kyle/mcias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39d9ffb79a08eb4f7d08487b2264348ddf69a8be
mcias/gen/mcias/v1/auth.pb.go
Kyle Isom 25417b24f4 Add FIDO2/WebAuthn passkey authentication 
Phase 14: Full WebAuthn support for passwordless passkey login and
hardware security key 2FA.

- go-webauthn/webauthn v0.16.1 dependency
- WebAuthnConfig with RPID/RPOrigin/DisplayName validation
- Migration 000009: webauthn_credentials table
- DB CRUD with ownership checks and admin operations
- internal/webauthn adapter: encrypt/decrypt at rest with AES-256-GCM
- REST: register begin/finish, login begin/finish, list, delete
- Web UI: profile enrollment, login passkey button, admin management
- gRPC: ListWebAuthnCredentials, RemoveWebAuthnCredential RPCs
- mciasdb: webauthn list/delete/reset subcommands
- OpenAPI: 6 new endpoints, WebAuthnCredentialInfo schema
- Policy: self-service enrollment rule, admin remove via wildcard
- Tests: DB CRUD, adapter round-trip, interface compliance
- Docs: ARCHITECTURE.md §22, PROJECT_PLAN.md Phase 14

Security: Credential IDs and public keys encrypted at rest with
AES-256-GCM via vault master key. Challenge ceremonies use 128-bit
nonces with 120s TTL in sync.Map. Sign counter validated on each
assertion to detect cloned authenticators. Password re-auth required
for registration (SEC-01 pattern). No credential material in API
responses or logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-16 16:12:59 -07:00

1009 lines
32 KiB
Go
Raw Blame History

// AuthService: login, logout, token renewal, and TOTP management.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.11
// protoc v3.20.3
// source: mcias/v1/auth.proto
package mciasv1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// LoginRequest carries username/password and an optional TOTP code.
// Security: never logged; password and totp_code must not appear in audit logs.
type LoginRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` // security: never logged or stored
TotpCode string `protobuf:"bytes,3,opt,name=totp_code,json=totpCode,proto3" json:"totp_code,omitempty"` // optional; required if TOTP enrolled
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LoginRequest) Reset() {
*x = LoginRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LoginRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LoginRequest) ProtoMessage() {}
func (x *LoginRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LoginRequest.ProtoReflect.Descriptor instead.
func (*LoginRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{0}
}
func (x *LoginRequest) GetUsername() string {
if x != nil {
return x.Username
}
return ""
}
func (x *LoginRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
func (x *LoginRequest) GetTotpCode() string {
if x != nil {
return x.TotpCode
}
return ""
}
// LoginResponse returns the signed JWT and its expiry time.
// Security: token is a bearer credential; the caller must protect it.
type LoginResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LoginResponse) Reset() {
*x = LoginResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LoginResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LoginResponse) ProtoMessage() {}
func (x *LoginResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LoginResponse.ProtoReflect.Descriptor instead.
func (*LoginResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{1}
}
func (x *LoginResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *LoginResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// LogoutRequest carries no body; the token is extracted from gRPC metadata.
type LogoutRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LogoutRequest) Reset() {
*x = LogoutRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LogoutRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LogoutRequest) ProtoMessage() {}
func (x *LogoutRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LogoutRequest.ProtoReflect.Descriptor instead.
func (*LogoutRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{2}
}
// LogoutResponse confirms the token has been revoked.
type LogoutResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *LogoutResponse) Reset() {
*x = LogoutResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *LogoutResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*LogoutResponse) ProtoMessage() {}
func (x *LogoutResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use LogoutResponse.ProtoReflect.Descriptor instead.
func (*LogoutResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{3}
}
// RenewTokenRequest carries no body; the existing token is in metadata.
type RenewTokenRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RenewTokenRequest) Reset() {
*x = RenewTokenRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RenewTokenRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RenewTokenRequest) ProtoMessage() {}
func (x *RenewTokenRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RenewTokenRequest.ProtoReflect.Descriptor instead.
func (*RenewTokenRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{4}
}
// RenewTokenResponse returns a new JWT with a fresh expiry.
type RenewTokenResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RenewTokenResponse) Reset() {
*x = RenewTokenResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RenewTokenResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RenewTokenResponse) ProtoMessage() {}
func (x *RenewTokenResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RenewTokenResponse.ProtoReflect.Descriptor instead.
func (*RenewTokenResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{5}
}
func (x *RenewTokenResponse) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
func (x *RenewTokenResponse) GetExpiresAt() *timestamppb.Timestamp {
if x != nil {
return x.ExpiresAt
}
return nil
}
// EnrollTOTPRequest carries the current password for re-authentication.
