gitdata.ai/imks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): add authentication protocol definitions and build configuration

Browse Source 
- Add TokenClaims message for JWT payload structure with user id, issuer, timestamps, and scopes
- Implement IssueTokenRequest/Response for creating access and refresh tokens with TTL support
- Create RefreshTokenRequest/Response for token rotation functionality
- Define RevokeTokenRequest/Response with support for single token or user-wide revocation
- Add VerifyTokenRequest/Response for validating JWT tokens with detailed claims information
- Implement signing key distribution system with GetSigningKeysRequest/Response
- Create TokenService gRPC service with IssueToken, RefreshToken, RevokeToken, VerifyToken, and GetSigningKeys methods
- Add build.rs configuration to compile proto files using tonic_prost_build
- Include channel, channel_settings, member, and permission protocol definitions for IM services
- Generate Rust code bindings through pb/core.rs and pb/im.rs modules
This commit is contained in:
zhenyi
2026-06-10 23:45:40 +08:00
commit 06e8ee96a5
43 changed files with 9671 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
proto/core/auth.proto
+124
View File
@@ -0,0 +1,124 @@
syntax = "proto3";
package appks.core.v1;
// ============================================================
// JWT Payload
// ============================================================
message TokenClaims {
string sub = 1; // user id (uuid)
string iss = 2; // issuer (e.g. "appks")
int64 iat = 3; // issued at (unix seconds)
int64 exp = 4; // expires at (unix seconds)
string jti = 5; // unique token id (for revocation)
string scope = 6; // space-separated scopes
map<string, string> extra = 7; // extensible fields (workspace_id, role, etc.)
}
// ============================================================
// Issue (appks REST API → core)
// ============================================================
message IssueTokenRequest {
string user_id = 1;
int64 ttl_secs = 2; // access token lifetime
repeated string scopes = 3;
map<string, string> extra = 4;
}
message IssueTokenResponse {
string access_token = 1; // JWT
string refresh_token = 2; // opaque, stored in Redis
int64 expires_at = 3;
string key_id = 4; // kid header for the signing key
}
// ============================================================
// Refresh
// ============================================================
message RefreshTokenRequest {
string refresh_token = 1;
}
message RefreshTokenResponse {
string access_token = 1;
string refresh_token = 2; // rotated
int64 expires_at = 3;
string key_id = 4;
}
// ============================================================
// Revoke
// ============================================================
message RevokeTokenRequest {
oneof target {
string jti = 1; // revoke single token
string user_id = 2; // revoke all tokens for user
}
}
message RevokeTokenResponse {
int32 revoked_count = 1;
}
// ============================================================
// Verify (imks → core, RPC 模式)
// imks 把客户端携带的 JWT 发给 core 验证
// ============================================================
message VerifyTokenRequest {
string token = 1;
}
message VerifyTokenResponse {
bool valid = 1;
TokenClaims claims = 2; // only set when valid = true
string reason = 3; // "expired", "revoked", "invalid_signature", etc.
}
// ============================================================
// Key Distribution (imks → core, 本地验证模式)
// imks 拉取公钥/解密密钥,本地验证 JWT,无需每次 RPC
// 密钥窗口 3h,imks 定期刷新
// ============================================================
message SigningKey {
string kid = 1; // key id (matches JWT header kid)
string algorithm = 2; // "HS256", "RS256", "EdDSA", ...
