_v1_admin_proto_rawDesc)),
NumEnums: 0,
NumMessages: 4,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_mcias_v1_admin_proto_goTypes,
DependencyIndexes: file_mcias_v1_admin_proto_depIdxs,
MessageInfos: file_mcias_v1_admin_proto_msgTypes,
}.Build()
File_mcias_v1_admin_proto = out.File
file_mcias_v1_admin_proto_goTypes = nil
file_mcias_v1_admin_proto_depIdxs = nil
}

172
gen/mcias/v1/admin_grpc.pb.go Normal file
View File

@@ -0,0 +1,172 @@
// AdminService: health check and public-key retrieval.
// These RPCs are public — no authentication is required.
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v6.33.4
// source: mcias/v1/admin.proto
package mciasv1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
AdminService_Health_FullMethodName = "/mcias.v1.AdminService/Health"
AdminService_GetPublicKey_FullMethodName = "/mcias.v1.AdminService/GetPublicKey"
)
// AdminServiceClient is the client API for AdminService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// AdminService exposes health and key-material endpoints.
// All RPCs bypass the auth interceptor.
type AdminServiceClient interface {
// Health returns OK when the server is operational.
Health(ctx context.Context, in *HealthRequest, opts ...grpc.CallOption) (*HealthResponse, error)
// GetPublicKey returns the Ed25519 public key used to verify JWTs.
GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error)
}
type adminServiceClient struct {
cc grpc.ClientConnInterface
}
func NewAdminServiceClient(cc grpc.ClientConnInterface) AdminServiceClient {
return &adminServiceClient{cc}
}
func (c *adminServiceClient) Health(ctx context.Context, in *HealthRequest, opts ...grpc.CallOption) (*HealthResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(HealthResponse)
err := c.cc.Invoke(ctx, AdminService_Health_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *adminServiceClient) GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(GetPublicKeyResponse)
err := c.cc.Invoke(ctx, AdminService_GetPublicKey_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// AdminServiceServer is the server API for AdminService service.
// All implementations must embed UnimplementedAdminServiceServer
// for forward compatibility.
//
// AdminService exposes health and key-material endpoints.
// All RPCs bypass the auth interceptor.
type AdminServiceServer interface {
// Health returns OK when the server is operational.
Health(context.Context, *HealthRequest) (*HealthResponse, error)
// GetPublicKey returns the Ed25519 public key used to verify JWTs.
GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error)
mustEmbedUnimplementedAdminServiceServer()
}
// UnimplementedAdminServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedAdminServiceServer struct{}
func (UnimplementedAdminServiceServer) Health(context.Context, *HealthRequest) (*HealthResponse, error) {
return nil, status.Error(codes.Unimplemented, "method Health not implemented")
}
func (UnimplementedAdminServiceServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error) {
return nil, status.Error(codes.Unimplemented, "method GetPublicKey not implemented")
}
func (UnimplementedAdminServiceServer) mustEmbedUnimplementedAdminServiceServer() {}
func (UnimplementedAdminServiceServer) testEmbeddedByValue() {}
// UnsafeAdminServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to AdminServiceServer will
// result in compilation errors.
type UnsafeAdminServiceServer interface {
mustEmbedUnimplementedAdminServiceServer()
}
func RegisterAdminServiceServer(s grpc.ServiceRegistrar, srv AdminServiceServer) {
// If the following call panics, it indicates UnimplementedAdminServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&AdminService_ServiceDesc, srv)
}
func _AdminService_Health_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(HealthRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AdminServiceServer).Health(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AdminService_Health_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AdminServiceServer).Health(ctx, req.(*HealthRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AdminService_GetPublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetPublicKeyRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AdminServiceServer).GetPublicKey(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AdminService_GetPublicKey_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AdminServiceServer).GetPublicKey(ctx, req.(*GetPublicKeyRequest))
}
return interceptor(ctx, in, info, handler)
}
// AdminService_ServiceDesc is the grpc.ServiceDesc for AdminService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var AdminService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "mcias.v1.AdminService",
HandlerType: (*AdminServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Health",
Handler: _AdminService_Health_Handler,
},
{
MethodName: "GetPublicKey",
Handler: _AdminService_GetPublicKey_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "mcias/v1/admin.proto",
}

677
gen/mcias/v1/auth.pb.go Normal file
View File

@@ -0,0 +1,677 @@
// AuthService: login, logout, token renewal, and TOTP management.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v6.33.4
// source: mcias/v1/auth.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// LoginRequest carries username/password and an optional TOTP code.
// Security: never logged; password and totp_code must not appear in audit logs.
type LoginRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` // security: never logged or stored
TotpCode string `protobuf:"bytes,3,opt,name=totp_code,json=totpCode,proto3" json:"totp_code,omitempty"` // optional; required if TOTP enrolled
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LoginRequest) Reset() {
*x = LoginRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LoginRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LoginRequest) ProtoMessage() {}
func (x *LoginRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LoginRequest.ProtoReflect.Descriptor instead.
func (*LoginRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{0}
}
func (x *LoginRequest) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *LoginRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
func (x *LoginRequest) GetTotpCode() string {
if x != nil {
return x.TotpCode
}
return ""
}
// LoginResponse returns the signed JWT and its expiry time.