// Security (SEC-01): password is required to prevent a stolen session token
// from being used to enroll attacker-controlled TOTP on the victim's account.
type EnrollTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Password string `protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty"` // security: current password required; never logged
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *EnrollTOTPRequest) Reset() {
*x = EnrollTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *EnrollTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EnrollTOTPRequest) ProtoMessage() {}
func (x *EnrollTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EnrollTOTPRequest.ProtoReflect.Descriptor instead.
func (*EnrollTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{6}
}
func (x *EnrollTOTPRequest) GetPassword() string {
if x != nil {
return x.Password
}
return ""
}
// EnrollTOTPResponse returns the TOTP secret and otpauth URI for display.
// Security: the secret is shown once; it is stored only in encrypted form.
type EnrollTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Secret string `protobuf:"bytes,1,opt,name=secret,proto3" json:"secret,omitempty"` // base32-encoded; display once, then discard
OtpauthUri string `protobuf:"bytes,2,opt,name=otpauth_uri,json=otpauthUri,proto3" json:"otpauth_uri,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *EnrollTOTPResponse) Reset() {
*x = EnrollTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *EnrollTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*EnrollTOTPResponse) ProtoMessage() {}
func (x *EnrollTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[7]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use EnrollTOTPResponse.ProtoReflect.Descriptor instead.
func (*EnrollTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{7}
}
func (x *EnrollTOTPResponse) GetSecret() string {
if x != nil {
return x.Secret
}
return ""
}
func (x *EnrollTOTPResponse) GetOtpauthUri() string {
if x != nil {
return x.OtpauthUri
}
return ""
}
// ConfirmTOTPRequest carries the TOTP code to confirm enrollment.
type ConfirmTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ConfirmTOTPRequest) Reset() {
*x = ConfirmTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ConfirmTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ConfirmTOTPRequest) ProtoMessage() {}
func (x *ConfirmTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[8]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ConfirmTOTPRequest.ProtoReflect.Descriptor instead.
func (*ConfirmTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{8}
}
func (x *ConfirmTOTPRequest) GetCode() string {
if x != nil {
return x.Code
}
return ""
}
// ConfirmTOTPResponse confirms TOTP enrollment is complete.
type ConfirmTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ConfirmTOTPResponse) Reset() {
*x = ConfirmTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[9]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ConfirmTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ConfirmTOTPResponse) ProtoMessage() {}
func (x *ConfirmTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[9]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ConfirmTOTPResponse.ProtoReflect.Descriptor instead.
func (*ConfirmTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{9}
}
// RemoveTOTPRequest carries the target account ID (admin only).
type RemoveTOTPRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID of the account to remove TOTP from
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveTOTPRequest) Reset() {
*x = RemoveTOTPRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveTOTPRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveTOTPRequest) ProtoMessage() {}
func (x *RemoveTOTPRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[10]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveTOTPRequest.ProtoReflect.Descriptor instead.
func (*RemoveTOTPRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{10}
}
func (x *RemoveTOTPRequest) GetAccountId() string {
if x != nil {
return x.AccountId
}
return ""
}
// RemoveTOTPResponse confirms removal.
type RemoveTOTPResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveTOTPResponse) Reset() {
*x = RemoveTOTPResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveTOTPResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveTOTPResponse) ProtoMessage() {}
func (x *RemoveTOTPResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[11]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveTOTPResponse.ProtoReflect.Descriptor instead.
func (*RemoveTOTPResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{11}
}
// ListWebAuthnCredentialsRequest lists metadata for an account's WebAuthn credentials.
type ListWebAuthnCredentialsRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListWebAuthnCredentialsRequest) Reset() {
*x = ListWebAuthnCredentialsRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListWebAuthnCredentialsRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListWebAuthnCredentialsRequest) ProtoMessage() {}
func (x *ListWebAuthnCredentialsRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[12]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListWebAuthnCredentialsRequest.ProtoReflect.Descriptor instead.
func (*ListWebAuthnCredentialsRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{12}
}
func (x *ListWebAuthnCredentialsRequest) GetAccountId() string {
if x != nil {
return x.AccountId
}
return ""
}
// WebAuthnCredentialInfo holds metadata about a stored WebAuthn credential.
// Credential material (IDs, public keys) is never included.
type WebAuthnCredentialInfo struct {
state protoimpl.MessageState `protogen:"open.v1"`
Id int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
Aaguid string `protobuf:"bytes,3,opt,name=aaguid,proto3" json:"aaguid,omitempty"`
SignCount uint32 `protobuf:"varint,4,opt,name=sign_count,json=signCount,proto3" json:"sign_count,omitempty"`
Discoverable bool `protobuf:"varint,5,opt,name=discoverable,proto3" json:"discoverable,omitempty"`
Transports string `protobuf:"bytes,6,opt,name=transports,proto3" json:"transports,omitempty"`
CreatedAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
LastUsedAt *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=last_used_at,json=lastUsedAt,proto3" json:"last_used_at,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *WebAuthnCredentialInfo) Reset() {
*x = WebAuthnCredentialInfo{}
mi := &file_mcias_v1_auth_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *WebAuthnCredentialInfo) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*WebAuthnCredentialInfo) ProtoMessage() {}
func (x *WebAuthnCredentialInfo) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[13]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use WebAuthnCredentialInfo.ProtoReflect.Descriptor instead.
func (*WebAuthnCredentialInfo) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{13}
}
func (x *WebAuthnCredentialInfo) GetId() int64 {
if x != nil {
return x.Id
}
return 0
}
func (x *WebAuthnCredentialInfo) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *WebAuthnCredentialInfo) GetAaguid() string {
if x != nil {
return x.Aaguid
}
return ""
}
func (x *WebAuthnCredentialInfo) GetSignCount() uint32 {
if x != nil {
return x.SignCount
}
return 0
}
func (x *WebAuthnCredentialInfo) GetDiscoverable() bool {
if x != nil {
return x.Discoverable
}
return false
}
func (x *WebAuthnCredentialInfo) GetTransports() string {
if x != nil {
return x.Transports
}
return ""
}
func (x *WebAuthnCredentialInfo) GetCreatedAt() *timestamppb.Timestamp {
if x != nil {
return x.CreatedAt
}
return nil
}
func (x *WebAuthnCredentialInfo) GetLastUsedAt() *timestamppb.Timestamp {
if x != nil {
return x.LastUsedAt
}
return nil
}
// ListWebAuthnCredentialsResponse returns credential metadata.
type ListWebAuthnCredentialsResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
Credentials []*WebAuthnCredentialInfo `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *ListWebAuthnCredentialsResponse) Reset() {
*x = ListWebAuthnCredentialsResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *ListWebAuthnCredentialsResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ListWebAuthnCredentialsResponse) ProtoMessage() {}
func (x *ListWebAuthnCredentialsResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[14]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ListWebAuthnCredentialsResponse.ProtoReflect.Descriptor instead.
func (*ListWebAuthnCredentialsResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{14}
}
func (x *ListWebAuthnCredentialsResponse) GetCredentials() []*WebAuthnCredentialInfo {
if x != nil {
return x.Credentials
}
return nil
}
// RemoveWebAuthnCredentialRequest removes a specific WebAuthn credential (admin).
type RemoveWebAuthnCredentialRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
AccountId string `protobuf:"bytes,1,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"` // UUID
CredentialId int64 `protobuf:"varint,2,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveWebAuthnCredentialRequest) Reset() {
*x = RemoveWebAuthnCredentialRequest{}
mi := &file_mcias_v1_auth_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveWebAuthnCredentialRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveWebAuthnCredentialRequest) ProtoMessage() {}
func (x *RemoveWebAuthnCredentialRequest) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[15]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveWebAuthnCredentialRequest.ProtoReflect.Descriptor instead.
