From 7de29b1ca100c1caeba992a77a636aaadfc111f1 Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Sat, 30 May 2026 12:12:42 +0530 Subject: [PATCH] chore(proto): add buf-based proto skeleton + tooling (Phase 0) Sets up the foundation for the upcoming multi-protocol public API surface (GraphQL + gRPC + REST). No behaviour change: only the proto module, its generated Go bindings, Makefile helpers, and a CI lint/breaking-check job. - proto/ rooted at buf.build/authorizerdev/authorizer with v2 layout - common/v1: annotations (required_permissions, mcp_tool, audit_log, public), pagination, errors (ErrorReason enum), shared AppData - Generated Go committed under gen/go so go build works without protoc - Makefile: proto-tools (auto-installs buf), proto-lint, proto-breaking, proto-gen - CI: new "proto" job runs buf lint always and buf breaking on PRs Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 19 + Makefile | 27 ++ gen/go/authorizer/common/v1/annotations.pb.go | 332 ++++++++++++++++++ gen/go/authorizer/common/v1/errors.pb.go | 217 ++++++++++++ gen/go/authorizer/common/v1/pagination.pb.go | 265 ++++++++++++++ gen/go/authorizer/common/v1/types.pb.go | 157 +++++++++ go.mod | 3 +- go.sum | 4 + proto/authorizer/common/v1/annotations.proto | 53 +++ proto/authorizer/common/v1/errors.proto | 52 +++ proto/authorizer/common/v1/pagination.proto | 33 ++ proto/authorizer/common/v1/types.proto | 18 + proto/buf.gen.yaml | 20 ++ proto/buf.lock | 6 + proto/buf.yaml | 18 + 15 files changed, 1223 insertions(+), 1 deletion(-) create mode 100644 gen/go/authorizer/common/v1/annotations.pb.go create mode 100644 gen/go/authorizer/common/v1/errors.pb.go create mode 100644 gen/go/authorizer/common/v1/pagination.pb.go create mode 100644 gen/go/authorizer/common/v1/types.pb.go create mode 100644 proto/authorizer/common/v1/annotations.proto create mode 100644 proto/authorizer/common/v1/errors.proto create mode 100644 proto/authorizer/common/v1/pagination.proto create mode 100644 proto/authorizer/common/v1/types.proto create mode 100644 proto/buf.gen.yaml create mode 100644 proto/buf.lock create mode 100644 proto/buf.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42832e70..7e94640b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,3 +27,22 @@ jobs: - name: Run tests run: make test + + proto: + name: Proto lint + breaking + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + # buf breaking needs main's history to diff against. + fetch-depth: 0 + + - uses: bufbuild/buf-action@v1 + with: + input: proto + lint: true + format: false + # Only run breaking on PRs (push to main has nothing to diff against). + breaking: ${{ github.event_name == 'pull_request' }} + breaking_against: 'https://github.com/${{ github.repository }}.git#branch=main,subdir=proto' diff --git a/Makefile b/Makefile index 1d792ce6..4817380d 100644 --- a/Makefile +++ b/Makefile @@ -174,3 +174,30 @@ generate-graphql: generate-db-template: cp -rf internal/storage/db/provider_template internal/storage/db/${dbname} find internal/storage/db/${dbname} -type f -exec sed -i -e 's/provider_template/${dbname}/g' {} \; + +# ---------------------------------------------------------------------------- +# Protobuf (Phase 0+): public-API source of truth under ./proto. +# `buf` is installed on demand into $(GOBIN) if missing. +# ---------------------------------------------------------------------------- +BUF ?= $(shell command -v buf 2>/dev/null) +BUF_VERSION ?= v1.47.2 + +.PHONY: proto-tools proto-lint proto-breaking proto-gen + +proto-tools: + @if [ -z "$(BUF)" ]; then \ + echo "Installing buf $(BUF_VERSION) via go install"; \ + go install github.com/bufbuild/buf/cmd/buf@$(BUF_VERSION); \ + fi + +proto-lint: proto-tools + cd proto && buf lint + +# Compare the working tree's proto against origin/main; fails on breaking changes. +# Override BUF_BREAKING_AGAINST for local runs (e.g. "main" or a SHA). +BUF_BREAKING_AGAINST ?= .git#branch=origin/main,subdir=proto +proto-breaking: proto-tools + cd proto && buf breaking --against '../$(BUF_BREAKING_AGAINST)' + +proto-gen: proto-tools + cd proto && buf dep update && buf generate diff --git a/gen/go/authorizer/common/v1/annotations.pb.go b/gen/go/authorizer/common/v1/annotations.pb.go new file mode 100644 index 00000000..8357924f --- /dev/null +++ b/gen/go/authorizer/common/v1/annotations.pb.go @@ -0,0 +1,332 @@ +// Custom proto options that decorate Authorizer service methods with +// authorization, audit, MCP-exposure, and visibility metadata. +// +// All options live on MethodOptions and are read at runtime by the gRPC +// server (auth/permission/audit interceptors) and by the MCP server, and +// at codegen time by the OpenAPI generator. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: authorizer/common/v1/annotations.proto + +package commonv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// PermissionRequirement names one (resource, scope) pair the caller must hold +// to invoke the RPC. Multiple values on a method are AND-combined (the caller +// must hold *all* of them); to express OR semantics, list the alternatives in +// a single PermissionRequirement with a wildcard scope and let the policy +// engine evaluate. +type PermissionRequirement struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Resource name as registered in the authz subsystem (e.g. "user", + // "webhook"). Required. + Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"` + // Scope name (e.g. "read", "write", "delete"). Required. + Scope string `protobuf:"bytes,2,opt,name=scope,proto3" json:"scope,omitempty"` +} + +func (x *PermissionRequirement) Reset() { + *x = PermissionRequirement{} + mi := &file_authorizer_common_v1_annotations_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PermissionRequirement) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PermissionRequirement) ProtoMessage() {} + +func (x *PermissionRequirement) ProtoReflect() protoreflect.Message { + mi := &file_authorizer_common_v1_annotations_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PermissionRequirement.ProtoReflect.Descriptor instead. +func (*PermissionRequirement) Descriptor() ([]byte, []int) { + return file_authorizer_common_v1_annotations_proto_rawDescGZIP(), []int{0} +} + +func (x *PermissionRequirement) GetResource() string { + if x != nil { + return x.Resource + } + return "" +} + +func (x *PermissionRequirement) GetScope() string { + if x != nil { + return x.Scope + } + return "" +} + +// McpTool marks an RPC as exposed via the Authorizer MCP server. +// Defaults to "not exposed" when the option is absent. +type McpTool struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Whether the RPC is reachable as an MCP tool. Default false. + Exposed bool `protobuf:"varint,1,opt,name=exposed,proto3" json:"exposed,omitempty"` + // Optional override for the tool name surfaced to MCP clients. When unset, + // the snake_case form of the RPC method name is used. + ToolName string `protobuf:"bytes,2,opt,name=tool_name,json=toolName,proto3" json:"tool_name,omitempty"` + // Hint to the MCP host that the tool mutates state in a way that warrants + // explicit user confirmation (e.g. delete operations). + Destructive bool `protobuf:"varint,3,opt,name=destructive,proto3" json:"destructive,omitempty"` +} + +func (x *McpTool) Reset() { + *x = McpTool{} + mi := &file_authorizer_common_v1_annotations_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *McpTool) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*McpTool) ProtoMessage() {} + +func (x *McpTool) ProtoReflect() protoreflect.Message { + mi := &file_authorizer_common_v1_annotations_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use McpTool.ProtoReflect.Descriptor instead. +func (*McpTool) Descriptor() ([]byte, []int) { + return file_authorizer_common_v1_annotations_proto_rawDescGZIP(), []int{1} +} + +func (x *McpTool) GetExposed() bool { + if x != nil { + return x.Exposed + } + return false +} + +func (x *McpTool) GetToolName() string { + if x != nil { + return x.ToolName + } + return "" +} + +func (x *McpTool) GetDestructive() bool { + if x != nil { + return x.Destructive + } + return false +} + +var file_authorizer_common_v1_annotations_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: ([]*PermissionRequirement)(nil), + Field: 50001, + Name: "authorizer.common.v1.required_permissions", + Tag: "bytes,50001,rep,name=required_permissions", + Filename: "authorizer/common/v1/annotations.proto", + }, + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: (*McpTool)(nil), + Field: 50002, + Name: "authorizer.common.v1.mcp_tool", + Tag: "bytes,50002,opt,name=mcp_tool", + Filename: "authorizer/common/v1/annotations.proto", + }, + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: (*bool)(nil), + Field: 50003, + Name: "authorizer.common.v1.audit_log", + Tag: "varint,50003,opt,name=audit_log", + Filename: "authorizer/common/v1/annotations.proto", + }, + { + ExtendedType: (*descriptorpb.MethodOptions)(nil), + ExtensionType: (*bool)(nil), + Field: 50004, + Name: "authorizer.common.v1.public", + Tag: "varint,50004,opt,name=public", + Filename: "authorizer/common/v1/annotations.proto", + }, +} + +// Extension fields to descriptorpb.MethodOptions. +var ( + // All permissions the caller must hold (AND). Empty means "no authz check + // beyond the auth interceptor". + // + // repeated authorizer.common.v1.PermissionRequirement required_permissions = 50001; + E_RequiredPermissions = &file_authorizer_common_v1_annotations_proto_extTypes[0] + // MCP-tool exposure metadata; absent means "not exposed". + // + // optional authorizer.common.v1.McpTool mcp_tool = 50002; + E_McpTool = &file_authorizer_common_v1_annotations_proto_extTypes[1] + // When true, the audit interceptor records an entry for the invocation. + // + // optional bool audit_log = 50003; + E_AuditLog = &file_authorizer_common_v1_annotations_proto_extTypes[2] + // When true, the auth interceptor allows unauthenticated callers. Use for + // login, signup, magic-link request, password-reset request, etc. + // + // optional bool public = 50004; + E_Public = &file_authorizer_common_v1_annotations_proto_extTypes[3] +) + +var File_authorizer_common_v1_annotations_proto protoreflect.FileDescriptor + +var file_authorizer_common_v1_annotations_proto_rawDesc = []byte{ + 0x0a, 0x26, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x20, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, + 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x22, 0x49, 0x0a, 0x15, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, + 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x22, 0x62, 0x0a, 0x07, 0x4d, + 0x63, 0x70, 0x54, 0x6f, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x64, + 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x6f, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x6f, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, + 0x0b, 0x64, 0x65, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x69, 0x76, 0x65, 0x3a, + 0x80, 0x01, 0x0a, 0x14, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x5f, 0x70, 0x65, 0x72, + 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd1, 0x86, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x13, 0x72, + 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x3a, 0x5a, 0x0a, 0x08, 0x6d, 0x63, 0x70, 0x5f, 0x74, 0x6f, 0x6f, 0x6c, 0x12, 