syntax = "proto3";

package management;

option go_package = "/proto";

import "google/protobuf/timestamp.proto";

// ProxyService - Management is the SERVER, Proxy is the CLIENT
// Proxy initiates connection to management
service ProxyService {
  rpc GetMappingUpdate(GetMappingUpdateRequest) returns (stream GetMappingUpdateResponse);

  rpc SendAccessLog(SendAccessLogRequest) returns (SendAccessLogResponse);
}

// GetMappingUpdateRequest is sent to initialise a mapping stream.
message GetMappingUpdateRequest {
  string proxy_id = 1;
  string version = 2;
  google.protobuf.Timestamp started_at = 3;
}

// GetMappingUpdateResponse contains zero or more ProxyMappings.
// No mappings may be sent to test the liveness of the Proxy.
// Mappings that are sent should be interpreted by the Proxy appropriately.
message GetMappingUpdateResponse {
  repeated ProxyMapping mapping = 1;
}

enum ProxyMappingUpdateType {
  UPDATE_TYPE_CREATED = 0;
  UPDATE_TYPE_MODIFIED = 1;
  UPDATE_TYPE_REMOVED = 2;
}

message PathMapping {
  string path = 1;
  string target = 2;
}

message Authentication {
  Password password = 1;
  Pin pin = 2;
  OIDC oidc = 3;
}

message Password {
  bool enabled = 1;
  string password = 2;
}

message Pin {
  bool enabled = 1;
  string pin = 2;
}

message Link {
  bool enabled = 1;
  string link_url = 2;
}

message OIDC {
  bool enabled = 1;
  string oidc_provider_url = 2;
  string oidc_client_id = 3;
  string oidc_client_secret = 4;
  string oidc_redirect_url = 5;
  repeated string oidc_scopes = 6;
  string session_cookie_name = 7;
}

message ProxyMapping {
  ProxyMappingUpdateType type = 1;
  string id = 2;
  string domain = 3;
  repeated PathMapping path = 4;
  string setup_key = 5;
  Authentication auth = 6;
}

// SendAccessLogRequest consists of one or more AccessLogs from a Proxy.
message SendAccessLogRequest {
  AccessLog log = 1;
}

// SendAccessLogResponse is intentionally empty to allow for future expansion.
message SendAccessLogResponse {}

message AccessLog {
  google.protobuf.Timestamp timestamp = 1;
  string service_id = 2;
  string host = 3;
  string path = 4;
  int64 duration_ms = 5;
  string method = 6;
  int32 response_code = 7;
  string source_ip = 8;
  string auth_mechanism = 9;
  string user_id = 10;
  bool auth_success = 11;
}