// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0

syntax = "proto3";

package mainflux;

import "google/protobuf/empty.proto";

service ThingsService {
    rpc CanAccessByKey(AccessByKeyReq) returns (ThingID) {}
    rpc IsChannelOwner(ChannelOwnerReq) returns (google.protobuf.Empty) {}
    rpc CanAccessByID(AccessByIDReq) returns (google.protobuf.Empty) {}
    rpc Identify(Token) returns (ThingID) {}
}

service AuthService {
    rpc Issue(IssueReq) returns (Token) {}
    rpc Identify(Token) returns (UserIdentity) {}
    rpc Authorize(AuthorizeReq) returns (AuthorizeRes) {}
    rpc Assign(Assignment) returns(google.protobuf.Empty) {}
    rpc Members(MembersReq) returns (MembersRes) {}
}

message AccessByKeyReq {
    string token  = 1;
    string chanID = 2;
}

message ChannelOwnerReq {
    string owner  = 1;
    string chanID = 2;
}

message ThingID {
    string value = 1;
}

message ChannelID {
    string value = 1;
}

message AccessByIDReq {
    string thingID = 1;
    string chanID  = 2;
}

// If a token is not carrying any information itself, the type
// field can be used to determine how to validate the token.
// Also, different tokens can be encoded in different ways.
message Token {
    string value = 1;
}

message UserIdentity {
    string id    = 1;
    string email = 2;
}

message IssueReq {
    string id    = 1;
    string email = 2;
    uint32 type  = 3;
}

message AuthorizeReq {
    string sub = 1;
    string obj = 2;
    string act = 3;
}

message AuthorizeRes {
    bool authorized = 1;
}

message Assignment {
    string token    = 1;
    string groupID  = 2;
    string memberID = 3;
}

message MembersReq {
    string token    = 1;
    string groupID  = 2;
    uint64 offset   = 3;
    uint64 limit    = 4;
    string type     = 5;
}

message MembersRes {
    uint64 total            = 1;
    uint64 offset           = 2;
    uint64 limit            = 3;
    string type             = 4;
    repeated string members = 5;
}