string key_material = 3; // 对称: base64 secret / 非对称: PEM public key
int64 issued_at = 4; // 签发时间
int64 expires_at = 5; // 过期时间 (issued_at + 3h window)
bool active = 6; // 是否为当前活跃签名密钥
}
message GetSigningKeysRequest {
// 空 = 返回所有未过期密钥
// 非空 = 只返回指定 kid 的密钥
string kid = 1;
}
message GetSigningKeysResponse {
repeated SigningKey keys = 1; // 可能同时有多个有效密钥(滚动窗口)
int64 next_rotation_at = 2; // 下次密钥轮换时间,imks 据此安排刷新
}
// ============================================================
// Service
// ============================================================
service TokenService {
// --- 令牌生命周期 (appks REST handler 调用) ---
rpc IssueToken(IssueTokenRequest) returns (IssueTokenResponse);
rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse);
rpc RevokeToken(RevokeTokenRequest) returns (RevokeTokenResponse);
// --- imks 验证 (RPC 模式) ---
rpc VerifyToken(VerifyTokenRequest) returns (VerifyTokenResponse);
// --- imks 密钥拉取 (本地验证模式) ---
// imks 启动时拉取,之后根据 next_rotation_at 定期刷新
rpc GetSigningKeys(GetSigningKeysRequest) returns (GetSigningKeysResponse);
}
proto/core/channel.proto
+208
View File
@@ -0,0 +1,208 @@
syntax = "proto3";
package appks.im.v1;
import "google/protobuf/timestamp.proto";
// Channel management service for the IM microservice.
// Provides CRUD for channels and categories, plus channel statistics.
enum ChannelType {
CHANNEL_TYPE_UNSPECIFIED = 0;
CHANNEL_TYPE_PUBLIC = 1;
CHANNEL_TYPE_PRIVATE = 2;
CHANNEL_TYPE_DIRECT = 3;
CHANNEL_TYPE_GROUP = 4;
CHANNEL_TYPE_REPO = 5;
CHANNEL_TYPE_SYSTEM = 6;
}
enum ChannelKind {
CHANNEL_KIND_UNSPECIFIED = 0;
CHANNEL_KIND_TEXT = 1;
CHANNEL_KIND_VOICE = 2;
CHANNEL_KIND_STAGE = 3;
CHANNEL_KIND_FORUM = 4;
CHANNEL_KIND_ANNOUNCEMENT = 5;
}
enum Visibility {
VISIBILITY_UNSPECIFIED = 0;
VISIBILITY_PUBLIC = 1;
VISIBILITY_PRIVATE = 2;
VISIBILITY_INTERNAL = 3;
VISIBILITY_WORKSPACE = 4;
VISIBILITY_PROTECTED = 5;
VISIBILITY_HIDDEN = 6;
VISIBILITY_SECRET = 7;
}
message Channel {
string id = 1;
string workspace_id = 2;
optional string category_id = 3;
optional string parent_channel_id = 4;
string name = 5;
optional string topic = 6;
optional string description = 7;
ChannelType channel_type = 8;
ChannelKind channel_kind = 9;
Visibility visibility = 10;
int32 position = 11;
bool nsfw = 12;
bool read_only = 13;
bool archived = 14;
optional string created_by = 15;
optional int32 rate_limit_per_user = 16;
optional google.protobuf.Timestamp archived_at = 17;
optional string last_message_id = 18;
optional google.protobuf.Timestamp last_message_at = 19;
google.protobuf.Timestamp created_at = 20;
google.protobuf.Timestamp updated_at = 21;
}
message ChannelStats {
string channel_id = 1;
int32 members_count = 2;
int32 messages_count = 3;
int32 threads_count = 4;
int32 reactions_count = 5;
int32 mentions_count = 6;
int32 files_count = 7;
optional google.protobuf.Timestamp last_activity_at = 8;
google.protobuf.Timestamp updated_at = 9;
}
message ChannelCategory {
string id = 1;
string workspace_id = 2;
string name = 3;
int32 position = 4;
bool collapsed = 5;
google.protobuf.Timestamp created_at = 6;
google.protobuf.Timestamp updated_at = 7;
}
message GetChannelRequest {
string channel_id = 1;
}
message GetChannelResponse {
Channel channel = 1;
}
message ListChannelsRequest {
string workspace_name = 1;
optional string category_id = 2;
optional ChannelType channel_type = 3;
optional ChannelKind channel_kind = 4;
int32 limit = 5;
int32 offset = 6;
}
message ListChannelsResponse {
repeated Channel channels = 1;
int32 total = 2;
}
message CreateChannelRequest {