// Security: token is a bearer credential; the caller must protect it.
type LoginResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LoginResponse) Reset() {
*x = LoginResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LoginResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LoginResponse) ProtoMessage() {}
func (x *LoginResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LoginResponse.ProtoReflect.Descriptor instead.
func (*LoginResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{1}
}
func (x *LoginResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *LoginResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// LogoutRequest carries no body; the token is extracted from gRPC metadata.
type LogoutRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LogoutRequest) Reset() {
*x = LogoutRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LogoutRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LogoutRequest) ProtoMessage() {}
func (x *LogoutRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LogoutRequest.ProtoReflect.Descriptor instead.
func (*LogoutRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{2}
}
// LogoutResponse confirms the token has been revoked.
type LogoutResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LogoutResponse) Reset() {
*x = LogoutResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LogoutResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LogoutResponse) ProtoMessage() {}
func (x *LogoutResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LogoutResponse.ProtoReflect.Descriptor instead.
func (*LogoutResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{3}
}
// RenewTokenRequest carries no body; the existing token is in metadata.
type RenewTokenRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RenewTokenRequest) Reset() {
*x = RenewTokenRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RenewTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RenewTokenRequest) ProtoMessage() {}
func (x *RenewTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RenewTokenRequest.ProtoReflect.Descriptor instead.
func (*RenewTokenRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{4}
}
// RenewTokenResponse returns a new JWT with a fresh expiry.
type RenewTokenResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RenewTokenResponse) Reset() {
*x = RenewTokenResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RenewTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RenewTokenResponse) ProtoMessage() {}
func (x *RenewTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RenewTokenResponse.ProtoReflect.Descriptor instead.
func (*RenewTokenResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{5}
}
func (x *RenewTokenResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *RenewTokenResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// EnrollTOTPRequest carries no body; the acting account is from the JWT.
type EnrollTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *EnrollTOTPRequest) Reset() {
*x = EnrollTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *EnrollTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EnrollTOTPRequest) ProtoMessage() {}
func (x *EnrollTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EnrollTOTPRequest.ProtoReflect.Descriptor instead.
func (*EnrollTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{6}
}
// EnrollTOTPResponse returns the TOTP secret and otpauth URI for display.
// Security: the secret is shown once; it is stored only in encrypted form.
type EnrollTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` // base32-encoded; display once, then discard
OtpauthUri string `protobuf:"bytes,2,opt,name=otpauth_uri,json=otpauthUri,proto3" json:"otpauth_uri,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *EnrollTOTPResponse) Reset() {
*x = EnrollTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *EnrollTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EnrollTOTPResponse) ProtoMessage() {}
func (x *EnrollTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EnrollTOTPResponse.ProtoReflect.Descriptor instead.
func (*EnrollTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{7}
}
func (x *EnrollTOTPResponse) GetSecret() string {
if x != nil {
return x.Secret
}
return ""
}
func (x *EnrollTOTPResponse) GetOtpauthUri() string {
if x != nil {
return x.OtpauthUri
}
return ""
}
// ConfirmTOTPRequest carries the TOTP code to confirm enrollment.
type ConfirmTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ConfirmTOTPRequest) Reset() {
*x = ConfirmTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ConfirmTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ConfirmTOTPRequest) ProtoMessage() {}
func (x *ConfirmTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ConfirmTOTPRequest.ProtoReflect.Descriptor instead.
func (*ConfirmTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{8}
}
func (x *ConfirmTOTPRequest) GetCode() string {
if x != nil {
return x.Code
}
return ""
}
// ConfirmTOTPResponse confirms TOTP enrollment is complete.
type ConfirmTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ConfirmTOTPResponse) Reset() {
*x = ConfirmTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ConfirmTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ConfirmTOTPResponse) ProtoMessage() {}
func (x *ConfirmTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[9]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ConfirmTOTPResponse.ProtoReflect.Descriptor instead.
func (*ConfirmTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{9}
}
// RemoveTOTPRequest carries the target account ID (admin only).
type RemoveTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID of the account to remove TOTP from
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveTOTPRequest) Reset() {
*x = RemoveTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveTOTPRequest) ProtoMessage() {}
func (x *RemoveTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[10]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveTOTPRequest.ProtoReflect.Descriptor instead.
func (*RemoveTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{10}
}
func (x *RemoveTOTPRequest) GetAccountId() string {
if x != nil {
return x.AccountId
}
return ""
}
// RemoveTOTPResponse confirms removal.
type RemoveTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveTOTPResponse) Reset() {
*x = RemoveTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveTOTPResponse) ProtoMessage() {}
func (x *RemoveTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[11]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveTOTPResponse.ProtoReflect.Descriptor instead.