func (*RemoveWebAuthnCredentialRequest) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{15}
}
func (x *RemoveWebAuthnCredentialRequest) GetAccountId() string {
if x != nil {
return x.AccountId
}
return ""
}
func (x *RemoveWebAuthnCredentialRequest) GetCredentialId() int64 {
if x != nil {
return x.CredentialId
}
return 0
}
// RemoveWebAuthnCredentialResponse confirms removal.
type RemoveWebAuthnCredentialResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *RemoveWebAuthnCredentialResponse) Reset() {
*x = RemoveWebAuthnCredentialResponse{}
mi := &file_mcias_v1_auth_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *RemoveWebAuthnCredentialResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*RemoveWebAuthnCredentialResponse) ProtoMessage() {}
func (x *RemoveWebAuthnCredentialResponse) ProtoReflect() protoreflect.Message {
mi := &file_mcias_v1_auth_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use RemoveWebAuthnCredentialResponse.ProtoReflect.Descriptor instead.
func (*RemoveWebAuthnCredentialResponse) Descriptor() ([]byte, []int) {
return file_mcias_v1_auth_proto_rawDescGZIP(), []int{16}
}
var File_mcias_v1_auth_proto protoreflect.FileDescriptor
const file_mcias_v1_auth_proto_rawDesc = "" +
"\n" +
"\x13mcias/v1/auth.proto\x12\bmcias.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"c\n" +
"\fLoginRequest\x12\x1a\n" +
"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
"\bpassword\x18\x02 \x01(\tR\bpassword\x12\x1b\n" +
"\ttotp_code\x18\x03 \x01(\tR\btotpCode\"`\n" +
"\rLoginResponse\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\x129\n" +
"\n" +
"expires_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"\x0f\n" +
"\rLogoutRequest\"\x10\n" +
"\x0eLogoutResponse\"\x13\n" +
"\x11RenewTokenRequest\"e\n" +
"\x12RenewTokenResponse\x12\x14\n" +
"\x05token\x18\x01 \x01(\tR\x05token\x129\n" +
"\n" +
"expires_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\"/\n" +
"\x11EnrollTOTPRequest\x12\x1a\n" +
"\bpassword\x18\x01 \x01(\tR\bpassword\"M\n" +
"\x12EnrollTOTPResponse\x12\x16\n" +
"\x06secret\x18\x01 \x01(\tR\x06secret\x12\x1f\n" +
"\votpauth_uri\x18\x02 \x01(\tR\n" +
"otpauthUri\"(\n" +
"\x12ConfirmTOTPRequest\x12\x12\n" +
"\x04code\x18\x01 \x01(\tR\x04code\"\x15\n" +
"\x13ConfirmTOTPResponse\"2\n" +
"\x11RemoveTOTPRequest\x12\x1d\n" +
"\n" +
"account_id\x18\x01 \x01(\tR\taccountId\"\x14\n" +
"\x12RemoveTOTPResponse\"?\n" +
"\x1eListWebAuthnCredentialsRequest\x12\x1d\n" +
"\n" +
"account_id\x18\x01 \x01(\tR\taccountId\"\xb0\x02\n" +
"\x16WebAuthnCredentialInfo\x12\x0e\n" +
"\x02id\x18\x01 \x01(\x03R\x02id\x12\x12\n" +
"\x04name\x18\x02 \x01(\tR\x04name\x12\x16\n" +
"\x06aaguid\x18\x03 \x01(\tR\x06aaguid\x12\x1d\n" +
"\n" +
"sign_count\x18\x04 \x01(\rR\tsignCount\x12\"\n" +
"\fdiscoverable\x18\x05 \x01(\bR\fdiscoverable\x12\x1e\n" +
"\n" +
"transports\x18\x06 \x01(\tR\n" +
"transports\x129\n" +
"\n" +
"created_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x12<\n" +