string workspace_name = 1;
string name = 2;
optional string topic = 3;
optional string description = 4;
optional string channel_type = 5;
optional string channel_kind = 6;
optional string visibility = 7;
optional string category_id = 8;
optional string parent_channel_id = 9;
optional string created_by = 10;
optional int32 rate_limit_per_user = 11;
}
message CreateChannelResponse {
Channel channel = 1;
}
message UpdateChannelRequest {
string channel_id = 1;
optional string name = 2;
optional string topic = 3;
optional string description = 4;
optional string visibility = 5;
optional int32 position = 6;
optional bool nsfw = 7;
optional bool read_only = 8;
optional bool archived = 9;
optional string category_id = 10;
optional int32 rate_limit_per_user = 11;
}
message UpdateChannelResponse {
Channel channel = 1;
}
message DeleteChannelRequest {
string channel_id = 1;
}
message DeleteChannelResponse {}
message GetChannelStatsRequest {
string channel_id = 1;
}
message GetChannelStatsResponse {
ChannelStats stats = 1;
}
message ListCategoriesRequest {
string workspace_name = 1;
}
message ListCategoriesResponse {
repeated ChannelCategory categories = 1;
}
message CreateCategoryRequest {
string workspace_name = 1;
string name = 2;
optional int32 position = 3;
}
message CreateCategoryResponse {
ChannelCategory category = 1;
}
message UpdateCategoryRequest {
string category_id = 1;
optional string name = 2;
optional int32 position = 3;
optional bool collapsed = 4;
}
message UpdateCategoryResponse {
ChannelCategory category = 1;
}
message DeleteCategoryRequest {
string category_id = 1;
}
message DeleteCategoryResponse {}
service ChannelService {
rpc GetChannel(GetChannelRequest) returns (GetChannelResponse);
rpc ListChannels(ListChannelsRequest) returns (ListChannelsResponse);
rpc CreateChannel(CreateChannelRequest) returns (CreateChannelResponse);
rpc UpdateChannel(UpdateChannelRequest) returns (UpdateChannelResponse);
rpc DeleteChannel(DeleteChannelRequest) returns (DeleteChannelResponse);
rpc GetChannelStats(GetChannelStatsRequest) returns (GetChannelStatsResponse);
rpc ListCategories(ListCategoriesRequest) returns (ListCategoriesResponse);
rpc CreateCategory(CreateCategoryRequest) returns (CreateCategoryResponse);
rpc UpdateCategory(UpdateCategoryRequest) returns (UpdateCategoryResponse);
rpc DeleteCategory(DeleteCategoryRequest) returns (DeleteCategoryResponse);
}
proto/core/channel_settings.proto
+401
View File
@@ -0,0 +1,401 @@
syntax = "proto3";
package appks.im.v1;
import "google/protobuf/timestamp.proto";
message ChannelRole {
string id = 1;
string channel_id = 2;
string name = 3;
repeated string permissions = 4;
bool assignable = 5;
google.protobuf.Timestamp created_at = 6;
google.protobuf.Timestamp updated_at = 7;
}
message ListChannelRolesRequest { string channel_id = 1; }
message ListChannelRolesResponse { repeated ChannelRole roles = 1; }
message CreateChannelRoleRequest {
string channel_id = 1;
string name = 2;
repeated string permissions = 3;
bool assignable = 4;
}
message CreateChannelRoleResponse { ChannelRole role = 1; }
message UpdateChannelRoleRequest {
string role_id = 1;
optional string name = 2;
repeated string permissions = 3;
optional bool assignable = 4;
}
message UpdateChannelRoleResponse { ChannelRole role = 1; }
message DeleteChannelRoleRequest { string role_id = 1; }
message DeleteChannelRoleResponse {}
service ChannelRoleService {
rpc ListChannelRoles(ListChannelRolesRequest) returns (ListChannelRolesResponse);
