Files
Edu/packages/shared-proto/proto/iam.proto
SpecialX a35e759d64 feat(iam): 完整实现 iam 身份认证与权限服务
包含 jwt/jwks/audit/grpc、rbac、cache、redis/kafka 配置等完整实现
2026-07-10 19:09:39 +08:00

160 lines
3.3 KiB
Protocol Buffer
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
syntax = "proto3";
package next_edu_cloud.iam.v1;
// IamService 定义身份与访问管理契约
// 双入口策略president §2.16REST 供 gateway 透传 + admin-portal 直连,
// gRPC 供 BFF 聚合调用。同一 Application Service 同时被两种 Controller 调用。
// gRPC 端口 50052P2 即启用I1 裁决)。
service IamService {
// 认证类
rpc Register(RegisterRequest) returns (AuthResponse);
rpc Login(LoginRequest) returns (AuthResponse);
rpc RefreshToken(RefreshTokenRequest) returns (TokenPair);
rpc Logout(LogoutRequest) returns (LogoutResponse);
// 用户信息类
rpc GetUserInfo(GetUserInfoRequest) returns (UserInfo);
rpc BatchGetUsers(BatchGetUsersRequest) returns (BatchGetUsersResponse);
// 权限与视口类
rpc GetEffectivePermissions(GetEffectivePermissionsRequest) returns (EffectivePermissionsResponse);
rpc GetEffectiveAccess(GetEffectiveAccessRequest) returns (EffectiveAccessResponse);
rpc GetEffectiveDataScope(GetEffectiveDataScopeRequest) returns (DataScopeResponse);
rpc GetViewports(GetViewportsRequest) returns (ViewportsResponse);
// 密钥与关系类
rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKeyResponse);
rpc GetChildrenByParent(GetChildrenByParentRequest) returns (ChildrenResponse);
}
// ========== 认证类 ==========
message RegisterRequest {
string email = 1;
string password = 2;
string name = 3;
}
message LoginRequest {
string email = 1;
string password = 2;
}
message RefreshTokenRequest {
string refresh_token = 1;
}
message LogoutRequest {
string refresh_token = 1;
string user_id = 2;
}
message LogoutResponse {
bool success = 1;
}
message AuthResponse {
UserInfo user = 1;
TokenPair tokens = 2;
}
message TokenPair {
string access_token = 1;
string refresh_token = 2;
int32 expires_in = 3;
}
// ========== 用户信息类 ==========
message GetUserInfoRequest {
string user_id = 1;
}
message BatchGetUsersRequest {
repeated string user_ids = 1;
}
message BatchGetUsersResponse {
repeated UserInfo users = 1;
}
message UserInfo {
string id = 1;
string email = 2;
string name = 3;
repeated string roles = 4;
repeated string permissions = 5;
string data_scope = 6;
string status = 7;
}
// ========== 权限与视口类 ==========
message GetEffectivePermissionsRequest {
string user_id = 1;
}
message EffectivePermissionsResponse {
repeated string permissions = 1;
}
message GetEffectiveAccessRequest {
string user_id = 1;
string permission = 2;
}
message EffectiveAccessResponse {
bool allowed = 1;
string data_scope = 2;
}
message GetEffectiveDataScopeRequest {
string user_id = 1;
}
message DataScopeResponse {
string data_scope = 1;
}
message GetViewportsRequest {
string user_id = 1;
}
message ViewportsResponse {
repeated ViewportItem viewports = 1;
}
message ViewportItem {
string key = 1;
string label = 2;
string route = 3;
string icon = 4;
string sort_order = 5;
string required_permission = 6;
}
// ========== 密钥与关系类 ==========
message GetPublicKeyRequest {}
message PublicKeyResponse {
string kid = 1;
string alg = 2;
string public_key_pem = 3;
}
message GetChildrenByParentRequest {
string parent_id = 1;
}
message ChildrenResponse {
repeated ChildInfo children = 1;
}
message ChildInfo {
string student_id = 1;
string name = 2;
string relation = 3;
}