0x1e, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd2, + 0x86, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x63, + 0x70, 0x54, 0x6f, 0x6f, 0x6c, 0x52, 0x07, 0x6d, 0x63, 0x70, 0x54, 0x6f, 0x6f, 0x6c, 0x3a, 0x3d, + 0x0a, 0x09, 0x61, 0x75, 0x64, 0x69, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x12, 0x1e, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd3, 0x86, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x08, 0x61, 0x75, 0x64, 0x69, 0x74, 0x4c, 0x6f, 0x67, 0x3a, 0x38, 0x0a, + 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd4, 0x86, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x42, 0xe8, 0x01, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x64, + 0x65, 0x76, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x67, 0x65, + 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x76, 0x31, 0xa2, 0x02, 0x03, 0x41, 0x43, 0x58, 0xaa, 0x02, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x31, 0xca, + 0x02, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, + 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x16, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, + 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_authorizer_common_v1_annotations_proto_rawDescOnce sync.Once + file_authorizer_common_v1_annotations_proto_rawDescData = file_authorizer_common_v1_annotations_proto_rawDesc +) + +func file_authorizer_common_v1_annotations_proto_rawDescGZIP() []byte { + file_authorizer_common_v1_annotations_proto_rawDescOnce.Do(func() { + file_authorizer_common_v1_annotations_proto_rawDescData = protoimpl.X.CompressGZIP(file_authorizer_common_v1_annotations_proto_rawDescData) + }) + return file_authorizer_common_v1_annotations_proto_rawDescData +} + +var file_authorizer_common_v1_annotations_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_authorizer_common_v1_annotations_proto_goTypes = []any{ + (*PermissionRequirement)(nil), // 0: authorizer.common.v1.PermissionRequirement + (*McpTool)(nil), // 1: authorizer.common.v1.McpTool + (*descriptorpb.MethodOptions)(nil), // 2: google.protobuf.MethodOptions +} +var file_authorizer_common_v1_annotations_proto_depIdxs = []int32{ + 2, // 0: authorizer.common.v1.required_permissions:extendee -> google.protobuf.MethodOptions + 2, // 1: authorizer.common.v1.mcp_tool:extendee -> google.protobuf.MethodOptions + 2, // 2: authorizer.common.v1.audit_log:extendee -> google.protobuf.MethodOptions + 2, // 3: authorizer.common.v1.public:extendee -> google.protobuf.MethodOptions + 0, // 4: authorizer.common.v1.required_permissions:type_name -> authorizer.common.v1.PermissionRequirement + 1, // 5: authorizer.common.v1.mcp_tool:type_name -> authorizer.common.v1.McpTool + 6, // [6:6] is the sub-list for method output_type + 6, // [6:6] is the sub-list for method input_type + 4, // [4:6] is the sub-list for extension type_name + 0, // [0:4] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_authorizer_common_v1_annotations_proto_init() } +func file_authorizer_common_v1_annotations_proto_init() { + if File_authorizer_common_v1_annotations_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_authorizer_common_v1_annotations_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 4, + NumServices: 0, + }, + GoTypes: file_authorizer_common_v1_annotations_proto_goTypes, + DependencyIndexes: file_authorizer_common_v1_annotations_proto_depIdxs, + MessageInfos: file_authorizer_common_v1_annotations_proto_msgTypes, + ExtensionInfos: file_authorizer_common_v1_annotations_proto_extTypes, + }.Build() + File_authorizer_common_v1_annotations_proto = out.File + file_authorizer_common_v1_annotations_proto_rawDesc = nil + file_authorizer_common_v1_annotations_proto_goTypes = nil + file_authorizer_common_v1_annotations_proto_depIdxs = nil +} diff --git a/gen/go/authorizer/common/v1/errors.pb.go b/gen/go/authorizer/common/v1/errors.pb.go new file mode 100644 index 00000000..5e9bb211 --- /dev/null +++ b/gen/go/authorizer/common/v1/errors.pb.go @@ -0,0 +1,217 @@ +// Domain-specific error reasons attached to google.rpc.Status via ErrorInfo. +// +// Wire shape: handlers return standard gRPC status codes (e.g. +// PERMISSION_DENIED, INVALID_ARGUMENT) and attach an ErrorInfo detail whose +// `reason` field is one of the enum values below. The gateway surfaces the +// same ErrorInfo in the REST response body. Clients should branch on the +// enum, not on the human-readable message. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: authorizer/common/v1/errors.proto + +package commonv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ErrorReason int32 + +const ( + ErrorReason_ERROR_REASON_UNSPECIFIED ErrorReason = 0 + // Authentication failed (bad credentials, expired token, missing cookie). + // Maps to gRPC UNAUTHENTICATED / HTTP 401. + ErrorReason_ERROR_REASON_INVALID_CREDENTIALS ErrorReason = 1 + // Caller is authenticated but lacks the required permission. + // Maps to PERMISSION_DENIED / HTTP 403. + ErrorReason_ERROR_REASON_PERMISSION_DENIED ErrorReason = 2 + // The targeted resource does not exist. NOT_FOUND / 404. + ErrorReason_ERROR_REASON_NOT_FOUND ErrorReason = 3 + // A unique constraint was violated (e.g. email already registered). + // ALREADY_EXISTS / 409. + ErrorReason_ERROR_REASON_ALREADY_EXISTS ErrorReason = 4 + // Request validation failed beyond what protovalidate caught + // (cross-field, business-rule). INVALID_ARGUMENT / 400. + ErrorReason_ERROR_REASON_INVALID_REQUEST ErrorReason = 5 + // A required identity-verification step has not been completed + // (email not verified, phone not verified, MFA required). FAILED_PRECONDITION / 412. + ErrorReason_ERROR_REASON_VERIFICATION_REQUIRED ErrorReason = 6 + // The current configuration disables the