rpc CreateChannelRole(CreateChannelRoleRequest) returns (CreateChannelRoleResponse);
rpc UpdateChannelRole(UpdateChannelRoleRequest) returns (UpdateChannelRoleResponse);
rpc DeleteChannelRole(DeleteChannelRoleRequest) returns (DeleteChannelRoleResponse);
}
message ChannelInvitation {
string id = 1;
string channel_id = 2;
string invited_by = 3;
string invited_user_id = 4;
string role = 5;
string status = 6;
google.protobuf.Timestamp created_at = 7;
google.protobuf.Timestamp updated_at = 8;
}
message ListInvitationsRequest { string channel_id = 1; }
message ListInvitationsResponse { repeated ChannelInvitation invitations = 1; }
message CreateInvitationRequest {
string channel_id = 1;
string invited_user_id = 2;
string role = 3;
}
message CreateInvitationResponse { ChannelInvitation invitation = 1; }
message AcceptInvitationRequest { string invitation_id = 1; }
message AcceptInvitationResponse { ChannelInvitation invitation = 1; }
message RevokeInvitationRequest { string invitation_id = 1; }
message RevokeInvitationResponse {}
service ChannelInvitationService {
rpc ListInvitations(ListInvitationsRequest) returns (ListInvitationsResponse);
rpc CreateInvitation(CreateInvitationRequest) returns (CreateInvitationResponse);
rpc AcceptInvitation(AcceptInvitationRequest) returns (AcceptInvitationResponse);
rpc RevokeInvitation(RevokeInvitationRequest) returns (RevokeInvitationResponse);
}
message ChannelWebhook {
string id = 1;
string channel_id = 2;
string name = 3;
string url = 4;
string secret = 5;
repeated string events = 6;
bool active = 7;
google.protobuf.Timestamp created_at = 8;
google.protobuf.Timestamp updated_at = 9;
}
message ListWebhooksRequest { string channel_id = 1; }
message ListWebhooksResponse { repeated ChannelWebhook webhooks = 1; }
message CreateWebhookRequest {
string channel_id = 1;
string name = 2;
string url = 3;
optional string secret = 4;
repeated string events = 5;
}
message CreateWebhookResponse { ChannelWebhook webhook = 1; }
message UpdateWebhookRequest {
string webhook_id = 1;
optional string name = 2;
optional string url = 3;
optional string secret = 4;
repeated string events = 5;
optional bool active = 6;
}
message UpdateWebhookResponse { ChannelWebhook webhook = 1; }
message DeleteWebhookRequest { string webhook_id = 1; }
message DeleteWebhookResponse {}
service ChannelWebhookService {
rpc ListWebhooks(ListWebhooksRequest) returns (ListWebhooksResponse);
rpc CreateWebhook(CreateWebhookRequest) returns (CreateWebhookResponse);
rpc UpdateWebhook(UpdateWebhookRequest) returns (UpdateWebhookResponse);
rpc DeleteWebhook(DeleteWebhookRequest) returns (DeleteWebhookResponse);
}
message ChannelSlashCommand {
string id = 1;
string channel_id = 2;
string command = 3;
string description = 4;
string request_url = 5;
repeated string scopes = 6;
google.protobuf.Timestamp created_at = 7;
google.protobuf.Timestamp updated_at = 8;
}
message ListSlashCommandsRequest { string channel_id = 1; }
message ListSlashCommandsResponse { repeated ChannelSlashCommand commands = 1; }
message CreateSlashCommandRequest {
string channel_id = 1;
string command = 2;
string description = 3;
string request_url = 4;
repeated string scopes = 5;
}
message CreateSlashCommandResponse { ChannelSlashCommand command = 1; }
message UpdateSlashCommandRequest {
string command_id = 1;
optional string description = 2;
optional string request_url = 3;
repeated string scopes = 4;
}
message UpdateSlashCommandResponse { ChannelSlashCommand command = 1; }
message DeleteSlashCommandRequest { string command_id = 1; }
message DeleteSlashCommandResponse {}
