syntax = "proto3";

package user.api.auth.v1;

import "google/api/annotations.proto";
import "google/api/field_behavior.proto";

import "google/protobuf/wrappers.proto";
import "google/protobuf/duration.proto";
import "validate/validate.proto";

option go_package = "github.com/go-saas/kit/user/api/auth/v1;v1";


service Auth {

    rpc Register(RegisterAuthRequest) returns (RegisterAuthReply){
        option (google.api.http) = {
            post: "/v1/auth/register"
            body:"*"
        };
    }


    rpc Login(LoginAuthRequest) returns (LoginAuthReply){
        option (google.api.http) = {
            post: "/v1/auth/login",
            body: "*",
        };
    }

    rpc GetLogin(GetLoginRequest) returns(GetLoginResponse){
        option (google.api.http) = {
            get: "/v1/auth/login",
        };
    }

    rpc Token(TokenRequest) returns (TokenReply){
        option (google.api.http) = {
            post: "/v1/auth/token",
            body: "*",
        };
    }

    rpc Refresh(RefreshTokenAuthRequest) returns (RefreshTokenAuthReply){
        option (google.api.http) = {
            post: "/v1/auth/refresh",
            body: "*",
        };
    }

    rpc SendPasswordlessToken(PasswordlessTokenAuthRequest) returns(PasswordlessTokenAuthReply){
        option (google.api.http) = {
            post: "/v1/auth/action/passwordless",
            body: "*",
        };
    }

    rpc LoginPasswordless(LoginPasswordlessRequest) returns(LoginPasswordlessReply){
        option (google.api.http) = {
            post: "/v1/auth/login/passwordless",
            body: "*",
        };
    }

    rpc SendForgetPasswordToken(ForgetPasswordTokenRequest) returns(ForgetPasswordTokenReply){
        option (google.api.http) = {
            post: "/v1/auth/action/forget",
            body: "*",
        };
    }

    //ForgetPassword
    //verify forget password token
    rpc ForgetPassword(ForgetPasswordRequest) returns (ForgetPasswordReply){
        option (google.api.http) = {
            post: "/v1/auth/password/forget",
            body: "*",
        };
    }

    rpc ChangePasswordByForget(ChangePasswordByForgetRequest) returns (ChangePasswordByForgetReply){
        option (google.api.http) = {
            post: "/v1/auth/password/forget/change",
            body: "*",
        };
    }
    
    //ValidatePassword
    // server validation for password strength
    rpc ValidatePassword(ValidatePasswordRequest) returns (ValidatePasswordReply){
        option (google.api.http) = {
            post: "/v1/auth/password/validate",
            body: "*",
        };
    }

    rpc ChangePasswordByPre(ChangePasswordByPreRequest)returns(ChangePasswordByPreReply){
        option (google.api.http) = {
            post: "/v1/auth/password/change",
            body: "*",
        };
    }


    rpc GetCsrfToken(GetCsrfTokenRequest) returns(GetCsrfTokenResponse){
        option (google.api.http) = {
            get: "/v1/auth/csrf",
        };
    }

    //RefreshRememberToken internal api for refresh remember token
    rpc RefreshRememberToken(RefreshRememberTokenRequest) returns(RefreshRememberTokenReply){

    }
}

message RegisterAuthRequest{
    string username =1 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string password=5 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string confirm_password=6 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    bool web=10;
}

message RegisterAuthReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;
}

message LoginAuthRequest{
    string username =1 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string password =2 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    bool remember =3;
}


message TokenRequest{
    string grant_type =1 [(validate.rules).string = {in:["","password","refresh_token","authorization_code"]}];
    string username =2;
    string password =3;
    string refresh_token=4;
}

message TokenReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;
}

message LoginAuthReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Expires time in seconds
    // Deprecated, use expires_in instead
    int32 expires=3 [deprecated=true];
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;

    string redirect=10;
}

message RefreshTokenAuthRequest{
    string refresh_token=4 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
}
message RefreshTokenAuthReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;
}

message PasswordlessTokenAuthRequest{
    optional google.protobuf.StringValue phone =4;
    optional google.protobuf.StringValue email=5 [(validate.rules).string.email=true];
}

message PasswordlessTokenAuthReply{
    //expire time
    google.protobuf.Duration expire=1;
}

message LoginPasswordlessRequest{
    optional google.protobuf.StringValue phone =4;
    optional google.protobuf.StringValue email=5;
    string  token=10 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];

    bool web=20;
}

message LoginPasswordlessReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;
}

message ForgetPasswordTokenRequest{
    optional google.protobuf.StringValue phone =4;
    optional google.protobuf.StringValue email=5;

}

message ForgetPasswordTokenReply{
    //expire time
    google.protobuf.Duration expire=1;
}

message ForgetPasswordRequest{
    optional google.protobuf.StringValue phone =4;
    optional google.protobuf.StringValue email=5;
    string token=10;
}

message ForgetPasswordReply{
    //next step for change password
    string change_password_token=1;
}

message ValidatePasswordRequest{
    string password=1;
}

message ValidatePasswordReply{
    bool ok =1;
}

message GetLoginRequest{
    //redirect url
    string redirect = 1;
    string login_challenge=2;
}

message GetLoginResponse{
    //normalized redirect url
    string redirect = 1;
    repeated OAuthProvider oauth = 2;

    string hint=3;
    string challenge=4;
}

message OAuthProvider{
    string name=1;
}

message GetCsrfTokenRequest{

}

message GetCsrfTokenResponse{
    string csrf_token=1;
}

message LogoutRequest{
    string challenge=1;
}

message LogoutResponse{
    string redirect = 1;
}


message WebLoginAuthRequest{
    string username =1 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string password =2 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    bool remember =3;
    string challenge =4;
    bool reject=5;
}

message WebLoginAuthReply{
    string access_token=1;
    // Bearer
    string token_type=2;
    // Expires time in seconds
    int32 expires=3;
    // Refresh token to keep login state
    string refresh_token=4;
    // Expires time in seconds
    int32 expires_in=5;

    string redirect=10;
}

message ChangePasswordByForgetRequest{
    string change_password_token=1 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string new_password=5 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string confirm_new_password=6 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
}

message ChangePasswordByForgetReply{

}

message ChangePasswordByPreRequest{
    string pre_password=4 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string new_password=5 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
    string confirm_new_password=6 [(validate.rules).string.min_len=1,(google.api.field_behavior) = REQUIRED];
}

message ChangePasswordByPreReply{

}


message RefreshRememberTokenRequest{
    string rm_token=1;
}

message RefreshRememberTokenReply{
    string user_id=1;
    string new_rm_token=2;
}