func (*RemoveTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{11}
}
var File_mcias_v1_auth_proto protoreflect.FileDescriptor
const file_mcias_v1_auth_proto_rawDesc = "" +
"\n" +
"\x13mcias/v1/auth.proto\x12\bmcias.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"c\n" +
"\fLoginRequest\x12\x1a\n" +
"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
"\bpassword\x18\x02 \x01(\tR\bpassword\x12\x1b\n" +
"\ttotp_code\x18\x03 \x01(\tR\btotpCode\"`\n" +
"\rLoginResponse\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\x129\n" +
"\n" +
"expires_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"\x0f\n" +
"\rLogoutRequest\"\x10\n" +
"\x0eLogoutResponse\"\x13\n" +
"\x11RenewTokenRequest\"e\n" +
"\x12RenewTokenResponse\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\x129\n" +
"\n" +
"expires_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"\x13\n" +
"\x11EnrollTOTPRequest\"M\n" +
"\x12EnrollTOTPResponse\x12\x16\n" +
"\x06secret\x18\x01 \x01(\tR\x06secret\x12\x1f\n" +
"\votpauth_uri\x18\x02 \x01(\tR\n" +
"otpauthUri\"(\n" +
"\x12ConfirmTOTPRequest\x12\x12\n" +
"\x04code\x18\x01 \x01(\tR\x04code\"\x15\n" +
"\x13ConfirmTOTPResponse\"2\n" +
"\x11RemoveTOTPRequest\x12\x1d\n" +
"\n" +
"account_id\x18\x01 \x01(\tR\taccountId\"\x14\n" +
"\x12RemoveTOTPResponse2\xab\x03\n" +
"\vAuthService\x128\n" +
"\x05Login\x12\x16.mcias.v1.LoginRequest\x1a\x17.mcias.v1.LoginResponse\x12;\n" +
"\x06Logout\x12\x17.mcias.v1.LogoutRequest\x1a\x18.mcias.v1.LogoutResponse\x12G\n" +
"\n" +
"RenewToken\x12\x1b.mcias.v1.RenewTokenRequest\x1a\x1c.mcias.v1.RenewTokenResponse\x12G\n" +
"\n" +
"EnrollTOTP\x12\x1b.mcias.v1.EnrollTOTPRequest\x1a\x1c.mcias.v1.EnrollTOTPResponse\x12J\n" +
"\vConfirmTOTP\x12\x1c.mcias.v1.ConfirmTOTPRequest\x1a\x1d.mcias.v1.ConfirmTOTPResponse\x12G\n" +
"\n" +
"RemoveTOTP\x12\x1b.mcias.v1.RemoveTOTPRequest\x1a\x1c.mcias.v1.RemoveTOTPResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_auth_proto_rawDescOnce sync.Once
file_mcias_v1_auth_proto_rawDescData []byte
)
func file_mcias_v1_auth_proto_rawDescGZIP() []byte {
file_mcias_v1_auth_proto_rawDescOnce.Do(func() {
file_mcias_v1_auth_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_auth_proto_rawDesc), len(file_mcias_v1_auth_proto_rawDesc)))
})
return file_mcias_v1_auth_proto_rawDescData
}
var file_mcias_v1_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 12)
var file_mcias_v1_auth_proto_goTypes = []any{
(*LoginRequest)(nil), // 0: mcias.v1.LoginRequest
(*LoginResponse)(nil), // 1: mcias.v1.LoginResponse
(*LogoutRequest)(nil), // 2: mcias.v1.LogoutRequest
(*LogoutResponse)(nil), // 3: mcias.v1.LogoutResponse
(*RenewTokenRequest)(nil), // 4: mcias.v1.RenewTokenRequest
(*RenewTokenResponse)(nil), // 5: mcias.v1.RenewTokenResponse
(*EnrollTOTPRequest)(nil), // 6: mcias.v1.EnrollTOTPRequest
(*EnrollTOTPResponse)(nil), // 7: mcias.v1.EnrollTOTPResponse
(*ConfirmTOTPRequest)(nil), // 8: mcias.v1.ConfirmTOTPRequest
(*ConfirmTOTPResponse)(nil), // 9: mcias.v1.ConfirmTOTPResponse
(*RemoveTOTPRequest)(nil), // 10: mcias.v1.RemoveTOTPRequest
(*RemoveTOTPResponse)(nil), // 11: mcias.v1.RemoveTOTPResponse
(*timestamppb.Timestamp)(nil), // 12: google.protobuf.Timestamp
}
var file_mcias_v1_auth_proto_depIdxs = []int32{
12, // 0: mcias.v1.LoginResponse.expires_at:type_name -> google.protobuf.Timestamp
12, // 1: mcias.v1.RenewTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
0, // 2: mcias.v1.AuthService.Login:input_type -> mcias.v1.LoginRequest
2, // 3: mcias.v1.AuthService.Logout:input_type -> mcias.v1.LogoutRequest
4, // 4: mcias.v1.AuthService.RenewToken:input_type -> mcias.v1.RenewTokenRequest
6, // 5: mcias.v1.AuthService.EnrollTOTP:input_type -> mcias.v1.EnrollTOTPRequest
8, // 6: mcias.v1.AuthService.ConfirmTOTP:input_type -> mcias.v1.ConfirmTOTPRequest
10, // 7: mcias.v1.AuthService.RemoveTOTP:input_type -> mcias.v1.RemoveTOTPRequest
1, // 8: mcias.v1.AuthService.Login:output_type -> mcias.v1.LoginResponse
3, // 9: mcias.v1.AuthService.Logout:output_type -> mcias.v1.LogoutResponse
5, // 10: mcias.v1.AuthService.RenewToken:output_type -> mcias.v1.RenewTokenResponse
7, // 11: mcias.v1.AuthService.EnrollTOTP:output_type -> mcias.v1.EnrollTOTPResponse
9, // 12: mcias.v1.AuthService.ConfirmTOTP:output_type -> mcias.v1.ConfirmTOTPResponse
11, // 13: mcias.v1.AuthService.RemoveTOTP:output_type -> mcias.v1.RemoveTOTPResponse
8, // [8:14] is the sub-list for method output_type
2, // [2:8] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
func init() { file_mcias_v1_auth_proto_init() }
func file_mcias_v1_auth_proto_init() {
if File_mcias_v1_auth_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_auth_proto_rawDesc), len(file_mcias_v1_auth_proto_rawDesc)),
NumEnums: 0,
NumMessages: 12,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_mcias_v1_auth_proto_goTypes,
DependencyIndexes: file_mcias_v1_auth_proto_depIdxs,
MessageInfos: file_mcias_v1_auth_proto_msgTypes,
}.Build()
File_mcias_v1_auth_proto = out.File
file_mcias_v1_auth_proto_goTypes = nil
file_mcias_v1_auth_proto_depIdxs = nil
}

341
gen/mcias/v1/auth_grpc.pb.go Normal file
View File

@@ -0,0 +1,341 @@
// AuthService: login, logout, token renewal, and TOTP management.
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v6.33.4
// source: mcias/v1/auth.proto
package mciasv1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
AuthService_Login_FullMethodName = "/mcias.v1.AuthService/Login"
AuthService_Logout_FullMethodName = "/mcias.v1.AuthService/Logout"
AuthService_RenewToken_FullMethodName = "/mcias.v1.AuthService/RenewToken"
AuthService_EnrollTOTP_FullMethodName = "/mcias.v1.AuthService/EnrollTOTP"
AuthService_ConfirmTOTP_FullMethodName = "/mcias.v1.AuthService/ConfirmTOTP"
AuthService_RemoveTOTP_FullMethodName = "/mcias.v1.AuthService/RemoveTOTP"
)
// AuthServiceClient is the client API for AuthService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// AuthService handles all authentication flows.
type AuthServiceClient interface {
// Login authenticates with username+password (+optional TOTP) and returns a JWT.
// Public RPC — no auth required.
Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
// Logout revokes the caller's current token.
// Requires: valid JWT in metadata.
Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error)
// RenewToken exchanges the caller's token for a fresh one.
// Requires: valid JWT in metadata.
RenewToken(ctx context.Context, in *RenewTokenRequest, opts ...grpc.CallOption) (*RenewTokenResponse, error)
// EnrollTOTP begins TOTP enrollment for the calling account.
// Requires: valid JWT in metadata.