requested operation + // (sign-up disabled, magic-link login disabled, etc.). FAILED_PRECONDITION / 412. + ErrorReason_ERROR_REASON_OPERATION_DISABLED ErrorReason = 7 + // Caller exceeded the configured rate limit. RESOURCE_EXHAUSTED / 429. + ErrorReason_ERROR_REASON_RATE_LIMITED ErrorReason = 8 + // A verification token (email, password reset, magic link, OTP) is expired + // or has already been consumed. FAILED_PRECONDITION / 412. + ErrorReason_ERROR_REASON_TOKEN_EXPIRED ErrorReason = 9 + // The account is deactivated or its access has been revoked by an admin. + // FAILED_PRECONDITION / 412. + ErrorReason_ERROR_REASON_ACCOUNT_DEACTIVATED ErrorReason = 10 +) + +// Enum value maps for ErrorReason. +var ( + ErrorReason_name = map[int32]string{ + 0: "ERROR_REASON_UNSPECIFIED", + 1: "ERROR_REASON_INVALID_CREDENTIALS", + 2: "ERROR_REASON_PERMISSION_DENIED", + 3: "ERROR_REASON_NOT_FOUND", + 4: "ERROR_REASON_ALREADY_EXISTS", + 5: "ERROR_REASON_INVALID_REQUEST", + 6: "ERROR_REASON_VERIFICATION_REQUIRED", + 7: "ERROR_REASON_OPERATION_DISABLED", + 8: "ERROR_REASON_RATE_LIMITED", + 9: "ERROR_REASON_TOKEN_EXPIRED", + 10: "ERROR_REASON_ACCOUNT_DEACTIVATED", + } + ErrorReason_value = map[string]int32{ + "ERROR_REASON_UNSPECIFIED": 0, + "ERROR_REASON_INVALID_CREDENTIALS": 1, + "ERROR_REASON_PERMISSION_DENIED": 2, + "ERROR_REASON_NOT_FOUND": 3, + "ERROR_REASON_ALREADY_EXISTS": 4, + "ERROR_REASON_INVALID_REQUEST": 5, + "ERROR_REASON_VERIFICATION_REQUIRED": 6, + "ERROR_REASON_OPERATION_DISABLED": 7, + "ERROR_REASON_RATE_LIMITED": 8, + "ERROR_REASON_TOKEN_EXPIRED": 9, + "ERROR_REASON_ACCOUNT_DEACTIVATED": 10, + } +) + +func (x ErrorReason) Enum() *ErrorReason { + p := new(ErrorReason) + *p = x + return p +} + +func (x ErrorReason) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ErrorReason) Descriptor() protoreflect.EnumDescriptor { + return file_authorizer_common_v1_errors_proto_enumTypes[0].Descriptor() +} + +func (ErrorReason) Type() protoreflect.EnumType { + return &file_authorizer_common_v1_errors_proto_enumTypes[0] +} + +func (x ErrorReason) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ErrorReason.Descriptor instead. +func (ErrorReason) EnumDescriptor() ([]byte, []int) { + return file_authorizer_common_v1_errors_proto_rawDescGZIP(), []int{0} +} + +var File_authorizer_common_v1_errors_proto protoreflect.FileDescriptor + +var file_authorizer_common_v1_errors_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2a, 0x86, 0x03, 0x0a, 0x0b, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x18, 0x45, 0x52, 0x52, + 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x45, 0x52, 0x52, 0x4f, 0x52, + 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, + 0x43, 0x52, 0x45, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x41, 0x4c, 0x53, 0x10, 0x01, 0x12, 0x22, 0x0a, + 0x1e, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x50, 0x45, + 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4e, 0x49, 0x45, 0x44, 0x10, + 0x02, 0x12, 0x1a, 0x0a, 0x16, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, + 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x46, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x03, 0x12, 0x1f, 0x0a, + 0x1b, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x41, 0x4c, + 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x45, 0x58, 0x49, 0x53, 0x54, 0x53, 0x10, 0x04, 0x12, 0x20, + 0x0a, 0x1c, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x49, + 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x05, + 0x12, 0x26, 0x0a, 0x22, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, + 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x52, 0x45, + 0x51, 0x55, 0x49, 0x52, 0x45, 0x44, 0x10, 0x06, 0x12, 0x23, 0x0a, 0x1f, 0x45, 0x52, 0x52, 0x4f, + 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x07, 0x12, 0x1d, 0x0a, + 0x19, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x52, 0x41, + 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x45, 0x44, 0x10, 0x08, 0x12, 0x1e, 0x0a, 0x1a, + 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x54, 0x4f, 0x4b, + 0x45, 0x4e, 0x5f, 0x45, 0x58, 0x50, 0x49, 0x52, 0x45, 0x44, 0x10, 0x09, 0x12, 0x24, 0x0a, 0x20, + 0x45, 0x52, 0x52, 0x4f, 0x52, 0x5f, 0x52, 0x45, 0x41, 0x53, 0x4f, 0x4e, 0x5f, 0x41, 0x43, 0x43, + 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x44, 0x45, 0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x45, 0x44, + 0x10, 0x0a, 0x42, 0xe3, 0x01, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, + 0x0b, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x48, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x72, 0x64, 0x65, 0x76, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x3b, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x41, 0x43, 0x58, 0xaa, 0x02, + 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x20, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, + 0x02, 0x16, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x3a, 0x3a, 0x43, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_authorizer_common_v1_errors_proto_rawDescOnce sync.Once + file_authorizer_common_v1_errors_proto_rawDescData = file_authorizer_common_v1_errors_proto_rawDesc +) + +func file_authorizer_common_v1_errors_proto_rawDescGZIP() []byte { + file_authorizer_common_v1_errors_proto_rawDescOnce.Do(func() { + file_authorizer_common_v1_errors_proto_rawDescData = protoimpl.X.CompressGZIP(file_authorizer_common_v1_errors_proto_rawDescData) + }) + return file_authorizer_common_v1_errors_proto_rawDescData +} + +var file_authorizer_common_v1_errors_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_authorizer_common_v1_errors_proto_goTypes = []any{ + (ErrorReason)(0), // 0: authorizer.common.v1.ErrorReason +} +var file_authorizer_common_v1_errors_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_authorizer_common_v1_errors_proto_init() } +func file_authorizer_common_v1_errors_proto_init() { + if File_authorizer_common_v1_errors_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_authorizer_common_v1_errors_proto_rawDesc, + NumEnums: 1, + NumMessages: 0, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_authorizer_common_v1_errors_proto_goTypes, + DependencyIndexes: file_authorizer_common_v1_errors_proto_depIdxs, + EnumInfos: file_authorizer_common_v1_errors_proto_enumTypes, + }.Build() + File_authorizer_common_v1_errors_proto = out.File + file_authorizer_common_v1_errors_proto_rawDesc = nil + file_authorizer_common_v1_errors_proto_goTypes = nil + file_authorizer_common_v1_errors_proto_depIdxs = nil +} diff --git a/gen/go/authorizer/common/v1/pagination.pb.go b/gen/go/authorizer/common/v1/pagination.pb.go new file mode 100644 index 00000000..1b85cb55 --- /dev/null +++ b/gen/go/authorizer/common/v1/pagination.pb.go @@ -0,0 +1,265 @@ +// Pagination types shared across List RPCs. +// +// The Authorizer GraphQL surface uses page+limit (offset-based) pagination. +// To keep the proto surface familiar for current users *and* compatible with +// AIP-158 (page_token-based) clients, both shapes are accepted on +// PaginationRequest; the server picks page_token when set, else falls back to +// page+limit. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: authorizer/common/v1/pagination.proto + +package commonv1 + +import ( + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PaginationRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // 1-based page number. Ignored when page_token is set. Default 1. + Page int64 `protobuf:"varint,1,opt,name=page,proto3" json:"page,omitempty"` + // Page size. Server enforces an upper bound (typically 100). Default 10. + Limit int64 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"` + // Opaque cursor returned by the previous List call's `next_page_token`. + // Preferred for new clients (AIP-158). When set, `page` is ignored. + PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` +} + +func (x *PaginationRequest) Reset() { + *x = PaginationRequest{} + mi := &file_authorizer_common_v1_pagination_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PaginationRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PaginationRequest) ProtoMessage() {} + +func (x *PaginationRequest) ProtoReflect() protoreflect.Message { + mi := &file_authorizer_common_v1_pagination_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PaginationRequest.ProtoReflect.Descriptor instead. +func (*PaginationRequest) Descriptor() ([]byte, []int) { + return file_authorizer_common_v1_pagination_proto_rawDescGZIP(), []int{0} +} + +func (x *PaginationRequest) GetPage() int64 { + if x != nil { + return x.Page + } + return 0 +} + +func (x *PaginationRequest) GetLimit() int64 { + if x != nil { + return x.Limit + } + return 0 +} + +func (x *PaginationRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +type Pagination struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Limit int64 `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"` + Page int64 `protobuf:"varint,2,opt,name=page,proto3" json:"page,omitempty"` + Offset int64 `protobuf:"varint,3,opt,name=offset,proto3" json:"offset,omitempty"` + Total int64 `protobuf:"varint,4,opt,name=total,proto3" json:"total,omitempty"` + // Opaque cursor for the next page; empty when no more pages. + NextPageToken string `protobuf:"bytes,5,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` +} + +func (x *Pagination) Reset() { + *x = Pagination{} + mi := &file_authorizer_common_v1_pagination_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Pagination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Pagination) ProtoMessage() {} + +func (x *Pagination) ProtoReflect() protoreflect.Message { + mi := &file_authorizer_common_v1_pagination_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Pagination.ProtoReflect.Descriptor instead. +func (*Pagination) Descriptor() ([]byte, []int) { + return file_authorizer_common_v1_pagination_proto_rawDescGZIP(), []int{1} +} + +func (x *Pagination) GetLimit() int64 { + if x != nil { + return x.Limit + } + return 0 +} + +func (x *Pagination) GetPage() int64 { + if x != nil { + return x.Page + } + return 0 +} + +func (x *Pagination) GetOffset() int64 { + if x != nil { + return x.Offset + } + return 0 +} + +func (x *Pagination) GetTotal() int64 { + if x != nil { + return x.Total + } + return 0 +} + +func (x *Pagination) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +var File_authorizer_common_v1_pagination_proto protoreflect.FileDescriptor + +var file_authorizer_common_v1_pagination_proto_rawDesc = []byte{ + 0x0a, 0x25, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x62, + 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x71, 0x0a, 0x11, 0x50, 0x61, + 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x1b, 0x0a, 0x04, 0x70, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x42, 0x07, 0xba, + 0x48, 0x04, 0x22, 0x02, 0x28, 0x00, 0x52, 0x04, 0x70, 0x61, 0x67, 0x65, 0x12, 0x20, 0x0a, 0x05, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x42, 0x0a, 0xba, 0x48, 0x07, + 0x22, 0x05, 0x18, 0xe8, 0x07, 0x28, 0x00, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x1d, + 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x8c, 0x01, + 0x0a, 0x0a, 0x50, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, + 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6c, 0x69, 0x6d, + 0x69, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x04, 