feat(auth): add authentication protocol definitions and build configuration

- Add TokenClaims message for JWT payload structure with user id, issuer, timestamps, and scopes
- Implement IssueTokenRequest/Response for creating access and refresh tokens with TTL support
- Create RefreshTokenRequest/Response for token rotation functionality
- Define RevokeTokenRequest/Response with support for single token or user-wide revocation
- Add VerifyTokenRequest/Response for validating JWT tokens with detailed claims information
- Implement signing key distribution system with GetSigningKeysRequest/Response
- Create TokenService gRPC service with IssueToken, RefreshToken, RevokeToken, VerifyToken, and GetSigningKeys methods
- Add build.rs configuration to compile proto files using tonic_prost_build
- Include channel, channel_settings, member, and permission protocol definitions for IM services
- Generate Rust code bindings through pb/core.rs and pb/im.rs modules

socket/session_store/memory.rs

@@ -0,0 +1,88 @@
+use std::sync::Arc;
+use std::time::{SystemTime, UNIX_EPOCH};
+
+use async_trait::async_trait;
+use dashmap::DashMap;
+
+use crate::socket::session_store::{SessionError, SessionInfo, SessionStoreTrait};
+
+pub struct InMemorySessionStore {
+    sessions: Arc<DashMap<String, SessionInfo>>,
+}
+
+impl InMemorySessionStore {
+    pub fn new() -> Self {
+        Self {
+            sessions: Arc::new(DashMap::new()),
+        }
+    }
+}
+
+impl Default for InMemorySessionStore {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+fn now_millis() -> u64 {
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap_or_default()
+        .as_millis() as u64
+}
+
+#[async_trait]
+impl SessionStoreTrait for InMemorySessionStore {
+    async fn create(&self, sid: &str, transport: &str, server_id: &str) -> Result<(), SessionError> {
+        let info = SessionInfo {
+            sid: sid.to_string(),
+            transport: transport.to_string(),
+            state: "connecting".to_string(),
+            server_id: server_id.to_string(),
+            created_at: now_millis(),
+            last_ping: now_millis(),
+        };
+        self.sessions.insert(sid.to_string(), info);
+        Ok(())
+    }
+
+    async fn get(&self, sid: &str) -> Result<Option<SessionInfo>, SessionError> {
+        Ok(self.sessions.get(sid).map(|r| r.value().clone()))
+    }
+
+    async fn set_state(&self, sid: &str, state: &str) -> Result<(), SessionError> {
+        if let Some(mut entry) = self.sessions.get_mut(sid) {
+            entry.value_mut().state = state.to_string();
+            Ok(())
+        } else {
+            Err(SessionError::NotFound(sid.to_string()))
+        }
+    }
+
+    async fn set_transport(&self, sid: &str, transport: &str) -> Result<(), SessionError> {
+        if let Some(mut entry) = self.sessions.get_mut(sid) {
+            entry.value_mut().transport = transport.to_string();
+            Ok(())
+        } else {
+            Err(SessionError::NotFound(sid.to_string()))
+        }
+    }
+
+    async fn update_ping(&self, sid: &str) -> Result<(), SessionError> {
+        if let Some(mut entry) = self.sessions.get_mut(sid) {
+            entry.value_mut().last_ping = now_millis();
+            Ok(())
+        } else {
+            Err(SessionError::NotFound(sid.to_string()))
+        }
+    }
+
+    async fn remove(&self, sid: &str) -> Result<(), SessionError> {
+        self.sessions.remove(sid);
+        Ok(())
+    }
+
+    async fn exists(&self, sid: &str) -> Result<bool, SessionError> {
+        Ok(self.sessions.contains_key(sid))
+    }
+}

socket/session_store/mod.rs

@@ -0,0 +1,41 @@
+pub mod memory;
+pub mod redis;
+
+use async_trait::async_trait;
+use thiserror::Error;
+
+#[derive(Error, Debug)]
+pub enum SessionError {
+    #[error("Redis error: {0}")]
+    Redis(String),
+    #[error("Session not found: {0}")]
+    NotFound(String),
+    #[error("Serialization error: {0}")]
+    Serialization(String),
+    #[error("Session expired: {0}")]
+    Expired(String),
+}
+
+#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
+pub struct SessionInfo {
+    pub sid: String,
+    pub transport: String,
+    pub state: String,
+    pub server_id: String,
+    pub created_at: u64,
+    pub last_ping: u64,
+}
+
+#[async_trait]
+pub trait SessionStoreTrait: Send + Sync + 'static {
+    async fn create(&self, sid: &str, transport: &str, server_id: &str) -> Result<(), SessionError>;
+    async fn get(&self, sid: &str) -> Result<Option<SessionInfo>, SessionError>;
+    async fn set_state(&self, sid: &str, state: &str) -> Result<(), SessionError>;
+    async fn set_transport(&self, sid: &str, transport: &str) -> Result<(), SessionError>;
+    async fn update_ping(&self, sid: &str) -> Result<(), SessionError>;
+    async fn remove(&self, sid: &str) -> Result<(), SessionError>;
+    async fn exists(&self, sid: &str) -> Result<bool, SessionError>;
+}
+
+pub use memory::InMemorySessionStore;
+pub use redis::RedisSessionStore;