service ChannelSlashCommandService {
rpc ListSlashCommands(ListSlashCommandsRequest) returns (ListSlashCommandsResponse);
rpc CreateSlashCommand(CreateSlashCommandRequest) returns (CreateSlashCommandResponse);
rpc UpdateSlashCommand(UpdateSlashCommandRequest) returns (UpdateSlashCommandResponse);
rpc DeleteSlashCommand(DeleteSlashCommandRequest) returns (DeleteSlashCommandResponse);
}
message ChannelRepoLink {
string id = 1;
string channel_id = 2;
string repo_id = 3;
string link_type = 4;
repeated string events = 5;
google.protobuf.Timestamp created_at = 6;
google.protobuf.Timestamp updated_at = 7;
}
message ListRepoLinksRequest { string channel_id = 1; }
message ListRepoLinksResponse { repeated ChannelRepoLink links = 1; }
message CreateRepoLinkRequest {
string channel_id = 1;
string repo_id = 2;
string link_type = 3;
repeated string events = 4;
}
message CreateRepoLinkResponse { ChannelRepoLink link = 1; }
message DeleteRepoLinkRequest { string link_id = 1; }
message DeleteRepoLinkResponse {}
service ChannelRepoLinkService {
rpc ListRepoLinks(ListRepoLinksRequest) returns (ListRepoLinksResponse);
rpc CreateRepoLink(CreateRepoLinkRequest) returns (CreateRepoLinkResponse);
rpc DeleteRepoLink(DeleteRepoLinkRequest) returns (DeleteRepoLinkResponse);
}
message ImIntegration {
string id = 1;
string channel_id = 2;
string provider = 3;
string external_channel_id = 4;
string sync_direction = 5;
bool active = 6;
google.protobuf.Timestamp created_at = 7;
google.protobuf.Timestamp updated_at = 8;
}
message ListIntegrationsRequest { string channel_id = 1; }
message ListIntegrationsResponse { repeated ImIntegration integrations = 1; }
message CreateIntegrationRequest {
string channel_id = 1;
string provider = 2;
string external_channel_id = 3;
string sync_direction = 4;
}
message CreateIntegrationResponse { ImIntegration integration = 1; }
message UpdateIntegrationRequest {
string integration_id = 1;
optional string sync_direction = 2;
optional bool active = 3;
}
message UpdateIntegrationResponse { ImIntegration integration = 1; }
message DeleteIntegrationRequest { string integration_id = 1; }
message DeleteIntegrationResponse {}
service ImIntegrationService {
rpc ListIntegrations(ListIntegrationsRequest) returns (ListIntegrationsResponse);
rpc CreateIntegration(CreateIntegrationRequest) returns (CreateIntegrationResponse);
rpc UpdateIntegration(UpdateIntegrationRequest) returns (UpdateIntegrationResponse);
rpc DeleteIntegration(DeleteIntegrationRequest) returns (DeleteIntegrationResponse);
}
message CustomEmoji {
string id = 1;
string workspace_id = 2;
string name = 3;
string image_url = 4;
google.protobuf.Timestamp created_at = 5;
}
message ListCustomEmojisRequest { string workspace_id = 1; }
message ListCustomEmojisResponse { repeated CustomEmoji emojis = 1; }
message CreateCustomEmojiRequest {
string workspace_id = 1;
string name = 2;
string image_url = 3;
}
message CreateCustomEmojiResponse { CustomEmoji emoji = 1; }
message DeleteCustomEmojiRequest { string emoji_id = 1; }
message DeleteCustomEmojiResponse {}
service CustomEmojiService {
rpc ListCustomEmojis(ListCustomEmojisRequest) returns (ListCustomEmojisResponse);
rpc CreateCustomEmoji(CreateCustomEmojiRequest) returns (CreateCustomEmojiResponse);
rpc DeleteCustomEmoji(DeleteCustomEmojiRequest) returns (DeleteCustomEmojiResponse);
}
message ForumTag {
string id = 1;
string channel_id = 2;
string name = 3;
bool moderated = 4;
int32 position = 5;
google.protobuf.Timestamp created_at = 6;
