2021-07-17 14:38:59 +02:00
syntax = "proto3" ;
2021-07-22 10:28:00 +02:00
import "google/protobuf/timestamp.proto" ;
2021-07-20 18:09:26 +02:00
option go_package = "/proto" ;
2021-07-17 14:38:59 +02:00
package management ;
service ManagementService {
2021-08-15 16:56:26 +02:00
// Login logs in peer. In case server returns codes.PermissionDenied this endpoint can be used to register Peer providing LoginRequest.setupKey
2022-02-08 18:03:27 +01:00
// Returns encrypted LoginResponse in EncryptedMessage.Body
2021-08-15 16:56:26 +02:00
rpc Login ( EncryptedMessage ) returns ( EncryptedMessage ) { }
2021-07-17 14:38:59 +02:00
2021-07-22 10:28:00 +02:00
// Sync enables peer synchronization. Each peer that is connected to this stream will receive updates from the server.
// For example, if a new peer has been added to an account all other connected peers will receive this peer's Wireguard public key as an update
// The initial SyncResponse contains all of the available peers so the local state can be refreshed
2022-02-08 18:03:27 +01:00
// Returns encrypted SyncResponse in EncryptedMessage.Body
2021-07-22 10:28:00 +02:00
rpc Sync ( EncryptedMessage ) returns ( stream EncryptedMessage ) { }
// Exposes a Wireguard public key of the Management service.
// This key is used to support message encryption between client and server
rpc GetServerKey ( Empty ) returns ( ServerKeyResponse ) { }
2021-07-17 14:38:59 +02:00
// health check endpoint
rpc isHealthy ( Empty ) returns ( Empty ) { }
2022-05-08 11:04:57 +02:00
// Exposes a device authorization flow information
// This is used for initiating a Oauth 2 device authorization grant flow
// which will be used by our clients to Login.
// EncryptedMessage of the request has a body of DeviceAuthorizationFlowRequest.
// EncryptedMessage of the response has a body of DeviceAuthorizationFlow.
rpc GetDeviceAuthorizationFlow ( EncryptedMessage ) returns ( EncryptedMessage ) { }
2021-07-17 14:38:59 +02:00
}
2021-07-22 10:28:00 +02:00
message EncryptedMessage {
// Wireguard public key
string wgPubKey = 1 ;
// encrypted message Body
bytes body = 2 ;
2022-01-16 17:10:36 +01:00
// Version of the Wiretrustee Management Service protocol
int32 version = 3 ;
2021-07-22 10:28:00 +02:00
}
2021-07-25 17:08:16 +02:00
message SyncRequest { }
2021-07-22 10:28:00 +02:00
2021-07-25 17:08:16 +02:00
// SyncResponse represents a state that should be applied to the local peer (e.g. Wiretrustee servers config as well as local peer and remote peers configs)
2021-07-22 10:28:00 +02:00
message SyncResponse {
2022-01-16 17:10:36 +01:00
2021-07-25 17:08:16 +02:00
// Global config
WiretrusteeConfig wiretrusteeConfig = 1 ;
2022-01-16 17:10:36 +01:00
// Deprecated. Use NetworkMap.PeerConfig
2021-07-25 17:08:16 +02:00
PeerConfig peerConfig = 2 ;
2022-01-16 17:10:36 +01:00
// Deprecated. Use NetworkMap.RemotePeerConfig
2021-07-25 17:08:16 +02:00
repeated RemotePeerConfig remotePeers = 3 ;
2022-01-16 17:10:36 +01:00
2021-09-07 18:36:46 +02:00
// Indicates whether remotePeers array is empty or not to bypass protobuf null and empty array equality.