EnrollTOTP(ctx context.Context, in *EnrollTOTPRequest, opts ...grpc.CallOption) (*EnrollTOTPResponse, error)
// ConfirmTOTP confirms TOTP enrollment with a code from the authenticator app.
// Requires: valid JWT in metadata.
ConfirmTOTP(ctx context.Context, in *ConfirmTOTPRequest, opts ...grpc.CallOption) (*ConfirmTOTPResponse, error)
// RemoveTOTP removes TOTP from an account (admin only).
// Requires: admin JWT in metadata.
RemoveTOTP(ctx context.Context, in *RemoveTOTPRequest, opts ...grpc.CallOption) (*RemoveTOTPResponse, error)
}
type authServiceClient struct {
cc grpc.ClientConnInterface
}
func NewAuthServiceClient(cc grpc.ClientConnInterface) AuthServiceClient {
return &authServiceClient{cc}
}
func (c *authServiceClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(LoginResponse)
err := c.cc.Invoke(ctx, AuthService_Login_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) Logout(ctx context.Context, in *LogoutRequest, opts ...grpc.CallOption) (*LogoutResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(LogoutResponse)
err := c.cc.Invoke(ctx, AuthService_Logout_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) RenewToken(ctx context.Context, in *RenewTokenRequest, opts ...grpc.CallOption) (*RenewTokenResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RenewTokenResponse)
err := c.cc.Invoke(ctx, AuthService_RenewToken_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) EnrollTOTP(ctx context.Context, in *EnrollTOTPRequest, opts ...grpc.CallOption) (*EnrollTOTPResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(EnrollTOTPResponse)
err := c.cc.Invoke(ctx, AuthService_EnrollTOTP_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) ConfirmTOTP(ctx context.Context, in *ConfirmTOTPRequest, opts ...grpc.CallOption) (*ConfirmTOTPResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ConfirmTOTPResponse)
err := c.cc.Invoke(ctx, AuthService_ConfirmTOTP_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *authServiceClient) RemoveTOTP(ctx context.Context, in *RemoveTOTPRequest, opts ...grpc.CallOption) (*RemoveTOTPResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RemoveTOTPResponse)
err := c.cc.Invoke(ctx, AuthService_RemoveTOTP_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// AuthServiceServer is the server API for AuthService service.
// All implementations must embed UnimplementedAuthServiceServer
// for forward compatibility.
//
// AuthService handles all authentication flows.
type AuthServiceServer interface {
// Login authenticates with username+password (+optional TOTP) and returns a JWT.
// Public RPC — no auth required.
Login(context.Context, *LoginRequest) (*LoginResponse, error)
// Logout revokes the caller's current token.
// Requires: valid JWT in metadata.
Logout(context.Context, *LogoutRequest) (*LogoutResponse, error)
// RenewToken exchanges the caller's token for a fresh one.
// Requires: valid JWT in metadata.
RenewToken(context.Context, *RenewTokenRequest) (*RenewTokenResponse, error)
// EnrollTOTP begins TOTP enrollment for the calling account.
// Requires: valid JWT in metadata.
EnrollTOTP(context.Context, *EnrollTOTPRequest) (*EnrollTOTPResponse, error)
// ConfirmTOTP confirms TOTP enrollment with a code from the authenticator app.
// Requires: valid JWT in metadata.
ConfirmTOTP(context.Context, *ConfirmTOTPRequest) (*ConfirmTOTPResponse, error)
// RemoveTOTP removes TOTP from an account (admin only).
// Requires: admin JWT in metadata.
RemoveTOTP(context.Context, *RemoveTOTPRequest) (*RemoveTOTPResponse, error)
mustEmbedUnimplementedAuthServiceServer()
}
// UnimplementedAuthServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedAuthServiceServer struct{}
func (UnimplementedAuthServiceServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
return nil, status.Error(codes.Unimplemented, "method Login not implemented")
}
func (UnimplementedAuthServiceServer) Logout(context.Context, *LogoutRequest) (*LogoutResponse, error) {
return nil, status.Error(codes.Unimplemented, "method Logout not implemented")
}
func (UnimplementedAuthServiceServer) RenewToken(context.Context, *RenewTokenRequest) (*RenewTokenResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RenewToken not implemented")
}
func (UnimplementedAuthServiceServer) EnrollTOTP(context.Context, *EnrollTOTPRequest) (*EnrollTOTPResponse, error) {
return nil, status.Error(codes.Unimplemented, "method EnrollTOTP not implemented")
}
func (UnimplementedAuthServiceServer) ConfirmTOTP(context.Context, *ConfirmTOTPRequest) (*ConfirmTOTPResponse, error) {
return nil, status.Error(codes.Unimplemented, "method ConfirmTOTP not implemented")
}
func (UnimplementedAuthServiceServer) RemoveTOTP(context.Context, *RemoveTOTPRequest) (*RemoveTOTPResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RemoveTOTP not implemented")
}
func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
func (UnimplementedAuthServiceServer) testEmbeddedByValue() {}
// UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to AuthServiceServer will
// result in compilation errors.