google.protobuf.Timestamp updated_at = 7;
}
message ListForumTagsRequest { string channel_id = 1; }
message ListForumTagsResponse { repeated ForumTag tags = 1; }
message CreateForumTagRequest {
string channel_id = 1;
string name = 2;
bool moderated = 3;
optional int32 position = 4;
}
message CreateForumTagResponse { ForumTag tag = 1; }
message UpdateForumTagRequest {
string tag_id = 1;
optional string name = 2;
optional bool moderated = 3;
optional int32 position = 4;
}
message UpdateForumTagResponse { ForumTag tag = 1; }
message DeleteForumTagRequest { string tag_id = 1; }
message DeleteForumTagResponse {}
service ForumTagService {
rpc ListForumTags(ListForumTagsRequest) returns (ListForumTagsResponse);
rpc CreateForumTag(CreateForumTagRequest) returns (CreateForumTagResponse);
rpc UpdateForumTag(UpdateForumTagRequest) returns (UpdateForumTagResponse);
rpc DeleteForumTag(DeleteForumTagRequest) returns (DeleteForumTagResponse);
}
message VoiceParticipant {
string id = 1;
string channel_id = 2;
string user_id = 3;
bool muted = 4;
bool deafened = 5;
google.protobuf.Timestamp joined_at = 6;
}
message ListVoiceParticipantsRequest { string channel_id = 1; }
message ListVoiceParticipantsResponse { repeated VoiceParticipant participants = 1; }
message UpdateVoiceStateRequest {
string channel_id = 1;
string user_id = 2;
optional bool muted = 3;
optional bool deafened = 4;
}
message UpdateVoiceStateResponse { VoiceParticipant participant = 1; }
service VoiceService {
rpc ListVoiceParticipants(ListVoiceParticipantsRequest) returns (ListVoiceParticipantsResponse);
rpc UpdateVoiceState(UpdateVoiceStateRequest) returns (UpdateVoiceStateResponse);
}
message Stage {
string id = 1;
string channel_id = 2;
string topic = 3;
string privacy_level = 4;
bool discoverable = 5;
google.protobuf.Timestamp started_at = 6;
google.protobuf.Timestamp ended_at = 7;
google.protobuf.Timestamp created_at = 8;
google.protobuf.Timestamp updated_at = 9;
}
message GetStageRequest { string channel_id = 1; }
message GetStageResponse { Stage stage = 1; }
message CreateStageRequest {
string channel_id = 1;
string topic = 2;
string privacy_level = 3;
bool discoverable = 4;
}
message CreateStageResponse { Stage stage = 1; }
message UpdateStageRequest {
string stage_id = 1;
optional string topic = 2;
optional string privacy_level = 3;
optional bool discoverable = 4;
}
message UpdateStageResponse { Stage stage = 1; }
message DeleteStageRequest { string stage_id = 1; }
message DeleteStageResponse {}
service StageService {
rpc GetStage(GetStageRequest) returns (GetStageResponse);
rpc CreateStage(CreateStageRequest) returns (CreateStageResponse);
rpc UpdateStage(UpdateStageRequest) returns (UpdateStageResponse);
rpc DeleteStage(DeleteStageRequest) returns (DeleteStageResponse);
}
message ChannelAuditEvent {
string id = 1;
string channel_id = 2;
string actor_id = 3;
string event_type = 4;
string target_type = 5;
string target_id = 6;
optional string old_value = 7;
optional string new_value = 8;
google.protobuf.Timestamp created_at = 9;
}
message ListChannelEventsRequest {
string channel_id = 1;
int32 limit = 2;
int32 offset = 3;
}
message ListChannelEventsResponse {
repeated ChannelAuditEvent events = 1;
int32 total = 2;
}
service ChannelAuditService {
rpc ListChannelEvents(ListChannelEventsRequest) returns (ListChannelEventsResponse);
}
proto/core/member.proto
+126
View File
@@ -0,0 +1,126 @@
syntax = "proto3";
package appks.im.v1;
import "google/protobuf/timestamp.proto";
// Member management service for the IM microservice.
