Compare commits
No commits in common. "main" and "v0.2.2" have entirely different histories.
|
|
@ -12,10 +12,6 @@ message Date {
|
|||
service AuthAdminService {
|
||||
rpc GetUser (GetUserRequest) returns (UserResponse);
|
||||
rpc GetUsers (GetUsersRequest) returns (UsersResponse);
|
||||
// System-token-authed minimal lookup: id + display name ONLY (no PII).
|
||||
// Auth is the shared system token alone (no actor) — internal services only,
|
||||
// so viewing content (e.g. history) can't be used to harvest user info.
|
||||
rpc GetUsersData (GetUsersDataRequest) returns (GetUsersDataResponse);
|
||||
rpc GetUsersByUsernames(GetUsersByUsernamesRequest) returns (UsersResponse);
|
||||
rpc DeleteUser (DeleteUserRequest) returns (OperationResponse);
|
||||
rpc RestoreUser (RestoreUserRequest) returns (OperationResponse);
|
||||
|
|
@ -310,24 +306,6 @@ message UsersResponse {
|
|||
repeated User users = 4;
|
||||
}
|
||||
|
||||
// GetUsersData — system-token-only, returns the MINIMUM for display: id + a
|
||||
// resolved display name. Deliberately omits email/phone/PII so even a trusted
|
||||
// internal caller can't harvest contact info through it.
|
||||
message GetUsersDataRequest {
|
||||
string system_token = 1;
|
||||
repeated string user_ids = 2;
|
||||
}
|
||||
|
||||
message UserData {
|
||||
string id = 1;
|
||||
string name = 2;
|
||||
}
|
||||
|
||||
message GetUsersDataResponse {
|
||||
bool success = 1;
|
||||
repeated UserData users = 2;
|
||||
}
|
||||
|
||||
message GetAssignableRolesRequest {
|
||||
string actor_id = 1;
|
||||
string actor_token = 2;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "st-peter-client"
|
||||
version = "0.2.3"
|
||||
version = "0.2.2"
|
||||
edition = "2021"
|
||||
description = "Official Rust client for st-peter (aura-users) — authentication over gRPC with a token-verify cache"
|
||||
repository = "https://git.awesomike.com/pub/st-peter-client"
|
||||
|
|
|
|||
|
|
@ -405,28 +405,6 @@ impl AdminClient {
|
|||
self.inner.clone()
|
||||
}
|
||||
|
||||
/// System-token user lookup — returns ONLY id + display name (no PII).
|
||||
/// Authorizes on the shared `system_token` alone (no actor), so an internal
|
||||
/// service can label "who did this" (e.g. content history) without the
|
||||
/// end-user's credentials and without exposing contact info. The token must
|
||||
/// be one registered in st-peter's `system-tokens`.
|
||||
pub async fn get_users_data(
|
||||
&self,
|
||||
system_token: &str,
|
||||
user_ids: Vec<String>,
|
||||
) -> Result<Vec<adminpb::UserData>> {
|
||||
let resp = self
|
||||
.inner
|
||||
.clone()
|
||||
.get_users_data(adminpb::GetUsersDataRequest {
|
||||
system_token: system_token.to_string(),
|
||||
user_ids,
|
||||
})
|
||||
.await?
|
||||
.into_inner();
|
||||
Ok(resp.users)
|
||||
}
|
||||
|
||||
/// Assign a role to a user — targeted when `target_id` is set (the
|
||||
/// multi-tenancy device: e.g. `cms-content-editor` for one organization),
|
||||
/// optionally time-bound via `expires_at`.
|
||||
|
|
|
|||
Loading…
Reference in New Issue