type UnsafeAuthServiceServer interface {
mustEmbedUnimplementedAuthServiceServer()
}
func RegisterAuthServiceServer(s grpc.ServiceRegistrar, srv AuthServiceServer) {
// If the following call panics, it indicates UnimplementedAuthServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&AuthService_ServiceDesc, srv)
}
func _AuthService_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(LoginRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).Login(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_Login_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).Login(ctx, req.(*LoginRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_Logout_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(LogoutRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).Logout(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_Logout_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).Logout(ctx, req.(*LogoutRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_RenewToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RenewTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).RenewToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_RenewToken_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).RenewToken(ctx, req.(*RenewTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_EnrollTOTP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(EnrollTOTPRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).EnrollTOTP(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_EnrollTOTP_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).EnrollTOTP(ctx, req.(*EnrollTOTPRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_ConfirmTOTP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ConfirmTOTPRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).ConfirmTOTP(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_ConfirmTOTP_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).ConfirmTOTP(ctx, req.(*ConfirmTOTPRequest))
}
return interceptor(ctx, in, info, handler)
}
func _AuthService_RemoveTOTP_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RemoveTOTPRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(AuthServiceServer).RemoveTOTP(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: AuthService_RemoveTOTP_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(AuthServiceServer).RemoveTOTP(ctx, req.(*RemoveTOTPRequest))
}
return interceptor(ctx, in, info, handler)
}
// AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var AuthService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "mcias.v1.AuthService",
HandlerType: (*AuthServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Login",
Handler: _AuthService_Login_Handler,
},
{
MethodName: "Logout",
Handler: _AuthService_Logout_Handler,
},
{
MethodName: "RenewToken",
Handler: _AuthService_RenewToken_Handler,
},
{
MethodName: "EnrollTOTP",
Handler: _AuthService_EnrollTOTP_Handler,
},
{
MethodName: "ConfirmTOTP",
Handler: _AuthService_ConfirmTOTP_Handler,
},
{
MethodName: "RemoveTOTP",
Handler: _AuthService_RemoveTOTP_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "mcias/v1/auth.proto",
}

409
gen/mcias/v1/common.pb.go Normal file
View File

@@ -0,0 +1,409 @@
// Common message types shared across MCIAS gRPC services.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v6.33.4
// source: mcias/v1/common.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// Account represents a user or service identity. Credential fields
// (password_hash, totp_secret) are never included in any response.
type Account struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
AccountType string `protobuf:"bytes,3,opt,name=account_type,json=accountType,proto3" json:"account_type,omitempty"` // "human" or "system"
Status string `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"` // "active", "inactive", or "deleted"
TotpEnabled bool `protobuf:"varint,5,opt,name=totp_enabled,json=totpEnabled,proto3" json:"totp_enabled,omitempty"`
CreatedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
UpdatedAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Account) Reset() {
*x = Account{}
mi := &file_mcias_v1_common_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Account) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Account) ProtoMessage() {}
func (x *Account) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_common_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Account.ProtoReflect.Descriptor instead.
func (*Account) Descriptor() ([]byte, []int) {
return file_mcias_v1_common_proto_rawDescGZIP(), []int{0}
}
func (x *Account) GetId() string {
if x != nil {
return x.Id
}
return ""
}
func (x *Account) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *Account) GetAccountType() string {
if x != nil {
return x.AccountType
}
return ""
}
func (x *Account) GetStatus() string {
if x != nil {
return x.Status
}
return ""
}
func (x *Account) GetTotpEnabled() bool {
if x != nil {
return x.TotpEnabled
}
return false
}
func (x *Account) GetCreatedAt() *timestamppb.Timestamp {
if x != nil {
return x.CreatedAt
}
return nil
}
func (x *Account) GetUpdatedAt() *timestamppb.Timestamp {
if x != nil {
return x.UpdatedAt
}
return nil
}
// TokenInfo describes an issued token by its JTI (never the raw value).
type TokenInfo struct {
state protoimpl.MessageState `protogen:"open.v1"`
Jti string `protobuf:"bytes,1,opt,name=jti,proto3" json:"jti,omitempty"`
IssuedAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
RevokedAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=revoked_at,json=revokedAt,proto3" json:"revoked_at,omitempty"` // zero if not revoked
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *TokenInfo) Reset() {
*x = TokenInfo{}
mi := &file_mcias_v1_common_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *TokenInfo) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*TokenInfo) ProtoMessage() {}
func (x *TokenInfo) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_common_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use TokenInfo.ProtoReflect.Descriptor instead.
func (*TokenInfo) Descriptor() ([]byte, []int) {
return file_mcias_v1_common_proto_rawDescGZIP(), []int{1}
}
func (x *TokenInfo) GetJti() string {
if x != nil {
return x.Jti
}
return ""
}
func (x *TokenInfo) GetIssuedAt() *timestamppb.Timestamp {
if x != nil {
return x.IssuedAt
}
return nil
}
func (x *TokenInfo) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
func (x *TokenInfo) GetRevokedAt() *timestamppb.Timestamp {
if x != nil {
return x.RevokedAt
}
return nil
}
// PGCreds holds Postgres connection details. Password is decrypted and
// present only when explicitly requested via GetPGCreds; it is never
// included in list responses.
type PGCreds struct {
state protoimpl.MessageState `protogen:"open.v1"`
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
Database string `protobuf:"bytes,2,opt,name=database,proto3" json:"database,omitempty"`
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
Password string `protobuf:"bytes,4,opt,name=password,proto3" json:"password,omitempty"` // security: only populated on explicit get
Port int32 `protobuf:"varint,5,opt,name=port,proto3" json:"port,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *PGCreds) Reset() {
*x = PGCreds{}
mi := &file_mcias_v1_common_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *PGCreds) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*PGCreds) ProtoMessage() {}
func (x *PGCreds) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_common_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use PGCreds.ProtoReflect.Descriptor instead.
func (*PGCreds) Descriptor() ([]byte, []int) {
return file_mcias_v1_common_proto_rawDescGZIP(), []int{2}
}
func (x *PGCreds) GetHost() string {
if x != nil {
return x.Host
}
return ""
}
func (x *PGCreds) GetDatabase() string {
if x != nil {
return x.Database
}
return ""
}
func (x *PGCreds) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *PGCreds) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
func (x *PGCreds) GetPort() int32 {
if x != nil {
return x.Port
}
return 0
}
// Error is the canonical error detail embedded in gRPC status details.
type Error struct {
state protoimpl.MessageState `protogen:"open.v1"`
Message string `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *Error) Reset() {
*x = Error{}
mi := &file_mcias_v1_common_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Error) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Error) ProtoMessage() {}
func (x *Error) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_common_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Error.ProtoReflect.Descriptor instead.