// Provides CRUD for channel members, join/leave, and membership checks.
enum Role {
ROLE_UNSPECIFIED = 0;
ROLE_OWNER = 1;
ROLE_ADMIN = 2;
ROLE_MAINTAINER = 3;
ROLE_MODERATOR = 4;
ROLE_MEMBER = 5;
ROLE_CONTRIBUTOR = 6;
ROLE_VIEWER = 7;
ROLE_GUEST = 8;
ROLE_BOT = 9;
}
enum MemberStatus {
MEMBER_STATUS_UNSPECIFIED = 0;
MEMBER_STATUS_ACTIVE = 1;
MEMBER_STATUS_INVITED = 2;
MEMBER_STATUS_LEFT = 3;
MEMBER_STATUS_KICKED = 4;
MEMBER_STATUS_BANNED = 5;
}
message ChannelMember {
string id = 1;
string channel_id = 2;
string user_id = 3;
string role = 4;
string status = 5;
bool muted = 6;
bool pinned = 7;
optional string last_read_message_id = 8;
optional google.protobuf.Timestamp last_read_at = 9;
optional google.protobuf.Timestamp joined_at = 10;
optional google.protobuf.Timestamp left_at = 11;
google.protobuf.Timestamp created_at = 12;
google.protobuf.Timestamp updated_at = 13;
}
message ListMembersRequest {
string channel_id = 1;
optional string status = 2;
int32 limit = 3;
int32 offset = 4;
}
message ListMembersResponse {
repeated ChannelMember members = 1;
int32 total = 2;
}
message InviteMemberRequest {
string channel_id = 1;
string user_id = 2;
optional string role = 3;
}
message InviteMemberResponse {
ChannelMember member = 1;
}
message UpdateMemberRequest {
string channel_id = 1;
string user_id = 2;
optional string role = 3;
optional bool muted = 4;
optional bool pinned = 5;
}
message UpdateMemberResponse {
ChannelMember member = 1;
}
message KickMemberRequest {
string channel_id = 1;
string user_id = 2;
}
message KickMemberResponse {}
message JoinChannelRequest {
string channel_id = 1;
string user_id = 2;
}
message JoinChannelResponse {
ChannelMember member = 1;
}
message LeaveChannelRequest {
string channel_id = 1;
string user_id = 2;
}
message LeaveChannelResponse {}
message IsMemberRequest {
string channel_id = 1;
string user_id = 2;
}
message IsMemberResponse {
bool is_member = 1;
string role = 2;
}
service MemberService {
rpc ListMembers(ListMembersRequest) returns (ListMembersResponse);
rpc InviteMember(InviteMemberRequest) returns (InviteMemberResponse);
rpc UpdateMember(UpdateMemberRequest) returns (UpdateMemberResponse);
rpc KickMember(KickMemberRequest) returns (KickMemberResponse);
rpc JoinChannel(JoinChannelRequest) returns (JoinChannelResponse);
rpc LeaveChannel(LeaveChannelRequest) returns (LeaveChannelResponse);
rpc IsMember(IsMemberRequest) returns (IsMemberResponse);
}
proto/core/permission.proto
+125
View File
@@ -0,0 +1,125 @@
syntax = "proto3";
package appks.im.v1;
// IM-specific permissions for channel operations.
