Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions raystack/frontier/v1beta1/frontier.proto
Original file line number Diff line number Diff line change
Expand Up @@ -1887,6 +1887,9 @@ service FrontierService {

// Audit Records
rpc CreateAuditRecord(CreateAuditRecordRequest) returns (CreateAuditRecordResponse) {}

// Personal Access Token
rpc CreateCurrentUserPersonalToken(CreateCurrentUserPersonalTokenRequest) returns (CreateCurrentUserPersonalTokenResponse) {}
}

// Billing
Expand Down Expand Up @@ -4256,3 +4259,29 @@ message CreateAuditRecordRequest {
message CreateAuditRecordResponse {
AuditRecord audit_record = 1;
}

message CreateCurrentUserPersonalTokenRequest {
// Human-friendly display name, unique per user per org
string title = 1 [
(validate.rules).string.min_len = 1,
(google.api.field_behavior) = REQUIRED
];
string org_id = 2 [
(validate.rules).string.uuid = true,
(google.api.field_behavior) = REQUIRED
];
// Role ids to scope the token to
repeated string role_ids = 3 [
(google.api.field_behavior) = REQUIRED,
(validate.rules).repeated = {min_items: 1},
(validate.rules).repeated.items.string.uuid = true
];
// For project-scoped roles: empty = all projects, non-empty = specific projects
repeated string project_ids = 4 [(validate.rules).repeated.items.string.uuid = true];
google.protobuf.Timestamp expires_at = 5 [(google.api.field_behavior) = REQUIRED];
google.protobuf.Struct metadata = 6;
}

message CreateCurrentUserPersonalTokenResponse {
PersonalAccessToken token = 1;
}
42 changes: 42 additions & 0 deletions raystack/frontier/v1beta1/models.proto
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,48 @@ message ServiceUserToken {
}];
}

message PersonalAccessToken {
string id = 1;
string title = 2;
string user_id = 3;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

user_id should carry OUTPUT_ONLY

user_id is not present in CreateCurrentUserPersonalTokenRequest — it is derived from the authenticated session server-side. Without OUTPUT_ONLY, code generators and client libraries may incorrectly treat it as a writable field.

🛡️ Proposed fix
-  string user_id = 3;
+  string user_id = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
string user_id = 3;
string user_id = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@raystack/frontier/v1beta1/models.proto` at line 445, The user_id field in the
message should be marked OUTPUT_ONLY so clients don't treat it as writable;
update the field declaration for user_id (string user_id = 3) to include the
protobuf field behavior annotation (google.api.field_behavior) = OUTPUT_ONLY
(i.e., add [(google.api.field_behavior) = OUTPUT_ONLY]) so code generators and
client libraries know it is server-derived; ensure the
google/api/annotations.proto import is present if not already and apply this
change to the message that defines user_id (e.g., the
CreateCurrentUserPersonalTokenRequest/related response message) so the field is
treated as output-only.

string org_id = 4;

// token will only be returned once as part of the create process
// this value is never persisted in the system so if lost, can't be recovered
string token = 5 [(google.api.field_behavior) = OUTPUT_ONLY];

google.protobuf.Timestamp expires_at = 10 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token expires.",
example: "\"2024-06-07T05:39:56.961Z\""
}];
Comment on lines +452 to +455
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

expires_at is inconsistently missing OUTPUT_ONLY

last_used_at (field 11), created_at (field 12), and updated_at (field 13) all carry OUTPUT_ONLY, but expires_at (field 10) does not. Even though expires_at is accepted as input in the request, the value that is actually persisted and returned is server-authoritative — it may be clamped or normalized. The response-model field should be marked OUTPUT_ONLY for consistency and to correctly signal to generated clients that the echoed value is server-set.

🛡️ Proposed fix
-  google.protobuf.Timestamp expires_at = 10 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-    description: "The time when the token expires.",
-    example: "\"2024-06-07T05:39:56.961Z\""
-  }];
+  google.protobuf.Timestamp expires_at = 10 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "The time when the token expires.",
+      example: "\"2024-06-07T05:39:56.961Z\""
+    },
+    (google.api.field_behavior) = OUTPUT_ONLY
+  ];
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
google.protobuf.Timestamp expires_at = 10 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token expires.",
example: "\"2024-06-07T05:39:56.961Z\""
}];
google.protobuf.Timestamp expires_at = 10 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token expires.",
example: "\"2024-06-07T05:39:56.961Z\""
},
(google.api.field_behavior) = OUTPUT_ONLY
];
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@raystack/frontier/v1beta1/models.proto` around lines 452 - 455, The
expires_at field is missing the OUTPUT_ONLY field behavior: update the
expires_at definition to include the google.api.field_behavior OUTPUT_ONLY
option (matching last_used_at, created_at, updated_at) so the proto signals the
field is server-set; e.g., add [(google.api.field_behavior) = OUTPUT_ONLY] to
the expires_at field annotation and ensure the file imports
google/api/field_behavior.proto if not already present.


google.protobuf.Timestamp last_used_at = 11 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token was last used.",
example: "\"2024-06-07T05:39:56.961Z\""
},
(google.api.field_behavior) = OUTPUT_ONLY
];

google.protobuf.Timestamp created_at = 12 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token was created.",
example: "\"2023-06-07T05:39:56.961Z\""
},
(google.api.field_behavior) = OUTPUT_ONLY
];

google.protobuf.Timestamp updated_at = 13 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
description: "The time when the token was last updated.",
example: "\"2023-06-07T05:39:56.961Z\""
},
(google.api.field_behavior) = OUTPUT_ONLY
];

google.protobuf.Struct metadata = 20;
}

// JSON Web Key as specified in RFC 7517
message JSONWebKey {
// Key Type.
Expand Down
Loading