-
Notifications
You must be signed in to change notification settings - Fork 0
/
account.proto
339 lines (302 loc) · 10.3 KB
/
account.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
syntax="proto3";
package kript.api;
import "kript/api/universal.proto";
import "kript/api/encrypt.proto";
import "google/api/annotations.proto";
import "protoc-gen-swagger/options/annotations.proto";
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
info: {
version: "1.0";
};
external_docs: {
url: "https://github.com/liam923/Kript";
description: "Kript";
}
schemes: HTTPS;
};
// The public information about a user that is visible to anyone.
message PublicUser {
// The id of the user.
string id = 1;
// The username of the user.
string username = 2;
// The user's public key.
bytes public_key = 3;
// The salt used to hash the user's password.
bytes password_salt = 4;
// The hashing algorithm used to hash the user's password.
HashAlgorithm password_hash_algorithm = 5;
// The encryption algorithm used to encrypt the user's data keys.
AEncryptionAlgorithm data_encryption_algorithm = 6;
}
// Private information about a user that is only visible to the user.
message PrivateUser {
// The user's private key, encrypted with the user's password.
EBytes private_key = 1;
// The encryption algorithm used to encrypt the private key.
SEncryptionAlgorithm private_key_encryption_algorithm = 2;
// The initialization vector used to encrypt the private key.
bytes private_key_iv = 3;
// The salt used in generating the key for encrypting/decrypting the private key.
bytes private_key_key_salt = 4;
// The hash algorithm used to generate the key for encrypting/decrypting the private key.
HashAlgorithm private_key_key_hash_algorithm = 5;
}
// The public and private information about a user.
message User {
// The user's public information.
PublicUser public = 1;
// The user's private information.
PrivateUser private = 2;
}
message VerificationToken {
JWT jwt = 1;
}
message RefreshToken {
JWT jwt = 1;
}
message SuccessfulLoginMessage {
// The refresh token to identify and authenticate the user.
RefreshToken refresh_token = 1;
// The access token to identify and authenticate the user.
AccessToken access_token = 2;
// The user's information.
User user = 3;
}
// An enumeration of type of two-factor authentication.
enum TwoFactorType {
UNKNOWN_TWO_FACTOR_TYPE = 0;
// A code via text message. This method is not yet supported.
PHONE_TEXT = 1;
// A code via phone call.
PHONE_CALL = 2;
// A code via email. This method is not yet supported.
EMAIL = 3;
}
// A way to send/receive a two-factor authentication code.
message TwoFactor {
// The type of two-factor authentication.
TwoFactorType type = 1;
// Where the two-factor authentication code is sent (phone, email, etc.).
string destination = 2;
}
service AccountService {
// Login the user. If the user has 2-factor authentication enabled,
// a verification code must be sent with SendVerification to complete the
// login process.
rpc LoginUser (LoginUserRequest) returns (LoginUserResponse) {
option (google.api.http) = {
post: "/auth/login"
body: "*"
};
}
// Send a verification code to the user using the specified method.
rpc SendVerification (SendVerificationRequest) returns (SendVerificationResponse) {
option (google.api.http) = {
post: "/auth/verify/send"
body: "*"
};
}
// Complete logging in the user.
rpc VerifyUser (VerifyUserRequest) returns (VerifyUserResponse) {
option (google.api.http) = {
post: "/auth/verify"
body: "*"
};
}
// Change the user's password.
rpc UpdatePassword (UpdatePasswordRequest) returns (UpdatePasswordResponse) {
option (google.api.http) = {
post: "/account/change-password"
body: "*"
};
}
// Create an account.
rpc CreateAccount (CreateAccountRequest) returns (CreateAccountResponse) {
option (google.api.http) = {
post: "/account/create"
body: "*"
};
}
// Fetch a new access token.
rpc RefreshAuth (RefreshAuthRequest) returns (RefreshAuthResponse) {
option (google.api.http) = {
post: "/auth/refresh"
body: "*"
};
}
// Get the information of the user with the given username or user id.
// If the user is the logged in user, the private user information is
// included.
rpc GetUser (GetUserRequest) returns (GetUserResponse) {
option (google.api.http) = {
get: "/user"
};
}
// Request to add the given two-factor destination and send a confirmation
// code to the two-factor destination.
rpc AddTwoFactor (AddTwoFactorRequest) returns (AddTwoFactorResponse) {
option (google.api.http) = {
post: "/account/two-factor"
body: "*"
};
}
// Verify a two-factor destination.
rpc VerifyTwoFactor (VerifyTwoFactorRequest) returns (VerifyTwoFactorResponse) {
option (google.api.http) = {
post: "/account/two-factor/verify"
body: "*"
};
}
}
message LoginUserRequest {
// An identifier for the user.
oneof user_identifier {
// The username of the user.
string username = 1;
// The id of the user.
string user_id = 2;
}
// The hashed password of the user.