func (*Error) Descriptor() ([]byte, []int) {
return file_mcias_v1_common_proto_rawDescGZIP(), []int{3}
}
func (x *Error) GetMessage() string {
if x != nil {
return x.Message
}
return ""
}
func (x *Error) GetCode() string {
if x != nil {
return x.Code
}
return ""
}
var File_mcias_v1_common_proto protoreflect.FileDescriptor
const file_mcias_v1_common_proto_rawDesc = "" +
"\n" +
"\x15mcias/v1/common.proto\x12\bmcias.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"\x89\x02\n" +
"\aAccount\x12\x0e\n" +
"\x02id\x18\x01 \x01(\tR\x02id\x12\x1a\n" +
"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
"\faccount_type\x18\x03 \x01(\tR\vaccountType\x12\x16\n" +
"\x06status\x18\x04 \x01(\tR\x06status\x12!\n" +
"\ftotp_enabled\x18\x05 \x01(\bR\vtotpEnabled\x129\n" +
"\n" +
"created_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
"\n" +
"updated_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\"\xcc\x01\n" +
"\tTokenInfo\x12\x10\n" +
"\x03jti\x18\x01 \x01(\tR\x03jti\x127\n" +
"\tissued_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\bissuedAt\x129\n" +
"\n" +
"expires_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\x129\n" +
"\n" +
"revoked_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\trevokedAt\"\x85\x01\n" +
"\aPGCreds\x12\x12\n" +
"\x04host\x18\x01 \x01(\tR\x04host\x12\x1a\n" +
"\bdatabase\x18\x02 \x01(\tR\bdatabase\x12\x1a\n" +
"\busername\x18\x03 \x01(\tR\busername\x12\x1a\n" +
"\bpassword\x18\x04 \x01(\tR\bpassword\x12\x12\n" +
"\x04port\x18\x05 \x01(\x05R\x04port\"5\n" +
"\x05Error\x12\x18\n" +
"\amessage\x18\x01 \x01(\tR\amessage\x12\x12\n" +
"\x04code\x18\x02 \x01(\tR\x04codeB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_common_proto_rawDescOnce sync.Once
file_mcias_v1_common_proto_rawDescData []byte
)
func file_mcias_v1_common_proto_rawDescGZIP() []byte {
file_mcias_v1_common_proto_rawDescOnce.Do(func() {
file_mcias_v1_common_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_common_proto_rawDesc), len(file_mcias_v1_common_proto_rawDesc)))
})
return file_mcias_v1_common_proto_rawDescData
}
var file_mcias_v1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
var file_mcias_v1_common_proto_goTypes = []any{
(*Account)(nil), // 0: mcias.v1.Account
(*TokenInfo)(nil), // 1: mcias.v1.TokenInfo
(*PGCreds)(nil), // 2: mcias.v1.PGCreds
(*Error)(nil), // 3: mcias.v1.Error
(*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp
}
var file_mcias_v1_common_proto_depIdxs = []int32{
4, // 0: mcias.v1.Account.created_at:type_name -> google.protobuf.Timestamp
4, // 1: mcias.v1.Account.updated_at:type_name -> google.protobuf.Timestamp
4, // 2: mcias.v1.TokenInfo.issued_at:type_name -> google.protobuf.Timestamp
4, // 3: mcias.v1.TokenInfo.expires_at:type_name -> google.protobuf.Timestamp
4, // 4: mcias.v1.TokenInfo.revoked_at:type_name -> google.protobuf.Timestamp
5, // [5:5] is the sub-list for method output_type
5, // [5:5] is the sub-list for method input_type
5, // [5:5] is the sub-list for extension type_name
5, // [5:5] is the sub-list for extension extendee
0, // [0:5] is the sub-list for field type_name
}
func init() { file_mcias_v1_common_proto_init() }
func file_mcias_v1_common_proto_init() {
if File_mcias_v1_common_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_common_proto_rawDesc), len(file_mcias_v1_common_proto_rawDesc)),
NumEnums: 0,
NumMessages: 4,
NumExtensions: 0,
NumServices: 0,
},
GoTypes: file_mcias_v1_common_proto_goTypes,
DependencyIndexes: file_mcias_v1_common_proto_depIdxs,
MessageInfos: file_mcias_v1_common_proto_msgTypes,
}.Build()
File_mcias_v1_common_proto = out.File
file_mcias_v1_common_proto_goTypes = nil
file_mcias_v1_common_proto_depIdxs = nil
}

411
gen/mcias/v1/token.pb.go Normal file
View File

@@ -0,0 +1,411 @@
// TokenService: token validation, service-token issuance, and revocation.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v6.33.4
// source: mcias/v1/token.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// ValidateTokenRequest carries the token to validate.
// The token may also be supplied via the Authorization metadata key;
// this field is an alternative for callers that cannot set metadata.
type ValidateTokenRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ValidateTokenRequest) Reset() {
*x = ValidateTokenRequest{}
mi := &file_mcias_v1_token_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ValidateTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ValidateTokenRequest) ProtoMessage() {}
func (x *ValidateTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ValidateTokenRequest.ProtoReflect.Descriptor instead.
func (*ValidateTokenRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{0}
}
func (x *ValidateTokenRequest) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
// ValidateTokenResponse reports validity and, on success, the claims.
type ValidateTokenResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"` // UUID of the account; empty if invalid
Roles []string `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ValidateTokenResponse) Reset() {
*x = ValidateTokenResponse{}
mi := &file_mcias_v1_token_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ValidateTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ValidateTokenResponse) ProtoMessage() {}
func (x *ValidateTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ValidateTokenResponse.ProtoReflect.Descriptor instead.
func (*ValidateTokenResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{1}
}
func (x *ValidateTokenResponse) GetValid() bool {
if x != nil {
return x.Valid
}
return false
}
func (x *ValidateTokenResponse) GetSubject() string {
if x != nil {
return x.Subject
}
return ""
}
func (x *ValidateTokenResponse) GetRoles() []string {
if x != nil {
return x.Roles
}
return nil
}
func (x *ValidateTokenResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// IssueServiceTokenRequest specifies the system account to issue a token for.
type IssueServiceTokenRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID of the system account
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *IssueServiceTokenRequest) Reset() {
*x = IssueServiceTokenRequest{}
mi := &file_mcias_v1_token_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *IssueServiceTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*IssueServiceTokenRequest) ProtoMessage() {}
func (x *IssueServiceTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use IssueServiceTokenRequest.ProtoReflect.Descriptor instead.