0x70, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x14, + 0x0a, 0x05, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x74, + 0x6f, 0x74, 0x61, 0x6c, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, 0x61, 0x67, + 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6e, + 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0xe7, 0x01, 0x0a, + 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0f, 0x50, 0x61, 0x67, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x48, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x64, 0x65, 0x76, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, + 0x72, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x41, 0x43, 0x58, 0xaa, 0x02, 0x14, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x56, 0x31, 0xca, 0x02, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, + 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x20, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, + 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x16, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_authorizer_common_v1_pagination_proto_rawDescOnce sync.Once + file_authorizer_common_v1_pagination_proto_rawDescData = file_authorizer_common_v1_pagination_proto_rawDesc +) + +func file_authorizer_common_v1_pagination_proto_rawDescGZIP() []byte { + file_authorizer_common_v1_pagination_proto_rawDescOnce.Do(func() { + file_authorizer_common_v1_pagination_proto_rawDescData = protoimpl.X.CompressGZIP(file_authorizer_common_v1_pagination_proto_rawDescData) + }) + return file_authorizer_common_v1_pagination_proto_rawDescData +} + +var file_authorizer_common_v1_pagination_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_authorizer_common_v1_pagination_proto_goTypes = []any{ + (*PaginationRequest)(nil), // 0: authorizer.common.v1.PaginationRequest + (*Pagination)(nil), // 1: authorizer.common.v1.Pagination +} +var file_authorizer_common_v1_pagination_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_authorizer_common_v1_pagination_proto_init() } +func file_authorizer_common_v1_pagination_proto_init() { + if File_authorizer_common_v1_pagination_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_authorizer_common_v1_pagination_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_authorizer_common_v1_pagination_proto_goTypes, + DependencyIndexes: file_authorizer_common_v1_pagination_proto_depIdxs, + MessageInfos: file_authorizer_common_v1_pagination_proto_msgTypes, + }.Build() + File_authorizer_common_v1_pagination_proto = out.File + file_authorizer_common_v1_pagination_proto_rawDesc = nil + file_authorizer_common_v1_pagination_proto_goTypes = nil + file_authorizer_common_v1_pagination_proto_depIdxs = nil +} diff --git a/gen/go/authorizer/common/v1/types.pb.go b/gen/go/authorizer/common/v1/types.pb.go new file mode 100644 index 00000000..d35e3e31 --- /dev/null +++ b/gen/go/authorizer/common/v1/types.pb.go @@ -0,0 +1,157 @@ +// Shared scalar-ish types used across Authorizer services. +// +// Kept intentionally tiny: only types that don't naturally belong to a single +// resource service live here. Add a new entry only when at least two services +// share it. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.2 +// protoc (unknown) +// source: authorizer/common/v1/types.proto + +package commonv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + structpb "google.golang.org/protobuf/types/known/structpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// AppData is a free-form key/value bag stored against a user. Mirrors the +// GraphQL `Map` scalar. Values are JSON-typed (string, number, bool, null, +// nested object, nested array) to match what the existing storage layer +// accepts. +type AppData struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Value *structpb.Struct `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *AppData) Reset() { + *x = AppData{} + mi := &file_authorizer_common_v1_types_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AppData) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AppData) ProtoMessage() {} + +func (x *AppData) ProtoReflect() protoreflect.Message { + mi := &file_authorizer_common_v1_types_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AppData.ProtoReflect.Descriptor instead. +func (*AppData) Descriptor() ([]byte, []int) { + return file_authorizer_common_v1_types_proto_rawDescGZIP(), []int{0} +} + +func (x *AppData) GetValue() *structpb.Struct { + if x != nil { + return x.Value + } + return nil +} + +var File_authorizer_common_v1_types_proto protoreflect.FileDescriptor + +var file_authorizer_common_v1_types_proto_rawDesc = []byte{ + 0x0a, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x14, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x38, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x44, 0x61, 0x74, + 0x61, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x42, 0xe2, 0x01, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x42, 0x0a, 0x54, + 0x79, 0x70, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x48, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x65, 0x72, 0x64, 0x65, 0x76, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, + 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, + 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x41, 0x43, 0x58, 0xaa, 0x02, 0x14, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x56, 0x31, 0xca, 0x02, 0x14, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x5c, + 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x20, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x31, + 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x16, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x72, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_authorizer_common_v1_types_proto_rawDescOnce