mirror of
https://github.com/biscuit-auth/biscuit.git
synced 2024-10-26 06:40:35 +03:00
a195fb4a4c
symbols were a kind of strings with less available operations and some specific optimizations: they store in index into a symbol table carried by the token, to reduce size by avoiding repetitions. They were too confusing for users, and now that #authority and #ambient are gone, we can remove them completely. The symbol table was useful though, so now the symbol table is used for all predicate names and strings
194 lines
3.1 KiB
Protocol Buffer
194 lines
3.1 KiB
Protocol Buffer
syntax = "proto2";
|
|
|
|
package biscuit.format.schema;
|
|
|
|
message Biscuit {
|
|
optional uint32 rootKeyId = 1;
|
|
required SignedBlock authority = 2;
|
|
repeated SignedBlock blocks = 3;
|
|
required Proof proof = 4;
|
|
}
|
|
|
|
message SignedBlock {
|
|
required bytes block = 1;
|
|
required bytes nextKey = 2;
|
|
required bytes signature = 3;
|
|
}
|
|
|
|
message Proof {
|
|
oneof Content {
|
|
bytes nextSecret = 1;
|
|
bytes finalSignature = 2;
|
|
}
|
|
}
|
|
|
|
message Block {
|
|
repeated string symbols = 1;
|
|
optional string context = 2;
|
|
optional uint32 version = 3;
|
|
repeated FactV2 facts_v2 = 4;
|
|
repeated RuleV2 rules_v2 = 5;
|
|
repeated CheckV2 checks_v2 = 6;
|
|
}
|
|
|
|
message FactV2 {
|
|
required PredicateV2 predicate = 1;
|
|
}
|
|
|
|
message RuleV2 {
|
|
required PredicateV2 head = 1;
|
|
repeated PredicateV2 body = 2;
|
|
repeated ExpressionV2 expressions = 3;
|
|
}
|
|
|
|
message CheckV2 {
|
|
repeated RuleV2 queries = 1;
|
|
}
|
|
|
|
message PredicateV2 {
|
|
required uint64 name = 1;
|
|
repeated IDV2 ids = 2;
|
|
}
|
|
|
|
message IDV2 {
|
|
oneof Content {
|
|
uint32 variable = 1;
|
|
int64 integer = 2;
|
|
uint64 string = 3;
|
|
uint64 date = 4;
|
|
bytes bytes = 5;
|
|
bool bool = 6;
|
|
IDSet set = 7;
|
|
}
|
|
}
|
|
|
|
message IDSet {
|
|
repeated IDV2 set = 1;
|
|
}
|
|
|
|
message ConstraintV2 {
|
|
required uint32 id = 1;
|
|
|
|
oneof Constraint {
|
|
IntConstraintV2 int = 2;
|
|
StringConstraintV2 string = 3;
|
|
DateConstraintV2 date = 4;
|
|
BytesConstraintV2 bytes = 5;
|
|
}
|
|
}
|
|
|
|
message IntConstraintV2 {
|
|
oneof Constraint {
|
|
int64 less_than = 1;
|
|
int64 greater_than = 2;
|
|
int64 less_or_equal = 3;
|
|
int64 greater_or_equal = 4;
|
|
int64 equal = 5;
|
|
IntSet in_set = 6;
|
|
IntSet not_in_set = 7;
|
|
}
|
|
}
|
|
|
|
message IntSet {
|
|
repeated int64 set = 7 [packed=true];
|
|
}
|
|
|
|
message StringConstraintV2 {
|
|
oneof Constraint {
|
|
string prefix = 1;
|
|
string suffix = 2;
|
|
string equal = 3;
|
|
StringSet in_set = 4;
|
|
StringSet not_in_set = 5;
|
|
string regex = 6;
|
|
}
|
|
}
|
|
|
|
message StringSet {
|
|
repeated uint64 set = 1 [packed=true];
|
|
}
|
|
|
|
message DateConstraintV2 {
|
|
oneof Constraint {
|
|
uint64 before = 1;
|
|
uint64 after = 2;
|
|
}
|
|
}
|
|
|
|
message BytesConstraintV2 {
|
|
oneof Constraint {
|
|
bytes equal = 1;
|
|
BytesSet in_set = 2;
|
|
BytesSet not_in_set = 3;
|
|
}
|
|
}
|
|
|
|
message BytesSet {
|
|
repeated bytes set = 1;
|
|
}
|
|
|
|
message ExpressionV2 {
|
|
repeated Op ops = 1;
|
|
}
|
|
|
|
message Op {
|
|
oneof Content {
|
|
IDV2 value = 1;
|
|
OpUnary unary = 2;
|
|
OpBinary Binary = 3;
|
|
}
|
|
}
|
|
|
|
message OpUnary {
|
|
enum Kind {
|
|
Negate = 0;
|
|
Parens = 1;
|
|
Length = 2;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
}
|
|
|
|
message OpBinary {
|
|
enum Kind {
|
|
LessThan = 0;
|
|
GreaterThan = 1;
|
|
LessOrEqual = 2;
|
|
GreaterOrEqual = 3;
|
|
Equal = 4;
|
|
Contains = 5;
|
|
Prefix = 6;
|
|
Suffix = 7;
|
|
Regex = 8;
|
|
Add = 9;
|
|
Sub = 10;
|
|
Mul = 11;
|
|
Div = 12;
|
|
And = 13;
|
|
Or = 14;
|
|
Intersection = 15;
|
|
Union = 16;
|
|
}
|
|
|
|
required Kind kind = 1;
|
|
}
|
|
|
|
message Policy {
|
|
enum Kind {
|
|
Allow = 0;
|
|
Deny = 1;
|
|
}
|
|
|
|
repeated RuleV2 queries = 1;
|
|
required Kind kind = 2;
|
|
}
|
|
|
|
message VerifierPolicies {
|
|
repeated string symbols = 1;
|
|
optional uint32 version = 2;
|
|
repeated FactV2 facts = 3;
|
|
repeated RuleV2 rules = 4;
|
|
repeated CheckV2 checks = 5;
|
|
repeated Policy policies = 6;
|
|
}
|