2022-01-16 17:10:36 +01:00
// Deprecated. Use NetworkMap.remotePeersIsEmpty
2021-09-07 18:36:46 +02:00
bool remotePeersIsEmpty = 4 ;
2022-01-16 17:10:36 +01:00
NetworkMap NetworkMap = 5 ;
2021-07-22 10:28:00 +02:00
}
2021-08-15 16:56:26 +02:00
message LoginRequest {
// Pre-authorized setup key (can be empty)
string setupKey = 1 ;
2021-08-24 11:50:19 +02:00
// Meta data of the peer (e.g. name, os_name, os_version,
PeerSystemMeta meta = 2 ;
2022-05-05 20:02:15 +02:00
// SSO token (can be empty)
string jwtToken = 3 ;
2021-08-24 11:50:19 +02:00
}
// Peer machine meta data
message PeerSystemMeta {
string hostname = 1 ;
string goOS = 2 ;
string kernel = 3 ;
string core = 4 ;
string platform = 5 ;
string OS = 6 ;
string wiretrusteeVersion = 7 ;
2022-05-25 23:25:02 +02:00
string uiVersion = 8 ;
2021-07-17 14:38:59 +02:00
}
2021-08-15 16:56:26 +02:00
message LoginResponse {
// Global config
WiretrusteeConfig wiretrusteeConfig = 1 ;
// Peer local config
PeerConfig peerConfig = 2 ;
}
2021-07-17 14:38:59 +02:00
2021-07-22 10:28:00 +02:00
message ServerKeyResponse {
// Server's Wireguard public key
string key = 1 ;
// Key expiration timestamp after which the key should be fetched again by the client
google.protobuf.Timestamp expiresAt = 2 ;
2022-01-16 17:10:36 +01:00
// Version of the Wiretrustee Management Service protocol
int32 version = 3 ;
2021-07-22 10:28:00 +02:00
}
2021-07-25 17:08:16 +02:00
message Empty { }
// WiretrusteeConfig is a common configuration of any Wiretrustee peer. It contains STUN, TURN, Signal and Management servers configurations
message WiretrusteeConfig {
// a list of STUN servers
repeated HostConfig stuns = 1 ;
// a list of TURN servers
repeated ProtectedHostConfig turns = 2 ;
// a Signal server config
HostConfig signal = 3 ;
}
// HostConfig describes connection properties of some server (e.g. STUN, Signal, Management)
message HostConfig {
2021-07-30 17:46:38 +02:00
// URI of the resource e.g. turns://stun.wiretrustee.com:4430 or signal.wiretrustee.com:10000
string uri = 1 ;
Protocol protocol = 2 ;
2021-07-25 17:08:16 +02:00
enum Protocol {
2021-07-30 17:46:38 +02:00
UDP = 0 ;
TCP = 1 ;
HTTP = 2 ;
HTTPS = 3 ;
DTLS = 4 ;
2021-07-25 17:08:16 +02:00
}
}
// ProtectedHostConfig is similar to HostConfig but has additional user and password
// Mostly used for TURN servers
message ProtectedHostConfig {
HostConfig hostConfig = 1 ;
string user = 2 ;
string password = 3 ;
}
// PeerConfig represents a configuration of a "our" peer.
// The properties are used to configure local Wireguard
message PeerConfig {
// Peer's virtual IP address within the Wiretrustee VPN (a Wireguard address config)
string address = 1 ;
// Wiretrustee DNS server (a Wireguard DNS config)
string dns = 2 ;
}
2022-01-16 17:10:36 +01:00
// NetworkMap represents a network state of the peer with the corresponding configuration parameters to establish peer-to-peer connections
message NetworkMap {
// Serial is an ID of the network state to be used by clients to order updates.
// The larger the Serial the newer the configuration.
// E.g. the client app should keep track of this id locally and discard all the configurations with a lower value
uint64 Serial = 1 ;
// PeerConfig represents configuration of a peer
PeerConfig peerConfig = 2 ;
// RemotePeerConfig represents a list of remote peers that the receiver can connect to
repeated RemotePeerConfig remotePeers = 3 ;
// Indicates whether remotePeers array is empty or not to bypass protobuf null and empty array equality.
bool remotePeersIsEmpty = 4 ;
}
2021-07-25 17:08:16 +02:00
// RemotePeerConfig represents a configuration of a remote peer.
// The properties are used to configure Wireguard Peers sections
message RemotePeerConfig {
// A Wireguard public key of a remote peer
string wgPubKey = 1 ;
2021-07-17 14:38:59 +02:00
2021-07-25 17:08:16 +02:00
// Wireguard allowed IPs of a remote peer e.g. [10.30.30.1/32]
repeated string allowedIps = 2 ;
2022-05-08 11:04:57 +02:00
}
// DeviceAuthorizationFlowRequest empty struct for future expansion
message DeviceAuthorizationFlowRequest { }
// DeviceAuthorizationFlow represents Device Authorization Flow information
// that can be used by the client to login initiate a Oauth 2.0 device authorization grant flow
// see https://datatracker.ietf.org/doc/html/rfc8628
message DeviceAuthorizationFlow {
// An IDP provider , (eg. Auth0)
provider Provider = 1 ;
ProviderConfig ProviderConfig = 2 ;
enum provider {
HOSTED = 0 ;
}
}
// ProviderConfig has all attributes needed to initiate a device authorization flow
message ProviderConfig {
// An IDP application client id
string ClientID = 1 ;
// An IDP application client secret
string ClientSecret = 2 ;
// An IDP API domain
string Domain = 3 ;
// An Audience for validation
string Audience = 4 ;
2022-05-25 23:25:02 +02:00
}