feat(auth): add authentication protocol definitions and build configuration
- Add TokenClaims message for JWT payload structure with user id, issuer, timestamps, and scopes - Implement IssueTokenRequest/Response for creating access and refresh tokens with TTL support - Create RefreshTokenRequest/Response for token rotation functionality - Define RevokeTokenRequest/Response with support for single token or user-wide revocation - Add VerifyTokenRequest/Response for validating JWT tokens with detailed claims information - Implement signing key distribution system with GetSigningKeysRequest/Response - Create TokenService gRPC service with IssueToken, RefreshToken, RevokeToken, VerifyToken, and GetSigningKeys methods - Add build.rs configuration to compile proto files using tonic_prost_build - Include channel, channel_settings, member, and permission protocol definitions for IM services - Generate Rust code bindings through pb/core.rs and pb/im.rs modules
This commit is contained in:
zhenyi
@@ -0,0 +1,125 @@
|
||||
syntax = "proto3";
|
||||
|
||||
package appks.im.v1;
|
||||
|
||||
// IM-specific permissions for channel operations.
|
||||
// Separate from the general Permission enum used for repo/workspace access.
|
||||
enum ImPermission {
|
||||
IM_PERMISSION_UNSPECIFIED = 0;
|
||||
IM_PERMISSION_READ_CHANNEL = 1;
|
||||
IM_PERMISSION_SEND_MESSAGE = 2;
|
||||
IM_PERMISSION_MANAGE_THREADS = 3;
|
||||
IM_PERMISSION_MANAGE_REACTIONS = 4;
|
||||
IM_PERMISSION_MANAGE_PINS = 5;
|
||||
IM_PERMISSION_INVITE_MEMBERS = 6;
|
||||
IM_PERMISSION_KICK_MEMBERS = 7;
|
||||
IM_PERMISSION_MANAGE_CHANNEL = 8;
|
||||
IM_PERMISSION_MANAGE_ROLES = 9;
|
||||
IM_PERMISSION_MANAGE_WEBHOOKS = 10;
|
||||
IM_PERMISSION_MANAGE_EMOJIS = 11;
|
||||
IM_PERMISSION_VIEW_AUDIT_LOG = 12;
|
||||
IM_PERMISSION_MANAGE_INTEGRATIONS = 13;
|
||||
IM_PERMISSION_SEND_TTS = 14;
|
||||
IM_PERMISSION_USE_SLASH_COMMANDS = 15;
|
||||
IM_PERMISSION_ATTACH_FILES = 16;
|
||||
IM_PERMISSION_MENTION_EVERYONE = 17;
|
||||
IM_PERMISSION_MANAGE_MESSAGES = 18;
|
||||
IM_PERMISSION_ADMIN = 19;
|
||||
}
|
||||
|
||||
|
||||
message PermissionOverwrite {
|
||||
string id = 1;
|
||||
string channel_id = 2;
|
||||
string target_type = 3;
|
||||
string target_id = 4;
|
||||
repeated ImPermission allow = 5;
|
||||
repeated ImPermission deny = 6;
|
||||
string created_at = 7;
|
||||
string updated_at = 8;
|
||||
}
|
||||
|
||||
|
||||
message CheckPermissionRequest {
|
||||
string channel_id = 1;
|
||||
string user_id = 2;
|
||||
ImPermission permission = 3;
|
||||
}
|
||||
|
||||
message CheckPermissionResponse {
|
||||
bool allowed = 1;
|
||||
string role = 2;
|
||||
}
|
||||
|
||||
message GetPermissionsRequest {
|
||||
string channel_id = 1;
|
||||
string user_id = 2;
|
||||
}
|
||||
|
||||
message GetPermissionsResponse {
|
||||
repeated ImPermission permissions = 1;
|
||||
string role = 2;
|
||||
}
|
||||
|
||||
message SetPermissionOverwriteRequest {
|
||||
string channel_id = 1;
|
||||
string target_type = 2;
|
||||
string target_id = 3;
|
||||
repeated ImPermission allow = 4;
|
||||
repeated ImPermission deny = 5;
|
||||
}
|
||||
|
||||
message SetPermissionOverwriteResponse {
|
||||
PermissionOverwrite overwrite = 1;
|
||||
}
|
||||
|
||||
message GetPermissionOverwritesRequest {
|
||||
string channel_id = 1;
|
||||
}
|
||||
|
||||
message GetPermissionOverwritesResponse {
|
||||
repeated PermissionOverwrite overwrites = 1;
|
||||
}
|
||||
|
||||
message DeletePermissionOverwriteRequest {
|
||||
string channel_id = 1;
|
||||
string target_type = 2;
|
||||
string target_id = 3;
|
||||
}
|
||||
|
||||
message DeletePermissionOverwriteResponse {}
|
||||
|
||||
message ResolveChannelRequest {
|
||||
string channel_id = 1;
|
||||
}
|
||||
|
||||
message ResolveChannelResponse {
|
||||
string channel_id = 1;
|
||||
string workspace_id = 2;
|
||||
string name = 3;
|
||||
string visibility = 4;
|
||||
string channel_type = 5;
|
||||
bool read_only = 6;
|
||||
bool archived = 7;
|
||||
optional string created_by = 8;
|
||||
}
|
||||
|
||||
message EnsureReadableRequest {
|
||||
string channel_id = 1;
|
||||
string user_id = 2;
|
||||
}
|
||||
|
||||
message EnsureReadableResponse {
|
||||
bool allowed = 1;
|
||||
}
|
||||
|
||||
|
||||
service PermissionService {
|
||||
rpc CheckPermission(CheckPermissionRequest) returns (CheckPermissionResponse);
|
||||
rpc GetPermissions(GetPermissionsRequest) returns (GetPermissionsResponse);
|
||||
rpc SetPermissionOverwrite(SetPermissionOverwriteRequest) returns (SetPermissionOverwriteResponse);
|
||||
rpc GetPermissionOverwrites(GetPermissionOverwritesRequest) returns (GetPermissionOverwritesResponse);
|
||||
rpc DeletePermissionOverwrite(DeletePermissionOverwriteRequest) returns (DeletePermissionOverwriteResponse);
|
||||
rpc ResolveChannel(ResolveChannelRequest) returns (ResolveChannelResponse);
|
||||
rpc EnsureReadable(EnsureReadableRequest) returns (EnsureReadableResponse);
|
||||
}
|
||||
Reference in New Issue
Block a user