HString password = 3;
}
message LoginUserResponse {
// Represents the relevant information for the two-factor authentication
// process to continue.
message TwoFactorInfo {
// The token used to identify the user through the verification process.
VerificationToken verification_token = 1;
// The options available for two-factor authentication, where the key is the
// id of the option.
map<string, TwoFactor> options = 2;
}
// A response, with the type dependent on whether two-factor authentication
// is enabled.
oneof response_type {
// The two-factor authentication information if two-factor authentication
// is enabled.
TwoFactorInfo two_factor = 1;
// The user's authentication and information if two-factor authentication
// is disabled.
SuccessfulLoginMessage response = 2;
}
}
message SendVerificationRequest {
// The token used to identify the user through the verification process.
VerificationToken verification_token = 1;
// The id of the two-factor authentication option used.
string two_factor_option_id = 2;
}
message SendVerificationResponse {
// Whether or not sending the verification code was successful.
bool success = 1;
// The two-factor authentication option used.
TwoFactor destination = 2;
}
message VerifyUserRequest {
// The token used to identify the user through the verification process.
VerificationToken verification_token = 1;
// The two-factor authentication code received on the specified destination.
string code = 2;
}
message VerifyUserResponse {
// The user's authentication and information.
SuccessfulLoginMessage response = 1;
}
message UpdatePasswordRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The old hashed password of the user.
HString old_password = 2;
// The new hashed password of the user.
HString new_password = 3;
// The salt used in the new hashed password.
bytes new_salt = 4;
// The hashing algorithm used to hash the user's new password.
HashAlgorithm new_password_hash_algorithm = 5;
// The user's private key, re-encrypted with the user's new password.
EBytes private_key = 6;
// The encryption algorithm used to encrypt the user's private key.
SEncryptionAlgorithm private_key_encryption_algorithm = 7;
// The initialization vector used to encrypt the private key.
bytes private_key_iv = 8;
// The new salt used in generating the key for encrypting/decrypting the private key.
bytes private_key_key_salt = 9;
// The new hash algorithm used to generate the key for encrypting/decrypting the private key.
HashAlgorithm private_key_key_hash_algorithm = 10;
}
message UpdatePasswordResponse {
// The user's information.
User user = 1;
}
message CreateAccountRequest {
// The username of the user.
string username = 1;
// The hashed password of the user.
HString password = 2;
// The salt used in the new hashed password.
bytes salt = 3;
// The hashing algorithm used to hash the user's password.
HashAlgorithm password_hash_algorithm = 4;
// The user's public key.
bytes public_key = 5;
// The user's private key, encrypted using the user's password.
EBytes private_key = 6;
// The encryption algorithm used to encrypt the user's data.
AEncryptionAlgorithm data_encryption_algorithm = 7;
// The encryption algorithm used to encrypt the user's private key.
SEncryptionAlgorithm private_key_encryption_algorithm = 8;
// The initialization vector used to encrypt the private key.
bytes private_key_iv = 9;
// The salt used in generating the key for encrypting/decrypting the private key.
bytes private_key_key_salt = 10;
// The hash algorithm used to generate the key for encrypting/decrypting the private key.
HashAlgorithm private_key_key_hash_algorithm = 11;
}
message CreateAccountResponse {
// The user's authentication and information.
SuccessfulLoginMessage response = 1;
}
message RefreshAuthRequest {
// The refresh token to identify and authenticate the user.
RefreshToken refresh_token = 1;
}
message RefreshAuthResponse {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
}
message GetUserRequest {
// The access token to identify and authenticate the user. This is optional.
AccessToken access_token = 1;
// An identifier of the user to retrieve.
oneof user_identifier {
// The username of the user.
string username = 2;
// The id of the user.
string user_id = 3;
}
}
message GetUserResponse {
// The information of the specified user.
User user = 1;
}
message AddTwoFactorRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The two-factor authentication method to add.
TwoFactor two_factor = 2;
}
message AddTwoFactorResponse {
// The token used to identify the verification code flow.
VerificationToken verification_token = 1;
}
message VerifyTwoFactorRequest {
// The token used to identify the verification code flow.
VerificationToken verification_token = 1;
// The two-factor authentication code received on the specified destination.
string code = 2;
}
message VerifyTwoFactorResponse {
// The successfully added two-factor authentication method.
TwoFactor two_factor = 1;
}