pub
/
st-peter-client
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: pub:main
Branches Tags
pub:main
pub:v0.2.3
pub:v0.2.2
pub:v0.2.1
pub:v0.2.0
..
compare: pub:v0.2.2
Branches Tags
pub:main
pub:v0.2.3
pub:v0.2.2
pub:v0.2.1
pub:v0.2.0

No commits in common. "main" and "v0.2.2" have entirely different histories.
main ... v0.2.2

4 changed files with 2 additions and 46 deletions
Show Stats Expand all files Collapse all files

2
VERSION
View File

@ -1 +1 @@
0.2.3 0.2.2

22
proto/st-peter-admin.proto
View File

@ -12,10 +12,6 @@ message Date {
service AuthAdminService { service AuthAdminService {
rpc GetUser (GetUserRequest) returns (UserResponse); rpc GetUser (GetUserRequest) returns (UserResponse);
rpc GetUsers (GetUsersRequest) returns (UsersResponse); rpc GetUsers (GetUsersRequest) returns (UsersResponse);
// System-token-authed minimal lookup: id + display name ONLY (no PII).
// Auth is the shared system token alone (no actor) internal services only,
// so viewing content (e.g. history) can't be used to harvest user info.
rpc GetUsersData (GetUsersDataRequest) returns (GetUsersDataResponse);
rpc GetUsersByUsernames(GetUsersByUsernamesRequest) returns (UsersResponse); rpc GetUsersByUsernames(GetUsersByUsernamesRequest) returns (UsersResponse);
rpc DeleteUser (DeleteUserRequest) returns (OperationResponse); rpc DeleteUser (DeleteUserRequest) returns (OperationResponse);
rpc RestoreUser (RestoreUserRequest) returns (OperationResponse); rpc RestoreUser (RestoreUserRequest) returns (OperationResponse);
@ -310,24 +306,6 @@ message UsersResponse {
repeated User users = 4; repeated User users = 4;
} }
// GetUsersData system-token-only, returns the MINIMUM for display: id + a
// resolved display name. Deliberately omits email/phone/PII so even a trusted
// internal caller can't harvest contact info through it.
message GetUsersDataRequest {
string system_token = 1;
repeated string user_ids = 2;
}
message UserData {
string id = 1;
string name = 2;
}
message GetUsersDataResponse {
bool success = 1;
repeated UserData users = 2;
}
message GetAssignableRolesRequest { message GetAssignableRolesRequest {
string actor_id = 1; string actor_id = 1;
string actor_token = 2; string actor_token = 2;

2
rust/Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "st-peter-client" name = "st-peter-client"
version = "0.2.3" version = "0.2.2"
edition = "2021" edition = "2021"
description = "Official Rust client for st-peter (aura-users) — authentication over gRPC with a token-verify cache" description = "Official Rust client for st-peter (aura-users) — authentication over gRPC with a token-verify cache"
repository = "https://git.awesomike.com/pub/st-peter-client" repository = "https://git.awesomike.com/pub/st-peter-client"

22
rust/src/lib.rs
View File

@ -405,28 +405,6 @@ impl AdminClient {
self.inner.clone() self.inner.clone()
} }
/// System-token user lookup — returns ONLY id + display name (no PII).
/// Authorizes on the shared `system_token` alone (no actor), so an internal
/// service can label "who did this" (e.g. content history) without the
/// end-user's credentials and without exposing contact info. The token must
/// be one registered in st-peter's `system-tokens`.
pub async fn get_users_data(
&self,
system_token: &str,
user_ids: Vec<String>,
) -> Result<Vec<adminpb::UserData>> {
let resp = self
.inner
.clone()
.get_users_data(adminpb::GetUsersDataRequest {
system_token: system_token.to_string(),
user_ids,
})
.await?
.into_inner();
Ok(resp.users)
}
/// Assign a role to a user — targeted when `target_id` is set (the /// Assign a role to a user — targeted when `target_id` is set (the
/// multi-tenancy device: e.g. `cms-content-editor` for one organization), /// multi-tenancy device: e.g. `cms-content-editor` for one organization),
/// optionally time-bound via `expires_at`. /// optionally time-bound via `expires_at`.