syntax = "proto3";

package auth.v1;

option go_package = "git.dcentral.systems/toolz/goplt/api/proto/generated/auth/v1;authv1";

// AuthService provides authentication operations.
service AuthService {
  // Login authenticates a user and returns access and refresh tokens.
  rpc Login(LoginRequest) returns (LoginResponse);
  
  // RefreshToken refreshes an access token using a refresh token.
  rpc RefreshToken(RefreshTokenRequest) returns (RefreshTokenResponse);
  
  // ValidateToken validates a JWT token and returns the token claims.
  rpc ValidateToken(ValidateTokenRequest) returns (ValidateTokenResponse);
  
  // Logout invalidates a refresh token.
  rpc Logout(LogoutRequest) returns (LogoutResponse);
}

// LoginRequest contains login credentials.
message LoginRequest {
  string email = 1;
  string password = 2;
}

// LoginResponse contains authentication tokens.
message LoginResponse {
  string access_token = 1;
  string refresh_token = 2;
  int64 expires_in = 3; // seconds
  string token_type = 4; // "Bearer"
}

// RefreshTokenRequest contains a refresh token.
message RefreshTokenRequest {
  string refresh_token = 1;
}

// RefreshTokenResponse contains new authentication tokens.
message RefreshTokenResponse {
  string access_token = 1;
  string refresh_token = 2;
  int64 expires_in = 3; // seconds
  string token_type = 4; // "Bearer"
}

// ValidateTokenRequest contains a JWT token to validate.
message ValidateTokenRequest {
  string token = 1;
}

// ValidateTokenResponse contains token claims.
message ValidateTokenResponse {
  string user_id = 1;
  string email = 2;
  repeated string roles = 3;
  int64 expires_at = 4;
}

// LogoutRequest contains a refresh token to invalidate.
message LogoutRequest {
  string refresh_token = 1;
}

// LogoutResponse indicates success.
message LogoutResponse {
  bool success = 1;
}