forage/client
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b439762877da133f6b773d1c89d25decb5b4d326
client/interface/proto/forest/v1/users.proto
kjuulh b439762877 feat: add basic website 
Signed-off-by: kjuulh <contact@kjuulh.io>
2026-03-07 19:46:19 +01:00

318 lines
8.1 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
package forest.v1;
import "google/protobuf/timestamp.proto";
// UsersService handles user management, authentication, and profile operations.
service UsersService {
// Authentication
rpc Register(RegisterRequest) returns (RegisterResponse);
rpc Login(LoginRequest) returns (LoginResponse);
rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse);
rpc Logout(LogoutRequest) returns (LogoutResponse);
// User CRUD
rpc GetUser(GetUserRequest) returns (GetUserResponse);
rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse);
rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse);
rpc ListUsers(ListUsersRequest) returns (ListUsersResponse);
// Password management
rpc ChangePassword(ChangePasswordRequest) returns (ChangePasswordResponse);
// Email management
rpc AddEmail(AddEmailRequest) returns (AddEmailResponse);
rpc VerifyEmail(VerifyEmailRequest) returns (VerifyEmailResponse);
rpc RemoveEmail(RemoveEmailRequest) returns (RemoveEmailResponse);
// Social / OAuth login
rpc OAuthLogin(OAuthLoginRequest) returns (OAuthLoginResponse);
rpc LinkOAuthProvider(LinkOAuthProviderRequest) returns (LinkOAuthProviderResponse);
rpc UnlinkOAuthProvider(UnlinkOAuthProviderRequest) returns (UnlinkOAuthProviderResponse);
// Personal access tokens
rpc CreatePersonalAccessToken(CreatePersonalAccessTokenRequest) returns (CreatePersonalAccessTokenResponse);
rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse);
rpc DeletePersonalAccessToken(DeletePersonalAccessTokenRequest) returns (DeletePersonalAccessTokenResponse);
// Token introspection (requires valid access token)
rpc TokenInfo(TokenInfoRequest) returns (TokenInfoResponse);
// MFA
rpc SetupMfa(SetupMfaRequest) returns (SetupMfaResponse);
rpc VerifyMfa(VerifyMfaRequest) returns (VerifyMfaResponse);
rpc DisableMfa(DisableMfaRequest) returns (DisableMfaResponse);
}
// ─── Core types ──────────────────────────────────────────────────────
message User {
string user_id = 1; // UUID
string username = 2;
repeated UserEmail emails = 3;
repeated OAuthConnection oauth_connections = 4;
bool mfa_enabled = 5;
google.protobuf.Timestamp created_at = 6;
google.protobuf.Timestamp updated_at = 7;
}
message UserEmail {
string email = 1;
bool verified = 2;
}
enum OAuthProvider {
OAUTH_PROVIDER_UNSPECIFIED = 0;
OAUTH_PROVIDER_GITHUB = 1;
OAUTH_PROVIDER_GOOGLE = 2;
OAUTH_PROVIDER_GITLAB = 3;
OAUTH_PROVIDER_MICROSOFT = 4;
}
message OAuthConnection {
OAuthProvider provider = 1;
string provider_user_id = 2;
string provider_email = 3;
google.protobuf.Timestamp linked_at = 4;
}
// ─── Authentication ──────────────────────────────────────────────────
message RegisterRequest {
string username = 1;
string email = 2;
string password = 3;
}
message RegisterResponse {
User user = 1;
AuthTokens tokens = 2;
}
message LoginRequest {
// Login with either username or email
oneof identifier {
string username = 1;
string email = 2;
}
string password = 3;
}
message LoginResponse {
User user = 1;
AuthTokens tokens = 2;
}
message RefreshTokenRequest {
string refresh_token = 1;
}
message RefreshTokenResponse {
AuthTokens tokens = 1;
}
message LogoutRequest {
string refresh_token = 1;
}
message LogoutResponse {}
message AuthTokens {
string access_token = 1;
string refresh_token = 2;
int64 expires_in_seconds = 3;
}
// ─── Token introspection ─────────────────────────────────────────────