// Separate from the general Permission enum used for repo/workspace access.
enum ImPermission {
IM_PERMISSION_UNSPECIFIED = 0;
IM_PERMISSION_READ_CHANNEL = 1;
IM_PERMISSION_SEND_MESSAGE = 2;
IM_PERMISSION_MANAGE_THREADS = 3;
IM_PERMISSION_MANAGE_REACTIONS = 4;
IM_PERMISSION_MANAGE_PINS = 5;
IM_PERMISSION_INVITE_MEMBERS = 6;
IM_PERMISSION_KICK_MEMBERS = 7;
IM_PERMISSION_MANAGE_CHANNEL = 8;
IM_PERMISSION_MANAGE_ROLES = 9;
IM_PERMISSION_MANAGE_WEBHOOKS = 10;
IM_PERMISSION_MANAGE_EMOJIS = 11;
IM_PERMISSION_VIEW_AUDIT_LOG = 12;
IM_PERMISSION_MANAGE_INTEGRATIONS = 13;
IM_PERMISSION_SEND_TTS = 14;
IM_PERMISSION_USE_SLASH_COMMANDS = 15;
IM_PERMISSION_ATTACH_FILES = 16;
IM_PERMISSION_MENTION_EVERYONE = 17;
IM_PERMISSION_MANAGE_MESSAGES = 18;
IM_PERMISSION_ADMIN = 19;
}
message PermissionOverwrite {
string id = 1;
string channel_id = 2;
string target_type = 3;
string target_id = 4;
repeated ImPermission allow = 5;
repeated ImPermission deny = 6;
string created_at = 7;
string updated_at = 8;
}
message CheckPermissionRequest {
string channel_id = 1;
string user_id = 2;
ImPermission permission = 3;
}
message CheckPermissionResponse {
bool allowed = 1;
string role = 2;
}
message GetPermissionsRequest {
string channel_id = 1;
string user_id = 2;
}
message GetPermissionsResponse {
repeated ImPermission permissions = 1;
string role = 2;
}
message SetPermissionOverwriteRequest {
string channel_id = 1;
string target_type = 2;
string target_id = 3;
repeated ImPermission allow = 4;
repeated ImPermission deny = 5;
}
message SetPermissionOverwriteResponse {
PermissionOverwrite overwrite = 1;
}
message GetPermissionOverwritesRequest {
string channel_id = 1;
}
message GetPermissionOverwritesResponse {
repeated PermissionOverwrite overwrites = 1;
}
message DeletePermissionOverwriteRequest {
string channel_id = 1;
string target_type = 2;
string target_id = 3;
}
message DeletePermissionOverwriteResponse {}
message ResolveChannelRequest {
string channel_id = 1;
}
message ResolveChannelResponse {
string channel_id = 1;
string workspace_id = 2;
string name = 3;
string visibility = 4;
string channel_type = 5;
bool read_only = 6;
bool archived = 7;
optional string created_by = 8;
}
message EnsureReadableRequest {
string channel_id = 1;
string user_id = 2;
}
message EnsureReadableResponse {
bool allowed = 1;
}
service PermissionService {
rpc CheckPermission(CheckPermissionRequest) returns (CheckPermissionResponse);
rpc GetPermissions(GetPermissionsRequest) returns (GetPermissionsResponse);
rpc SetPermissionOverwrite(SetPermissionOverwriteRequest) returns (SetPermissionOverwriteResponse);
rpc GetPermissionOverwrites(GetPermissionOverwritesRequest) returns (GetPermissionOverwritesResponse);
rpc DeletePermissionOverwrite(DeletePermissionOverwriteRequest) returns (DeletePermissionOverwriteResponse);
rpc ResolveChannel(ResolveChannelRequest) returns (ResolveChannelResponse);
rpc EnsureReadable(EnsureReadableRequest) returns (EnsureReadableResponse);
}