-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcoprocess_session_state.proto
196 lines (153 loc) · 5.64 KB
/
coprocess_session_state.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
syntax = "proto3";
package coprocess;
option go_package = "/coprocess";
/**
* @hidecollaborationgraph
* @brief Defines a URL and list of HTTP methods that the session can access
*/
message AccessSpec {
/** The URL that the key can access, eg \"/resource/(.*)\" */
string url = 1;
/** List of allowed HTTP methods, \"GET\", \"POST\"\.
*
* The list of HTTP methods are case sensitive
*/
repeated string methods = 2;
}
/** Used to specify the allowed URLs and endpoints for a specific API */
message AccessDefinition {
/** User defined name identifying the API */
string api_name = 1;
/** Unique id of the API */
string api_id = 2;
/** List of named versions for the API */
repeated string versions = 3;
/** List of allowed URLs and their associated methods that the session can
* access
*/
repeated AccessSpec allowed_urls = 4;
}
/**
* @hidecollaborationgraph
* @brief Defines the basic auth password and hashing method.
*/
message BasicAuthData {
/** The basic auth password */
string password = 1;
/** The hashing method */
string hash = 2;
}
/**
* @hidecollaborationgraph
* @brief Contains a JWT shared secret if the key or ID matches a JWT ID
*/
message JWTData {
/** The JWT secret */
string secret = 1;
}
/**
* @hidecollaborationgraph
* @brief Set the quota use thresholds for the session that triggers notification
*/
message Monitor {
/** List of percentage threshold values in descending order that trigger a
* notification when reached */
repeated double trigger_limits = 1;
}
/**
* @brief Created for every authenticated request and stored in Redis.
*
* Used to track the activity of a given key in different ways, mainly by the built-in
* Tyk middleware such as the quota middleware or the rate limiter. A GRPC plugin is
* able to create a SessionState object and store it in the same way built-in
* authentication mechanisms do
*/
message SessionState {
/** Deprecated */
int64 last_check = 1;
/** Deprecated, replaced by rate */
double allowance = 2;
/** The number of requests that are allowed in the specified rate limiting
* window
*/
double rate = 3;
/** The uration of the rate window, in seconds */
double per = 4;
/** An epoch that defines when the key should expire */
int64 expires = 5;
/** The maximum number of requests allowed during the quota period */
int64 quota_max = 6;
/** An epoch that defines when the quota renews */
int64 quota_renews = 7;
/** The number of requests remaining for this user’s quota (unrelated to rate
* limit)
*/
int64 quota_remaining = 8;
/** The time in seconds during which the quota is valid.
* So for 1000 requests per hour, this value would be 3600 while quota_max and
* quota_remaining would be 1000
*/
int64 quota_renewal_rate = 9;
/**
* Access rights can be defined either by the Dashboard or via an API, depending on the version of Tyk you are using
*/
map<string, AccessDefinition> access_rights = 10;
/** The organisation this user belongs to. This can be used in conjunction with the org_id setting in the API Definition object to have tokens “owned” by organisations */
string org_id = 11;
/** Set by Tyk if the token is generated by an OAuth client during an
* OAuth authorisation flow */
string oauth_client_id = 12;
map<string, string> oauth_keys = 13;
/** Defines the basic auth password and hashing method */
BasicAuthData basic_auth_data = 14;
/** Contains a JWT shared secret if the ID matches a JWT ID */
JWTData jwt_data = 15;
/** If set to true, Tyk will generate a secret key for the key owner (which should
* not be modified)
*/
bool hmac_enabled = 16;
/** Value of the HMAC secret */
string hmac_secret = 17;
/** Access is denied when this is set to true */
bool is_inactive = 18;
/** The policy ID that is bound to the token. Deprecated use apply_policies
* instead */
string apply_policy_id = 19;
/** A value, in seconds, that defines when data generated by this token expires in
* the analytics DB (must be using Pro edition and MongoDB) */
int64 data_expires = 20;
/** Rate monitor trigger settings */
Monitor monitor = 21;
/** Set this value to true to have Tyk store the inbound request and outbound
* response data in HTTP Wire format as part of the analytics data
*/
bool enable_detailed_recording = 22;
/** Meta data to be included as part of the session that can be used in other
* middleware such as transforms and header injection to embed user-specific
* data into a request, or alternatively to query the providence of a key
*/
map<string, string> metadata = 23;
/** List of tags to embed into analytics data when the request completes. If a policy
* has tags, those tags take precedence and are used instead
*/
repeated string tags = 24;
/** Identifier for the token for use in analytics, to allow easier tracing of hashed
* and unhashed tokens
*/
string alias = 25;
/** Is this an ISO 8601 date/time string for when session was last updated? */
string last_updated = 26;
/** UNIX timestamp on which the cached key or ID will expire. Used when
* custom authentication is used */
int64 id_extractor_deadline = 27;
/** UNIX timestamp that denotes when the key will automatically expire. Any
* subsequent API request made using the key will be rejected. Overrides the
* global session lifetime */
int64 session_lifetime = 28;
/** List of identifiers for the policies to apply to the token */
repeated string apply_policies = 29;
/** Undocumented */
string certificate = 30;
/** Undocumented, graphQL max query depth?? */
int64 max_query_depth = 31;
}