message TokenInfoRequest {}
message TokenInfoResponse {
string user_id = 1;
int64 expires_at = 2; // Unix timestamp (seconds)
}
// ─── User CRUD ───────────────────────────────────────────────────────
message GetUserRequest {
oneof identifier {
string user_id = 1;
string username = 2;
string email = 3;
}
}
message GetUserResponse {
User user = 1;
}
message UpdateUserRequest {
string user_id = 1;
optional string username = 2;
}
message UpdateUserResponse {
User user = 1;
}
message DeleteUserRequest {
string user_id = 1;
}
message DeleteUserResponse {}
message ListUsersRequest {
int32 page_size = 1;
string page_token = 2;
optional string search = 3; // search across username, email
}
message ListUsersResponse {
repeated User users = 1;
string next_page_token = 2;
int32 total_count = 3;
}
// ─── Password management ─────────────────────────────────────────────
message ChangePasswordRequest {
string user_id = 1;
string current_password = 2;
string new_password = 3;
}
message ChangePasswordResponse {}
// ─── Email management ────────────────────────────────────────────────
message AddEmailRequest {
string user_id = 1;
string email = 2;
}
message AddEmailResponse {
UserEmail email = 1;
}
message VerifyEmailRequest {
string user_id = 1;
string email = 2;
}
message VerifyEmailResponse {}
message RemoveEmailRequest {
string user_id = 1;
string email = 2;
}
message RemoveEmailResponse {}
// ─── OAuth / Social login ────────────────────────────────────────────
message OAuthLoginRequest {
OAuthProvider provider = 1;
string authorization_code = 2;
string redirect_uri = 3;
}
message OAuthLoginResponse {
User user = 1;
AuthTokens tokens = 2;
bool is_new_user = 3;
}
message LinkOAuthProviderRequest {
string user_id = 1;
OAuthProvider provider = 2;
string authorization_code = 3;
string redirect_uri = 4;
}
message LinkOAuthProviderResponse {
OAuthConnection connection = 1;
}
message UnlinkOAuthProviderRequest {
string user_id = 1;
OAuthProvider provider = 2;
}
message UnlinkOAuthProviderResponse {}
// ─── Personal access tokens ──────────────────────────────────────────
message PersonalAccessToken {
string token_id = 1; // UUID
string name = 2;
repeated string scopes = 3;
google.protobuf.Timestamp expires_at = 4;
google.protobuf.Timestamp last_used = 5;
google.protobuf.Timestamp created_at = 6;
}
message CreatePersonalAccessTokenRequest {
string user_id = 1;
string name = 2;
repeated string scopes = 3;
// Duration in seconds; 0 = no expiry
int64 expires_in_seconds = 4;
}
message CreatePersonalAccessTokenResponse {
PersonalAccessToken token = 1;
// The raw token value, only returned on creation
string raw_token = 2;
}
message ListPersonalAccessTokensRequest {
string user_id = 1;
}
message ListPersonalAccessTokensResponse {
repeated PersonalAccessToken tokens = 1;
}
message DeletePersonalAccessTokenRequest {
string token_id = 1;
}
message DeletePersonalAccessTokenResponse {}
// ─── MFA ─────────────────────────────────────────────────────────────
enum MfaType {
MFA_TYPE_UNSPECIFIED = 0;
MFA_TYPE_TOTP = 1;
}
message SetupMfaRequest {
string user_id = 1;
MfaType mfa_type = 2;
}
message SetupMfaResponse {
string mfa_id = 1; // UUID
// TOTP provisioning URI (otpauth://...)
string provisioning_uri = 2;
// Base32-encoded secret for manual entry
string secret = 3;
}
message VerifyMfaRequest {
string mfa_id = 1;
// The TOTP code to verify setup
string code = 2;
}
message VerifyMfaResponse {}
message DisableMfaRequest {
string user_id = 1;
// Current TOTP code to confirm disable
string code = 2;
}
message DisableMfaResponse {}
Reference in New Issue View Git Blame Copy Permalink