x

2 years ago · 2958738b6e
parent ee2175422c
commit 2958738b6e
11 changed files with 142 additions and 84 deletions
--- a/api/user.http.go
+++ b/api/user.http.go
@ -1,11 +1,11 @@
 package user

 import (
+	"git.diulo.com/mogfee/kit/response"
+	"github.com/gin-gonic/gin"
 	"context"
 	"git.diulo.com/mogfee/kit/middleware"
 	"git.diulo.com/mogfee/kit/errors"
-	"git.diulo.com/mogfee/kit/response"
-	"github.com/gin-gonic/gin"
 )

 func RegisterUserHandler(app *gin.Engine, srv UserServer, m ...middleware.Middleware) {
--- a/api/user.pb.go
+++ b/api/user.pb.go
@ -157,26 +157,26 @@ var file_user_proto_rawDesc = []byte{
 	0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x66, 0x69, 0x72, 0x73, 0x74, 0x4e, 0x61,
 	0x6d, 0x65, 0x22, 0x25, 0x0a, 0x0d, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f,
 	0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x9c, 0x02, 0x0a, 0x04, 0x75, 0x73,
+	0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0x98, 0x02, 0x0a, 0x04, 0x75, 0x73,
 	0x65, 0x72, 0x12, 0x68, 0x0a, 0x04, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x63, 0x6f, 0x6d,
 	0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e,
 	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69,
 	0x75, 0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73,
 	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x25, 0xba, 0x45, 0x09, 0x75, 0x73, 0x65, 0x72, 0x3a, 0x6c,
 	0x69, 0x73, 0x74, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x13, 0x12, 0x11, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x65, 0x0a, 0x05,
+	0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x61, 0x0a, 0x05,
 	0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x1b, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x75, 0x6c,
 	0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65,
 	0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x61,
 	0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x21, 0xba, 0x45, 0x04, 0x6e, 0x6f, 0x6e, 0x65, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12,
-	0x12, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x6c, 0x6f,
-	0x67, 0x69, 0x6e, 0x12, 0x43, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1b, 0x2e,
-	0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f,
-	0x67, 0x69, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x6f, 0x6d,
-	0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x09, 0x5a, 0x07, 0x2e, 0x2f, 0x3b, 0x75,
-	0x73, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x22, 0x1d, 0xc0, 0x45, 0x01, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x12,
+	0x43, 0x0a, 0x06, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x1b, 0x2e, 0x63, 0x6f, 0x6d, 0x2e,
+	0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x75,
+	0x6c, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x42, 0x09, 0x5a, 0x07, 0x2e, 0x2f, 0x3b, 0x75, 0x73, 0x65, 0x72, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
--- a/api/user_http.pb.go
+++ b/api/user_http.pb.go
@ -23,6 +23,7 @@ func _User_List0_HTTP_Handler(srv UserHTTPServer) func(ctx http.Context) error {
 		//user:list
 		var newCtx context.Context = ctx
 		newCtx = jwt.SetAuthKeyContext(ctx, "user:list")
+		newCtx = jwt.SetNeedAuthContext(ctx, true)
 		if err := ctx.BindQuery(&in); err != nil {
 			return err
 		}
@ -41,9 +42,8 @@ func _User_List0_HTTP_Handler(srv UserHTTPServer) func(ctx http.Context) error {
 func _User_Login0_HTTP_Handler(srv UserHTTPServer) func(ctx http.Context) error {
 	return func(ctx http.Context) error {
 		var in LoginRequest
-		// none
 		var newCtx context.Context = ctx
-		newCtx = jwt.SetAuthKeyContext(ctx, "none")
+		newCtx = jwt.SetNeedAuthContext(ctx, true)
 		if err := ctx.BindQuery(&in); err != nil {
 			return err
 		}
--- a/cmd/kit/main.go
+++ b/cmd/kit/main.go
@ -44,8 +44,8 @@ func (u *Kit) Generate(plugin *protogen.Plugin) error {
 		for _, s := range f.Services {
 			addAuthKey := false
 			for _, m := range s.Methods {
-				autkKey := protogen2.GetAuthKey(m)
-				if autkKey != "" {
+				_, needAuth := protogen2.GetAuthKey(m)
+				if needAuth {
 					addAuthKey = true
 				}
 			}
@ -98,7 +98,7 @@ func (u *Kit) Generate(plugin *protogen.Plugin) error {
 }