socket/session_store/redis.rs

@@ -0,0 +1,164 @@
+use std::time::{SystemTime, UNIX_EPOCH};
+
+use async_trait::async_trait;
+use fred::prelude::*;
+
+use crate::socket::message_bus::redis::RedisMessageBus;
+use crate::socket::session_store::{SessionError, SessionInfo, SessionStoreTrait};
+
+fn now_millis() -> u64 {
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap_or_default()
+        .as_millis() as u64
+}
+
+const DEFAULT_TTL_SECS: u64 = 60;
+const KEY_PREFIX: &str = "socket.io:session";
+
+pub struct RedisSessionStore {
+    client: Client,
+    ttl_secs: u64,
+}
+
+impl RedisSessionStore {
+    pub fn new(bus: &RedisMessageBus, ttl_secs: Option<u64>) -> Self {
+        Self {
+            client: bus.client().clone(),
+            ttl_secs: ttl_secs.unwrap_or(DEFAULT_TTL_SECS),
+        }
+    }
+
+    fn key(&self, sid: &str) -> String {
+        format!("{}:{}", KEY_PREFIX, sid)
+    }
+}
+
+#[async_trait]
+impl SessionStoreTrait for RedisSessionStore {
+    async fn create(&self, sid: &str, transport: &str, server_id: &str) -> Result<(), SessionError> {
+        let key = self.key(sid);
+        let now = now_millis();
+
+        // Batch all fields in a single HSET call for efficiency
+        let fields: Vec<(&str, String)> = vec![
+            ("sid", sid.to_string()),
+            ("transport", transport.to_string()),
+            ("state", "connecting".to_string()),
+            ("server_id", server_id.to_string()),
+            ("created_at", now.to_string()),
+            ("last_ping", now.to_string()),
+        ];
+        self.client
+            .hset::<(), _, _>(&key, fields)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        self.client
+            .expire::<(), _>(&key, self.ttl_secs as i64, None)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(())
+    }
+
+    async fn get(&self, sid: &str) -> Result<Option<SessionInfo>, SessionError> {
+        let key = self.key(sid);
+
+        // Use hgetall directly — if the key doesn't exist Redis returns an empty map.
+        // This avoids the TOCTOU race between EXISTS and HGETALL.
+        let values: std::collections::HashMap<String, String> = self.client
+            .hgetall::<std::collections::HashMap<String, String>, _>(&key)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        if values.is_empty() {
+            return Ok(None);
+        }
+
+        let info = SessionInfo {
+            sid: values.get("sid").cloned().unwrap_or_default(),
+            transport: values.get("transport").cloned().unwrap_or_default(),
+            state: values.get("state").cloned().unwrap_or_default(),
+            server_id: values.get("server_id").cloned().unwrap_or_default(),
+            created_at: values.get("created_at").and_then(|v| v.parse::<u64>().ok()).unwrap_or(0),
+            last_ping: values.get("last_ping").and_then(|v| v.parse::<u64>().ok()).unwrap_or(0),
+        };
+
+        Ok(Some(info))
+    }
+
+    async fn set_state(&self, sid: &str, state: &str) -> Result<(), SessionError> {
+        let key = self.key(sid);
+
+        // Use HSET (not HSETNX) to overwrite existing fields
+        self.client
+            .hset::<(), _, _>(&key, ("state", state))
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        self.client
+            .expire::<(), _>(&key, self.ttl_secs as i64, None)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(())
+    }
+
+    async fn set_transport(&self, sid: &str, transport: &str) -> Result<(), SessionError> {
+        let key = self.key(sid);
+
+        // Use HSET (not HSETNX) to overwrite existing fields
+        self.client
+            .hset::<(), _, _>(&key, ("transport", transport))
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        self.client
+            .expire::<(), _>(&key, self.ttl_secs as i64, None)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(())
+    }
+
+    async fn update_ping(&self, sid: &str) -> Result<(), SessionError> {
+        let key = self.key(sid);
+        let now = now_millis();
+
+        // Use HSET (not HSETNX) to overwrite existing fields
+        self.client
+            .hset::<(), _, _>(&key, ("last_ping", now.to_string()))
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        self.client
+            .expire::<(), _>(&key, self.ttl_secs as i64, None)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(())
+    }
+
+    async fn remove(&self, sid: &str) -> Result<(), SessionError> {
+        let key = self.key(sid);
+
+        self.client
+            .del::<(), _>(&key)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(())
+    }
+
+    async fn exists(&self, sid: &str) -> Result<bool, SessionError> {
+        let key = self.key(sid);
+
+        let exists: bool = self.client
+            .exists::<bool, _>(&key)
+            .await
+            .map_err(|e| SessionError::Redis(e.to_string()))?;
+
+        Ok(exists)
+    }
+}