sync.Once + file_authorizer_common_v1_types_proto_rawDescData = file_authorizer_common_v1_types_proto_rawDesc +) + +func file_authorizer_common_v1_types_proto_rawDescGZIP() []byte { + file_authorizer_common_v1_types_proto_rawDescOnce.Do(func() { + file_authorizer_common_v1_types_proto_rawDescData = protoimpl.X.CompressGZIP(file_authorizer_common_v1_types_proto_rawDescData) + }) + return file_authorizer_common_v1_types_proto_rawDescData +} + +var file_authorizer_common_v1_types_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_authorizer_common_v1_types_proto_goTypes = []any{ + (*AppData)(nil), // 0: authorizer.common.v1.AppData + (*structpb.Struct)(nil), // 1: google.protobuf.Struct +} +var file_authorizer_common_v1_types_proto_depIdxs = []int32{ + 1, // 0: authorizer.common.v1.AppData.value:type_name -> google.protobuf.Struct + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_authorizer_common_v1_types_proto_init() } +func file_authorizer_common_v1_types_proto_init() { + if File_authorizer_common_v1_types_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_authorizer_common_v1_types_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_authorizer_common_v1_types_proto_goTypes, + DependencyIndexes: file_authorizer_common_v1_types_proto_depIdxs, + MessageInfos: file_authorizer_common_v1_types_proto_msgTypes, + }.Build() + File_authorizer_common_v1_types_proto = out.File + file_authorizer_common_v1_types_proto_rawDesc = nil + file_authorizer_common_v1_types_proto_goTypes = nil + file_authorizer_common_v1_types_proto_depIdxs = nil +} diff --git a/go.mod b/go.mod index 19a8bdbd..09d4a2ca 100644 --- a/go.mod +++ b/go.mod @@ -43,6 +43,7 @@ require ( ) require ( + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1 // indirect github.com/agnivade/levenshtein v1.2.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 // indirect github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e // indirect @@ -133,7 +134,7 @@ require ( golang.org/x/sys v0.39.0 // indirect golang.org/x/text v0.32.0 // indirect golang.org/x/tools v0.39.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/sourcemap.v1 v1.0.5 // indirect diff --git a/go.sum b/go.sum index 2218e45c..d62fb4de 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1 h1:s6hzCXtND/ICdGPTMGk7C+/BFlr2Jg5GyH0NKf4XGXg= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= github.com/99designs/gqlgen v0.17.73 h1:A3Ki+rHWqKbAOlg5fxiZBnz6OjW3nwupDHEG15gEsrg= github.com/99designs/gqlgen v0.17.73/go.mod h1:2RyGWjy2k7W9jxrs8MOQthXGkD3L3oGr0jXW3Pu8lGg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M= @@ -460,6 +462,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk= gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/proto/authorizer/common/v1/annotations.proto b/proto/authorizer/common/v1/annotations.proto new file mode 100644 index 00000000..c2ab9650 --- /dev/null +++ b/proto/authorizer/common/v1/annotations.proto @@ -0,0 +1,53 @@ +// Custom proto options that decorate Authorizer service methods with +// authorization, audit, MCP-exposure, and visibility metadata. +// +// All options live on MethodOptions and are read at runtime by the gRPC +// server (auth/permission/audit interceptors) and by the MCP server, and +// at codegen time by the OpenAPI generator. +syntax = "proto3"; + +package authorizer.common.v1; + +import "google/protobuf/descriptor.proto"; + +// PermissionRequirement names one (resource, scope) pair the caller must hold +// to invoke the RPC. Multiple values on a method are AND-combined (the caller +// must hold *all* of them); to express OR semantics, list the alternatives in +// a single PermissionRequirement with a wildcard scope and let the policy +// engine evaluate. +message PermissionRequirement { + // Resource name as registered in the authz subsystem (e.g. "user", + // "webhook"). Required. + string resource = 1; + // Scope name (e.g. "read", "write", "delete"). Required. + string scope = 2; +} + +// McpTool marks an RPC as exposed via the Authorizer MCP server. +// Defaults to "not exposed" when the option is absent. +message McpTool { + // Whether the RPC is reachable as an MCP tool. Default false. + bool exposed = 1; + // Optional override for the tool name surfaced to MCP clients. When unset, + // the snake_case form of the RPC method name is used. + string tool_name = 2; + // Hint to the MCP host that the tool mutates state in a way that warrants + // explicit user confirmation (e.g. delete operations). + bool destructive = 3; +} + +extend google.protobuf.MethodOptions { + // All permissions the caller must hold (AND). Empty means "no authz check + // beyond the auth interceptor". + repeated PermissionRequirement required_permissions = 50001; + + // MCP-tool exposure metadata; absent means "not exposed". + McpTool mcp_tool = 50002; + + // When true, the audit interceptor records an entry for the invocation. + bool audit_log = 50003; + + // When true, the auth interceptor allows unauthenticated callers. Use for + // login, signup, magic-link request, password-reset request, etc. + bool public = 50004; +} diff --git a/proto/authorizer/common/v1/errors.proto b/proto/authorizer/common/v1/errors.proto new file mode 100644 index 00000000..dff58db0 --- /dev/null +++ b/proto/authorizer/common/v1/errors.proto @@ -0,0 +1,52 @@ +// Domain-specific error reasons attached to google.rpc.Status via ErrorInfo. +// +// Wire shape: handlers return standard gRPC status codes (e.g. +// PERMISSION_DENIED, INVALID_ARGUMENT) and attach an ErrorInfo detail whose +// `reason` field is one of the enum values below. The gateway surfaces the +// same ErrorInfo in the REST