 func (u *Kit) genGet(f *protogen.File, s *protogen.Service, t *protogen.GeneratedFile, m *protogen.Method) {
-	authKey := protogen2.GetAuthKey(m)
+	authKey, needAuth := protogen2.GetAuthKey(m)
 	method, path := protogen2.GetProtoMethod(m)
 	if method == "" {
 		return
@ -113,6 +113,7 @@ func (u *Kit) genGet(f *protogen.File, s *protogen.Service, t *protogen.Generate
 	if authKey != "" {
 		t.P(`newCtx = jwt.SetAuthKeyContext(ctx, "`, authKey, `")`)
 	}
+	t.P(`newCtx = jwt.SetNeedAuthContext(ctx, `, needAuth, `)`)
 	if method == protogen2.METHOD_GET {
 		t.P(`if err := ctx.BindQuery(&in); err != nil {
 			return err
--- a/git.diulo.com/mogfee/kit/third_party/auth/auth.pb.go
+++ b/git.diulo.com/mogfee/kit/third_party/auth/auth.pb.go
@ -29,12 +29,22 @@ var file_third_party_auth_auth_proto_extTypes = []protoimpl.ExtensionInfo{
 		Tag:           "bytes,1111,opt,name=auth_key",
 		Filename:      "third_party/auth/auth.proto",
 	},
+	{
+		ExtendedType:  (*descriptorpb.MethodOptions)(nil),
+		ExtensionType: (*bool)(nil),
+		Field:         1112,
+		Name:          "auth.auth",
+		Tag:           "varint,1112,opt,name=auth",
+		Filename:      "third_party/auth/auth.proto",
+	},
 }

 // Extension fields to descriptorpb.MethodOptions.
 var (
 	// optional string auth_key = 1111;
 	E_AuthKey = &file_third_party_auth_auth_proto_extTypes[0]
+	// optional bool auth = 1112;
+	E_Auth = &file_third_party_auth_auth_proto_extTypes[1]
 )

 var File_third_party_auth_auth_proto protoreflect.FileDescriptor
@ -48,10 +58,13 @@ var file_third_party_auth_auth_proto_rawDesc = []byte{
 	0x79, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
 	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x73, 0x18, 0xd7, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x75, 0x74, 0x68, 0x4b, 0x65,
-	0x79, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x63,
-	0x6f, 0x6d, 0x2f, 0x6d, 0x6f, 0x67, 0x66, 0x65, 0x65, 0x2f, 0x6b, 0x69, 0x74, 0x2f, 0x74, 0x68,
-	0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x79, 0x3a, 0x33, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd8, 0x08, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x2e, 0x64, 0x69,
+	0x75, 0x6c, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6d, 0x6f, 0x67, 0x66, 0x65, 0x65, 0x2f, 0x6b,
+	0x69, 0x74, 0x2f, 0x74, 0x68, 0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x2f, 0x61,
+	0x75, 0x74, 0x68, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var file_third_party_auth_auth_proto_goTypes = []interface{}{
@ -59,10 +72,11 @@ var file_third_party_auth_auth_proto_goTypes = []interface{}{
 }
 var file_third_party_auth_auth_proto_depIdxs = []int32{
 	0, // 0: auth.auth_key:extendee -> google.protobuf.MethodOptions
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	0, // [0:1] is the sub-list for extension extendee
+	0, // 1: auth.auth:extendee -> google.protobuf.MethodOptions
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	0, // [0:2] is the sub-list for extension extendee
 	0, // [0:0] is the sub-list for field type_name
 }

@ -78,7 +92,7 @@ func file_third_party_auth_auth_proto_init() {
 			RawDescriptor: file_third_party_auth_auth_proto_rawDesc,
 			NumEnums:      0,
 			NumMessages:   0,
-			NumExtensions: 1,
+			NumExtensions: 2,
 			NumServices:   0,
 		},
 		GoTypes:           file_third_party_auth_auth_proto_goTypes,
--- a/middleware/jwt/jwt.go
+++ b/middleware/jwt/jwt.go
@ -12,10 +12,10 @@ const (
 )

 type userIdKey struct{}
-type authKey struct {
-}
+type authKey struct{}
+type needAuthKey struct{}

