-
Notifications
You must be signed in to change notification settings - Fork 0
/
data.proto
220 lines (199 loc) · 6.68 KB
/
data.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
syntax="proto3";
package kript.api;
import "kript/api/universal.proto";
import "kript/api/encrypt.proto";
import "google/api/annotations.proto";
import "google/protobuf/timestamp.proto";
import "protoc-gen-swagger/options/annotations.proto";
option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
info: {
version: "1.0";
};
external_docs: {
url: "https://github.com/liam923/Kript";
description: "Kript";
}
schemes: HTTPS;
};
message Datum {
// The identifier of this datum.
string id = 1;
// The owner of this datum.
string owner = 2;
// The actual data of this datum, such as a password or code, encrypted.
ESecret data = 4;
// The encryption algorithm used to encrypt the actual data.
SEncryptionAlgorithm data_encryption_algorithm = 5;
// The initialization vector used to encrypt the data.
bytes data_iv = 6;
// A map of ids of users who have access to this datum to information on what
// permissions they have. This does not include the owner, who has all permissions.
map<string, Access> accessors = 7;
// The metadata associated with this datum.
Metadata metadata = 8;
// An object representing relevant data to a user who has access to this
// datum.
message Access {
// The id of the user whom this access object is associated with.
string user_id = 1;
// The key used to encrypt the actual data, encrypted using this user's
// public key and decrypted with their private key.
EBytes data_key = 2;
// The list of permissions this user has on this datum.
repeated Permission permissions = 3;
}
// The metadata associated with this datum.
message Metadata {
// The user who created and owns this datum.
string owner_id = 1;
// The time at which this datum was created.
google.protobuf.Timestamp created_time = 2;
// The time at which this datum was last modified.
google.protobuf.Timestamp last_edited = 3;
// A map of id of users with access or who once had access to metadata
// associated with that access.
map<string, AccessMetadata> access_metadata = 4;
// Metadata associated with a user who had access to this datum at some
// point.
message AccessMetadata {
// The grants and revokes that have been given to the user.
repeated PermissionGrantMetadata grant_metadata = 1;
// Metadata associated with a change in access permissions.
message PermissionGrantMetadata {
// The id of the user who granted or revoked a permission.
string granter_id = 1;
// The permission that was granted or revoked.
Permission permission = 2;
// If true, this grant was a grant. Otherwise, it was a revoke.
bool is_grant = 3;
}
}
}
}
// A permission that a user can have on a datum.
enum Permission {
UNKNOWN = 0;
// Permission to read the datum.
READ = 1;
// Permission to read and write the datum.
WRITE = 2;
// Permission to read and delete the datum.
DELETE = 3;
// Permission to read and share the datum with other users. The user has the power
// to share the same permissions that they have.
SHARE = 4;
// Full permission on the datum.
ADMIN = 5;
}
service DataService {
// Get the list of all data for the logged in user, or a specific datum if
// specified.
rpc GetData (GetDataRequest) returns (GetDataResponse) {
option (google.api.http) = {
get: "/data"
};
}
// Update the specified datum with new data.
rpc UpdateDatum (UpdateDatumRequest) returns (UpdateDatumResponse) {
option (google.api.http) = {
patch: "/data"
body: "*"
};
}
// Create a new datum.
rpc CreateDatum (CreateDatumRequest) returns (CreateDatumResponse) {
option (google.api.http) = {
post: "/data"
body: "*"
};
}
// Delete the specified datum.
rpc DeleteDatum (DeleteDatumRequest) returns (DeleteDatumResponse) {
option (google.api.http) = {
delete: "/data"
};
}
// Share a datum with another user by granting them new permission(s) on it.
rpc ShareDatum (ShareDatumRequest) returns (ShareDatumResponse) {
option (google.api.http) = {
post: "/data/share"
body: "*"
};
}
}
message GetDataRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The list of ids of datums to retrieve. If empty, all datums that the user
// has access to will be retrieved.
repeated string datum_ids = 2;
}
message GetDataResponse {
// The datums requested by the user.
repeated Datum datums = 1;
}
message UpdateDatumRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The id of the datum to update.
string id = 2;
// The new title of the datum. (Optional)
string title = 3;
// The new actual data of the datum, such as a password or code, encrypted.
// This should decrypt to a string of a json object.
ESecret data = 4;
// The new initialization vector used to encrypt the data.
bytes data_iv = 7;
}
message UpdateDatumResponse {
// The updated datum.
Datum datum = 1;
}
message CreateDatumRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The title of the datum. (Optional)
string title = 3;
// The actual data of the datum, such as a password or code, encrypted.
// This should decrypt to a string of a json object.
ESecret data = 4;
// The key used to encrypt the actual data, encrypted using the owner's
// public key and decrypted with their private key.
EBytes data_key = 5;
// The encryption algorithm used to encrypt the actual data.
SEncryptionAlgorithm data_encryption_algorithm = 6;
// The initialization vector used to encrypt the data.
bytes data_iv = 7;
}
message CreateDatumResponse {
// The created datum.
Datum datum = 1;
}
message DeleteDatumRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The id of the datum to delete.
string id = 2;
}
message DeleteDatumResponse {
// The deleted datum, as it was before deletion.
Datum datum = 1;
}
message ShareDatumRequest {
// The access token to identify and authenticate the user.
AccessToken access_token = 1;
// The id of the datum to share.
string id = 2;
// The id of the user the datum should be shared with.
string target_id = 3;
// The key used to encrypt the actual data, encrypted using the target user's
// public key and decrypted with their private key.
EBytes data_key = 4;
// The permissions to be granted to this user. These are in addition to any
// permissions the user already has.
repeated Permission permissions = 5;
}
message ShareDatumResponse {
// The shared datum.
Datum datum = 1;
}