func (*IssueServiceTokenRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{2}
}
func (x *IssueServiceTokenRequest) GetAccountId() string {
if x != nil {
return x.AccountId
}
return ""
}
// IssueServiceTokenResponse returns the new token and its expiry.
type IssueServiceTokenResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *IssueServiceTokenResponse) Reset() {
*x = IssueServiceTokenResponse{}
mi := &file_mcias_v1_token_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *IssueServiceTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*IssueServiceTokenResponse) ProtoMessage() {}
func (x *IssueServiceTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use IssueServiceTokenResponse.ProtoReflect.Descriptor instead.
func (*IssueServiceTokenResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{3}
}
func (x *IssueServiceTokenResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *IssueServiceTokenResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// RevokeTokenRequest specifies the JTI to revoke.
type RevokeTokenRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Jti string `protobuf:"bytes,1,opt,name=jti,proto3" json:"jti,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RevokeTokenRequest) Reset() {
*x = RevokeTokenRequest{}
mi := &file_mcias_v1_token_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RevokeTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RevokeTokenRequest) ProtoMessage() {}
func (x *RevokeTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RevokeTokenRequest.ProtoReflect.Descriptor instead.
func (*RevokeTokenRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{4}
}
func (x *RevokeTokenRequest) GetJti() string {
if x != nil {
return x.Jti
}
return ""
}
// RevokeTokenResponse confirms revocation.
type RevokeTokenResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RevokeTokenResponse) Reset() {
*x = RevokeTokenResponse{}
mi := &file_mcias_v1_token_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RevokeTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RevokeTokenResponse) ProtoMessage() {}
func (x *RevokeTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_token_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RevokeTokenResponse.ProtoReflect.Descriptor instead.
func (*RevokeTokenResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_token_proto_rawDescGZIP(), []int{5}
}
var File_mcias_v1_token_proto protoreflect.FileDescriptor
const file_mcias_v1_token_proto_rawDesc = "" +
"\n" +
"\x14mcias/v1/token.proto\x12\bmcias.v1\x1a\x1fgoogle/protobuf/timestamp.proto\",\n" +
"\x14ValidateTokenRequest\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\"\x98\x01\n" +
"\x15ValidateTokenResponse\x12\x14\n" +
"\x05valid\x18\x01 \x01(\bR\x05valid\x12\x18\n" +
"\asubject\x18\x02 \x01(\tR\asubject\x12\x14\n" +
"\x05roles\x18\x03 \x03(\tR\x05roles\x129\n" +
"\n" +
"expires_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"9\n" +
"\x18IssueServiceTokenRequest\x12\x1d\n" +
"\n" +
"account_id\x18\x01 \x01(\tR\taccountId\"l\n" +
"\x19IssueServiceTokenResponse\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\x129\n" +
"\n" +
"expires_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"&\n" +
"\x12RevokeTokenRequest\x12\x10\n" +
"\x03jti\x18\x01 \x01(\tR\x03jti\"\x15\n" +
"\x13RevokeTokenResponse2\x8a\x02\n" +
"\fTokenService\x12P\n" +
"\rValidateToken\x12\x1e.mcias.v1.ValidateTokenRequest\x1a\x1f.mcias.v1.ValidateTokenResponse\x12\\\n" +
"\x11IssueServiceToken\x12\".mcias.v1.IssueServiceTokenRequest\x1a#.mcias.v1.IssueServiceTokenResponse\x12J\n" +
"\vRevokeToken\x12\x1c.mcias.v1.RevokeTokenRequest\x1a\x1d.mcias.v1.RevokeTokenResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_token_proto_rawDescOnce sync.Once
file_mcias_v1_token_proto_rawDescData []byte
)
func file_mcias_v1_token_proto_rawDescGZIP() []byte {
file_mcias_v1_token_proto_rawDescOnce.Do(func() {
file_mcias_v1_token_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_token_proto_rawDesc), len(file_mcias_v1_token_proto_rawDesc)))
})
return file_mcias_v1_token_proto_rawDescData
}
var file_mcias_v1_token_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
var file_mcias_v1_token_proto_goTypes = []any{
(*ValidateTokenRequest)(nil), // 0: mcias.v1.ValidateTokenRequest
(*ValidateTokenResponse)(nil), // 1: mcias.v1.ValidateTokenResponse
(*IssueServiceTokenRequest)(nil), // 2: mcias.v1.IssueServiceTokenRequest
(*IssueServiceTokenResponse)(nil), // 3: mcias.v1.IssueServiceTokenResponse
(*RevokeTokenRequest)(nil), // 4: mcias.v1.RevokeTokenRequest
(*RevokeTokenResponse)(nil), // 5: mcias.v1.RevokeTokenResponse
(*timestamppb.Timestamp)(nil), // 6: google.protobuf.Timestamp
}
var file_mcias_v1_token_proto_depIdxs = []int32{
6, // 0: mcias.v1.ValidateTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
6, // 1: mcias.v1.IssueServiceTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
0, // 2: mcias.v1.TokenService.ValidateToken:input_type -> mcias.v1.ValidateTokenRequest
2, // 3: mcias.v1.TokenService.IssueServiceToken:input_type -> mcias.v1.IssueServiceTokenRequest
4, // 4: mcias.v1.TokenService.RevokeToken:input_type -> mcias.v1.RevokeTokenRequest
1, // 5: mcias.v1.TokenService.ValidateToken:output_type -> mcias.v1.ValidateTokenResponse
3, // 6: mcias.v1.TokenService.IssueServiceToken:output_type -> mcias.v1.IssueServiceTokenResponse
5, // 7: mcias.v1.TokenService.RevokeToken:output_type -> mcias.v1.RevokeTokenResponse
5, // [5:8] is the sub-list for method output_type
2, // [2:5] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
func init() { file_mcias_v1_token_proto_init() }
func file_mcias_v1_token_proto_init() {
if File_mcias_v1_token_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_token_proto_rawDesc), len(file_mcias_v1_token_proto_rawDesc)),
NumEnums: 0,
NumMessages: 6,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_mcias_v1_token_proto_goTypes,
DependencyIndexes: file_mcias_v1_token_proto_depIdxs,
MessageInfos: file_mcias_v1_token_proto_msgTypes,
}.Build()
File_mcias_v1_token_proto = out.File
file_mcias_v1_token_proto_goTypes = nil
file_mcias_v1_token_proto_depIdxs = nil
}

215
gen/mcias/v1/token_grpc.pb.go Normal file
View File

@@ -0,0 +1,215 @@
// TokenService: token validation, service-token issuance, and revocation.