"\flast_used_at\x18\b \x01(\v2\x1a.google.protobuf.TimestampR\n" +
"lastUsedAt\"e\n" +
"\x1fListWebAuthnCredentialsResponse\x12B\n" +
"\vcredentials\x18\x01 \x03(\v2 .mcias.v1.WebAuthnCredentialInfoR\vcredentials\"e\n" +
"\x1fRemoveWebAuthnCredentialRequest\x12\x1d\n" +
"\n" +
"account_id\x18\x01 \x01(\tR\taccountId\x12#\n" +
"\rcredential_id\x18\x02 \x01(\x03R\fcredentialId\"\"\n" +
" RemoveWebAuthnCredentialResponse2\x8e\x05\n" +
"\vAuthService\x128\n" +
"\x05Login\x12\x16.mcias.v1.LoginRequest\x1a\x17.mcias.v1.LoginResponse\x12;\n" +
"\x06Logout\x12\x17.mcias.v1.LogoutRequest\x1a\x18.mcias.v1.LogoutResponse\x12G\n" +
"\n" +
"RenewToken\x12\x1b.mcias.v1.RenewTokenRequest\x1a\x1c.mcias.v1.RenewTokenResponse\x12G\n" +
"\n" +
"EnrollTOTP\x12\x1b.mcias.v1.EnrollTOTPRequest\x1a\x1c.mcias.v1.EnrollTOTPResponse\x12J\n" +
"\vConfirmTOTP\x12\x1c.mcias.v1.ConfirmTOTPRequest\x1a\x1d.mcias.v1.ConfirmTOTPResponse\x12G\n" +
"\n" +
"RemoveTOTP\x12\x1b.mcias.v1.RemoveTOTPRequest\x1a\x1c.mcias.v1.RemoveTOTPResponse\x12n\n" +
"\x17ListWebAuthnCredentials\x12(.mcias.v1.ListWebAuthnCredentialsRequest\x1a).mcias.v1.ListWebAuthnCredentialsResponse\x12q\n" +
"\x18RemoveWebAuthnCredential\x12).mcias.v1.RemoveWebAuthnCredentialRequest\x1a*.mcias.v1.RemoveWebAuthnCredentialResponseB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
var (
file_mcias_v1_auth_proto_rawDescOnce sync.Once
file_mcias_v1_auth_proto_rawDescData []byte
)
func file_mcias_v1_auth_proto_rawDescGZIP() []byte {
file_mcias_v1_auth_proto_rawDescOnce.Do(func() {
file_mcias_v1_auth_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_auth_proto_rawDesc), len(file_mcias_v1_auth_proto_rawDesc)))
})
return file_mcias_v1_auth_proto_rawDescData
}
var file_mcias_v1_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
var file_mcias_v1_auth_proto_goTypes = []any{
(*LoginRequest)(nil), // 0: mcias.v1.LoginRequest
(*LoginResponse)(nil), // 1: mcias.v1.LoginResponse
(*LogoutRequest)(nil), // 2: mcias.v1.LogoutRequest
(*LogoutResponse)(nil), // 3: mcias.v1.LogoutResponse
(*RenewTokenRequest)(nil), // 4: mcias.v1.RenewTokenRequest
(*RenewTokenResponse)(nil), // 5: mcias.v1.RenewTokenResponse
(*EnrollTOTPRequest)(nil), // 6: mcias.v1.EnrollTOTPRequest
(*EnrollTOTPResponse)(nil), // 7: mcias.v1.EnrollTOTPResponse
(*ConfirmTOTPRequest)(nil), // 8: mcias.v1.ConfirmTOTPRequest
(*ConfirmTOTPResponse)(nil), // 9: mcias.v1.ConfirmTOTPResponse
(*RemoveTOTPRequest)(nil), // 10: mcias.v1.RemoveTOTPRequest
(*RemoveTOTPResponse)(nil), // 11: mcias.v1.RemoveTOTPResponse
(*ListWebAuthnCredentialsRequest)(nil), // 12: mcias.v1.ListWebAuthnCredentialsRequest
(*WebAuthnCredentialInfo)(nil), // 13: mcias.v1.WebAuthnCredentialInfo
(*ListWebAuthnCredentialsResponse)(nil), // 14: mcias.v1.ListWebAuthnCredentialsResponse
(*RemoveWebAuthnCredentialRequest)(nil), // 15: mcias.v1.RemoveWebAuthnCredentialRequest
(*RemoveWebAuthnCredentialResponse)(nil), // 16: mcias.v1.RemoveWebAuthnCredentialResponse
