mirror of
https://github.com/biscuit-auth/biscuit.git
synced 2024-09-11 06:15:30 +03:00
43e975e680
this changes the Protobuf format to add a version field to blocks, set to 0 for now. This change will ship in the 0.9 version of the Rust version. When deserializing a token, we wil check the version field. if not present, we assume the block is at version 0. A token can contain blocks with different versions, so a token generated by an old library can be attenuated by a newer one. If the version is higher than the maximum one for the library, the token will be rejected
171 lines
2.9 KiB
Protocol Buffer
171 lines
2.9 KiB
Protocol Buffer
syntax = "proto2";
|
|
|
|
package biscuit.format.schema;
|
|
|
|
message Biscuit {
|
|
required bytes authority = 1;
|
|
repeated bytes blocks = 2;
|
|
repeated bytes keys = 3;
|
|
required Signature signature = 4;
|
|
}
|
|
|
|
message SealedBiscuit {
|
|
required bytes authority = 1;
|
|
repeated bytes blocks = 2;
|
|
required bytes signature = 3;
|
|
}
|
|
|
|
message Signature {
|
|
repeated bytes parameters = 1;
|
|
required bytes z = 2;
|
|
}
|
|
|
|
message Block {
|
|
required uint32 index = 1;
|
|
repeated string symbols = 2;
|
|
repeated Fact facts = 3;
|
|
repeated Rule rules = 4;
|
|
repeated Caveat caveats = 5;
|
|
optional string context = 6;
|
|
optional uint32 version = 7;
|
|
}
|
|
|
|
message Fact {
|
|
required Predicate predicate = 1;
|
|
}
|
|
|
|
message Rule {
|
|
required Predicate head = 1;
|
|
repeated Predicate body = 2;
|
|
repeated Constraint constraints = 3;
|
|
}
|
|
|
|
message Caveat {
|
|
repeated Rule queries = 1;
|
|
}
|
|
|
|
message Predicate {
|
|
required uint64 name = 1;
|
|
repeated ID ids = 2;
|
|
}
|
|
|
|
|
|
message ID {
|
|
enum Kind {
|
|
SYMBOL = 0;
|
|
VARIABLE = 1;
|
|
INTEGER = 2;
|
|
STR = 3;
|
|
DATE = 4;
|
|
BYTES = 5;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
optional uint64 symbol = 2;
|
|
optional uint32 variable = 3;
|
|
optional int64 integer = 4;
|
|
optional string str = 5;
|
|
optional uint64 date = 6;
|
|
optional bytes bytes = 7;
|
|
}
|
|
|
|
message Constraint {
|
|
required uint32 id = 1;
|
|
|
|
enum Kind {
|
|
INT = 0;
|
|
STRING = 1;
|
|
DATE = 2;
|
|
SYMBOL = 3;
|
|
BYTES = 4;
|
|
}
|
|
|
|
required Kind kind = 2;
|
|
|
|
optional IntConstraint int = 3;
|
|
optional StringConstraint str = 4;
|
|
optional DateConstraint date = 5;
|
|
optional SymbolConstraint symbol = 6;
|
|
optional BytesConstraint bytes = 7;
|
|
}
|
|
|
|
message IntConstraint {
|
|
enum Kind {
|
|
LOWER = 0;
|
|
LARGER = 1;
|
|
LOWER_OR_EQUAL = 2;
|
|
LARGER_OR_EQUAL = 3;
|
|
EQUAL = 4;
|
|
IN = 5;
|
|
NOT_IN = 6;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
|
|
optional int64 lower = 2;
|
|
optional int64 larger = 3;
|
|
optional int64 lower_or_equal = 4;
|
|
optional int64 larger_or_equal = 5;
|
|
optional int64 equal = 6;
|
|
repeated int64 in_set = 7 [packed=true];
|
|
repeated int64 not_in_set = 8 [packed=true];
|
|
}
|
|
|
|
message StringConstraint {
|
|
enum Kind {
|
|
PREFIX = 0;
|
|
SUFFIX = 1;
|
|
EQUAL = 2;
|
|
IN = 3;
|
|
NOT_IN = 4;
|
|
REGEX = 5;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
|
|
optional string prefix = 2;
|
|
optional string suffix = 3;
|
|
optional string equal = 4;
|
|
repeated string in_set = 5;
|
|
repeated string not_in_set = 6;
|
|
optional string regex = 7;
|
|
}
|
|
|
|
message DateConstraint {
|
|
enum Kind {
|
|
BEFORE = 0;
|
|
AFTER = 1;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
|
|
optional uint64 before = 2;
|
|
optional uint64 after = 3;
|
|
}
|
|
|
|
message SymbolConstraint {
|
|
enum Kind {
|
|
IN = 0;
|
|
NOT_IN = 1;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
|
|
repeated uint64 in_set = 2;
|
|
repeated uint64 not_in_set = 3;
|
|
}
|
|
|
|
message BytesConstraint {
|
|
enum Kind {
|
|
EQUAL = 0;
|
|
IN = 1;
|
|
NOT_IN = 2;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
|
|
optional bytes equal = 2;
|
|
repeated bytes in_set = 3;
|
|
repeated bytes not_in_set = 4;
|
|
}
|