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.6.1
// - protoc v6.33.4
// source: mcias/v1/token.proto
package mciasv1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
TokenService_ValidateToken_FullMethodName = "/mcias.v1.TokenService/ValidateToken"
TokenService_IssueServiceToken_FullMethodName = "/mcias.v1.TokenService/IssueServiceToken"
TokenService_RevokeToken_FullMethodName = "/mcias.v1.TokenService/RevokeToken"
)
// TokenServiceClient is the client API for TokenService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// TokenService manages token lifecycle.
type TokenServiceClient interface {
// ValidateToken checks whether a JWT is valid and returns its claims.
// Public RPC — no auth required.
ValidateToken(ctx context.Context, in *ValidateTokenRequest, opts ...grpc.CallOption) (*ValidateTokenResponse, error)
// IssueServiceToken issues a new service token for a system account.
// Requires: admin JWT in metadata.
IssueServiceToken(ctx context.Context, in *IssueServiceTokenRequest, opts ...grpc.CallOption) (*IssueServiceTokenResponse, error)
// RevokeToken revokes a token by JTI.
// Requires: admin JWT in metadata.
RevokeToken(ctx context.Context, in *RevokeTokenRequest, opts ...grpc.CallOption) (*RevokeTokenResponse, error)
}
type tokenServiceClient struct {
cc grpc.ClientConnInterface
}
func NewTokenServiceClient(cc grpc.ClientConnInterface) TokenServiceClient {
return &tokenServiceClient{cc}
}
func (c *tokenServiceClient) ValidateToken(ctx context.Context, in *ValidateTokenRequest, opts ...grpc.CallOption) (*ValidateTokenResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ValidateTokenResponse)
err := c.cc.Invoke(ctx, TokenService_ValidateToken_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenServiceClient) IssueServiceToken(ctx context.Context, in *IssueServiceTokenRequest, opts ...grpc.CallOption) (*IssueServiceTokenResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(IssueServiceTokenResponse)
err := c.cc.Invoke(ctx, TokenService_IssueServiceToken_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *tokenServiceClient) RevokeToken(ctx context.Context, in *RevokeTokenRequest, opts ...grpc.CallOption) (*RevokeTokenResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(RevokeTokenResponse)
err := c.cc.Invoke(ctx, TokenService_RevokeToken_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// TokenServiceServer is the server API for TokenService service.
// All implementations must embed UnimplementedTokenServiceServer
// for forward compatibility.
//
// TokenService manages token lifecycle.
type TokenServiceServer interface {
// ValidateToken checks whether a JWT is valid and returns its claims.
// Public RPC — no auth required.
ValidateToken(context.Context, *ValidateTokenRequest) (*ValidateTokenResponse, error)
// IssueServiceToken issues a new service token for a system account.
// Requires: admin JWT in metadata.
IssueServiceToken(context.Context, *IssueServiceTokenRequest) (*IssueServiceTokenResponse, error)
// RevokeToken revokes a token by JTI.
// Requires: admin JWT in metadata.
RevokeToken(context.Context, *RevokeTokenRequest) (*RevokeTokenResponse, error)
mustEmbedUnimplementedTokenServiceServer()
}
// UnimplementedTokenServiceServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedTokenServiceServer struct{}
func (UnimplementedTokenServiceServer) ValidateToken(context.Context, *ValidateTokenRequest) (*ValidateTokenResponse, error) {
return nil, status.Error(codes.Unimplemented, "method ValidateToken not implemented")
}
func (UnimplementedTokenServiceServer) IssueServiceToken(context.Context, *IssueServiceTokenRequest) (*IssueServiceTokenResponse, error) {
return nil, status.Error(codes.Unimplemented, "method IssueServiceToken not implemented")
}
func (UnimplementedTokenServiceServer) RevokeToken(context.Context, *RevokeTokenRequest) (*RevokeTokenResponse, error) {
return nil, status.Error(codes.Unimplemented, "method RevokeToken not implemented")
}
func (UnimplementedTokenServiceServer) mustEmbedUnimplementedTokenServiceServer() {}
func (UnimplementedTokenServiceServer) testEmbeddedByValue() {}
// UnsafeTokenServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to TokenServiceServer will
// result in compilation errors.
type UnsafeTokenServiceServer interface {
mustEmbedUnimplementedTokenServiceServer()
}
func RegisterTokenServiceServer(s grpc.ServiceRegistrar, srv TokenServiceServer) {
// If the following call panics, it indicates UnimplementedTokenServiceServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&TokenService_ServiceDesc, srv)
}
func _TokenService_ValidateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ValidateTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenServiceServer).ValidateToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: TokenService_ValidateToken_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenServiceServer).ValidateToken(ctx, req.(*ValidateTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenService_IssueServiceToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(IssueServiceTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenServiceServer).IssueServiceToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: TokenService_IssueServiceToken_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenServiceServer).IssueServiceToken(ctx, req.(*IssueServiceTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
func _TokenService_RevokeToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(RevokeTokenRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(TokenServiceServer).RevokeToken(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: TokenService_RevokeToken_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(TokenServiceServer).RevokeToken(ctx, req.(*RevokeTokenRequest))
}
return interceptor(ctx, in, info, handler)
}
// TokenService_ServiceDesc is the grpc.ServiceDesc for TokenService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var TokenService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "mcias.v1.TokenService",
HandlerType: (*TokenServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ValidateToken",
Handler: _TokenService_ValidateToken_Handler,
},
{
MethodName: "IssueServiceToken",
Handler: _TokenService_IssueServiceToken_Handler,
},
{
MethodName: "RevokeToken",
Handler: _TokenService_RevokeToken_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "mcias/v1/token.proto",
}