(*timestamppb.Timestamp)(nil), // 17: google.protobuf.Timestamp
}
var file_mcias_v1_auth_proto_depIdxs = []int32{
17, // 0: mcias.v1.LoginResponse.expires_at:type_name -> google.protobuf.Timestamp
17, // 1: mcias.v1.RenewTokenResponse.expires_at:type_name -> google.protobuf.Timestamp
17, // 2: mcias.v1.WebAuthnCredentialInfo.created_at:type_name -> google.protobuf.Timestamp
17, // 3: mcias.v1.WebAuthnCredentialInfo.last_used_at:type_name -> google.protobuf.Timestamp
13, // 4: mcias.v1.ListWebAuthnCredentialsResponse.credentials:type_name -> mcias.v1.WebAuthnCredentialInfo
0, // 5: mcias.v1.AuthService.Login:input_type -> mcias.v1.LoginRequest
2, // 6: mcias.v1.AuthService.Logout:input_type -> mcias.v1.LogoutRequest
4, // 7: mcias.v1.AuthService.RenewToken:input_type -> mcias.v1.RenewTokenRequest
6, // 8: mcias.v1.AuthService.EnrollTOTP:input_type -> mcias.v1.EnrollTOTPRequest
8, // 9: mcias.v1.AuthService.ConfirmTOTP:input_type -> mcias.v1.ConfirmTOTPRequest
10, // 10: mcias.v1.AuthService.RemoveTOTP:input_type -> mcias.v1.RemoveTOTPRequest
12, // 11: mcias.v1.AuthService.ListWebAuthnCredentials:input_type -> mcias.v1.ListWebAuthnCredentialsRequest
15, // 12: mcias.v1.AuthService.RemoveWebAuthnCredential:input_type -> mcias.v1.RemoveWebAuthnCredentialRequest
1, // 13: mcias.v1.AuthService.Login:output_type -> mcias.v1.LoginResponse
3, // 14: mcias.v1.AuthService.Logout:output_type -> mcias.v1.LogoutResponse
5, // 15: mcias.v1.AuthService.RenewToken:output_type -> mcias.v1.RenewTokenResponse
7, // 16: mcias.v1.AuthService.EnrollTOTP:output_type -> mcias.v1.EnrollTOTPResponse
9, // 17: mcias.v1.AuthService.ConfirmTOTP:output_type -> mcias.v1.ConfirmTOTPResponse
11, // 18: mcias.v1.AuthService.RemoveTOTP:output_type -> mcias.v1.RemoveTOTPResponse
14, // 19: mcias.v1.AuthService.ListWebAuthnCredentials:output_type -> mcias.v1.ListWebAuthnCredentialsResponse
16, // 20: mcias.v1.AuthService.RemoveWebAuthnCredential:output_type -> mcias.v1.RemoveWebAuthnCredentialResponse
13, // [13:21] is the sub-list for method output_type
5, // [5:13] is the sub-list for method input_type
5, // [5:5] is the sub-list for extension type_name
5, // [5:5] is the sub-list for extension extendee
0, // [0:5] is the sub-list for field type_name
}
func init() { file_mcias_v1_auth_proto_init() }
func file_mcias_v1_auth_proto_init() {
if File_mcias_v1_auth_proto != nil {
return
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_auth_proto_rawDesc), len(file_mcias_v1_auth_proto_rawDesc)),
NumEnums: 0,
NumMessages: 17,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_mcias_v1_auth_proto_goTypes,
DependencyIndexes: file_mcias_v1_auth_proto_depIdxs,
MessageInfos: file_mcias_v1_auth_proto_msgTypes,
}.Build()
File_mcias_v1_auth_proto = out.File
file_mcias_v1_auth_proto_goTypes = nil
file_mcias_v1_auth_proto_depIdxs = nil
}
Reference in New Issue View Git Blame Copy Permalink