response body. Clients should branch on the +// enum, not on the human-readable message. +syntax = "proto3"; + +package authorizer.common.v1; + +enum ErrorReason { + ERROR_REASON_UNSPECIFIED = 0; + + // Authentication failed (bad credentials, expired token, missing cookie). + // Maps to gRPC UNAUTHENTICATED / HTTP 401. + ERROR_REASON_INVALID_CREDENTIALS = 1; + + // Caller is authenticated but lacks the required permission. + // Maps to PERMISSION_DENIED / HTTP 403. + ERROR_REASON_PERMISSION_DENIED = 2; + + // The targeted resource does not exist. NOT_FOUND / 404. + ERROR_REASON_NOT_FOUND = 3; + + // A unique constraint was violated (e.g. email already registered). + // ALREADY_EXISTS / 409. + ERROR_REASON_ALREADY_EXISTS = 4; + + // Request validation failed beyond what protovalidate caught + // (cross-field, business-rule). INVALID_ARGUMENT / 400. + ERROR_REASON_INVALID_REQUEST = 5; + + // A required identity-verification step has not been completed + // (email not verified, phone not verified, MFA required). FAILED_PRECONDITION / 412. + ERROR_REASON_VERIFICATION_REQUIRED = 6; + + // The current configuration disables the requested operation + // (sign-up disabled, magic-link login disabled, etc.). FAILED_PRECONDITION / 412. + ERROR_REASON_OPERATION_DISABLED = 7; + + // Caller exceeded the configured rate limit. RESOURCE_EXHAUSTED / 429. + ERROR_REASON_RATE_LIMITED = 8; + + // A verification token (email, password reset, magic link, OTP) is expired + // or has already been consumed. FAILED_PRECONDITION / 412. + ERROR_REASON_TOKEN_EXPIRED = 9; + + // The account is deactivated or its access has been revoked by an admin. + // FAILED_PRECONDITION / 412. + ERROR_REASON_ACCOUNT_DEACTIVATED = 10; +} diff --git a/proto/authorizer/common/v1/pagination.proto b/proto/authorizer/common/v1/pagination.proto new file mode 100644 index 00000000..5d2c06ef --- /dev/null +++ b/proto/authorizer/common/v1/pagination.proto @@ -0,0 +1,33 @@ +// Pagination types shared across List RPCs. +// +// The Authorizer GraphQL surface uses page+limit (offset-based) pagination. +// To keep the proto surface familiar for current users *and* compatible with +// AIP-158 (page_token-based) clients, both shapes are accepted on +// PaginationRequest; the server picks page_token when set, else falls back to +// page+limit. +syntax = "proto3"; + +package authorizer.common.v1; + +import "buf/validate/validate.proto"; + +message PaginationRequest { + // 1-based page number. Ignored when page_token is set. Default 1. + int64 page = 1 [(buf.validate.field).int64 = {gte: 0}]; + + // Page size. Server enforces an upper bound (typically 100). Default 10. + int64 limit = 2 [(buf.validate.field).int64 = {gte: 0, lte: 1000}]; + + // Opaque cursor returned by the previous List call's `next_page_token`. + // Preferred for new clients (AIP-158). When set, `page` is ignored. + string page_token = 3; +} + +message Pagination { + int64 limit = 1; + int64 page = 2; + int64 offset = 3; + int64 total = 4; + // Opaque cursor for the next page; empty when no more pages. + string next_page_token = 5; +} diff --git a/proto/authorizer/common/v1/types.proto b/proto/authorizer/common/v1/types.proto new file mode 100644 index 00000000..0749c70a --- /dev/null +++ b/proto/authorizer/common/v1/types.proto @@ -0,0 +1,18 @@ +// Shared scalar-ish types used across Authorizer services. +// +// Kept intentionally tiny: only types that don't naturally belong to a single +// resource service live here. Add a new entry only when at least two services +// share it. +syntax = "proto3"; + +package authorizer.common.v1; + +import "google/protobuf/struct.proto"; + +// AppData is a free-form key/value bag stored against a user. Mirrors the +// GraphQL `Map` scalar. Values are JSON-typed (string, number, bool, null, +// nested object, nested array) to match what the existing storage layer +// accepts. +message AppData { + google.protobuf.Struct value = 1; +} diff --git a/proto/buf.gen.yaml b/proto/buf.gen.yaml new file mode 100644 index 00000000..b8ecd539 --- /dev/null +++ b/proto/buf.gen.yaml @@ -0,0 +1,20 @@ +version: v2 +managed: + enabled: true + # Don't rewrite go_package for third-party modules — they publish their own + # pre-built Go SDKs on BSR; rewriting breaks imports. + disable: + - module: buf.build/bufbuild/protovalidate + file_option: go_package_prefix + override: + - file_option: go_package_prefix + value: github.com/authorizerdev/authorizer/gen/go +plugins: + - remote: buf.build/protocolbuffers/go:v1.35.2 + out: ../gen/go + opt: paths=source_relative + - remote: buf.build/grpc/go:v1.5.1 + out: ../gen/go + opt: + - paths=source_relative + - require_unimplemented_servers=false diff --git a/proto/buf.lock b/proto/buf.lock new file mode 100644 index 00000000..709ae023 --- /dev/null +++ b/proto/buf.lock @@ -0,0 +1,6 @@ +# Generated by buf. DO NOT EDIT. +version: v2 +deps: + - name: buf.build/bufbuild/protovalidate + commit: 50325440f8f24053b047484a6bf60b76 + digest: b5:74cb6f5c0853c3c10aafc701614194bbd63326bdb8ef4068214454b8894b03ba4113e04b3a33a8321cdf05336e37db4dc14a5e2495db8462566914f36086ba31 diff --git a/proto/buf.yaml b/proto/buf.yaml new file mode 100644 index 00000000..056bea11 --- /dev/null +++ b/proto/buf.yaml @@ -0,0 +1,18 @@ +version: v2 +modules: + - path: . + name: buf.build/authorizerdev/authorizer +deps: + - buf.build/bufbuild/protovalidate + # google/api/annotations (gRPC-Gateway HTTP bindings) gets added in Phase 2 + # when the first service definition lands; declaring it now triggers a + # noisy "unused dep" warning on every `buf` invocation. +lint: + use: + - STANDARD + except: + - PACKAGE_VERSION_SUFFIX + ignore: [] +breaking: + use: + - FILE