-type ParseFunc func(ctx context.Context, key string, tokenStr string) (*UserInfo, error)
+type ParseFunc func(ctx context.Context, key string, tokenStr string) (*UserInfo, bool, error)
 type JwtOption func(o *options)

 func WithJwtKey(jwtKey string) JwtOption {
@ -53,7 +53,13 @@ func JWT(opts ...JwtOption) middleware.Middleware {
 	var cfg = &options{
 		jwtKey:             "JssLx22bjQwnyqby",
 		validatePermission: InSlice,
-		parseFunc:          Parse,
+		parseFunc: func(ctx context.Context, key string, tokenStr string) (*UserInfo, bool, error) {
+			userInfo, err := Parse(key, tokenStr)
+			if err != nil {
+				return nil, false, err
+			}
+			return userInfo, userInfo.UserId > 0, nil
+		},
 	}
 	for _, o := range opts {
 		o(cfg)
@ -61,28 +67,28 @@ func JWT(opts ...JwtOption) middleware.Middleware {

 	return func(handler middleware.Handler) middleware.Handler {
 		return func(ctx context.Context, a any) (any, error) {
-			permission := FromAuthKeyContext(ctx)
-
-			if permission == permissionNoCheck {
-				return handler(ctx, a)
-			}
+			authKey := FromAuthKeyContext(ctx)
+			needAuth := FromNeedAuthContext(ctx)

 			var tokenStr string
 			if tr, ok := transport.FromServerContext(ctx); ok {
 				tokenStr = tr.RequestHeader().Get("token")
 			}
-			userInfo, err := cfg.parseFunc(ctx, cfg.jwtKey, tokenStr)
+			userInfo, _, err := cfg.parseFunc(ctx, cfg.jwtKey, tokenStr)
 			if err != nil {
 				return nil, err
 			}
-			if permission != "" {
-				if !cfg.validatePermission(userInfo.Permissions, permission) {
-					return nil, errors.Unauthorized("TOKEN_PERMISSION_BAD", "")
+			//需要验证
+			if needAuth {
+				if authKey != "" {
+					if !cfg.validatePermission(userInfo.Permissions, authKey) {
+						return nil, errors.Unauthorized("TOKEN_PERMISSION_BAD", "")
+					}
 				}
-			}
-			if cfg.validate != nil {
-				if err = cfg.validate(userInfo.UniqueId); err != nil {
-					return nil, err
+				if cfg.validate != nil {
+					if err = cfg.validate(userInfo.UniqueId); err != nil {
+						return nil, err
+					}
 				}
 			}
 			ctx = SetUserContext(ctx, userInfo)
@ -116,3 +122,14 @@ func FromAuthKeyContext(ctx context.Context) string {
 	}
 	return v.(string)
 }
+
+func SetNeedAuthContext(ctx context.Context, auth bool) context.Context {
+	return context.WithValue(ctx, needAuthKey{}, auth)
+}
+func FromNeedAuthContext(ctx context.Context) bool {
+	v := ctx.Value(needAuthKey{})
+	if v == nil {
+		return false
+	}
+	return v.(bool)
+}
--- a/middleware/jwt/token.go
+++ b/middleware/jwt/token.go
@ -1,7 +1,6 @@
 package jwt

 import (
-	"context"
 	"encoding/json"
 	"git.diulo.com/mogfee/kit/errors"
 	"git.diulo.com/mogfee/kit/internal/xuuid"
@ -54,7 +53,7 @@ func GetToken(key string, info *UserInfo) (token string, uniqId string, err erro
 	return
 }

-func Parse(ctx context.Context, key string, tokenStr string) (*UserInfo, error) {
+func Parse(key string, tokenStr string) (*UserInfo, error) {
 	if tokenStr == "" {
 		return nil, errors.Unauthorized("TOKEN_ERROR", "")
 	}
--- a/proto/user.proto
+++ b/proto/user.proto
@ -19,7 +19,7 @@ service user{
  }
  //等了
  rpc login(loginRequest)returns(loginResponse){
-    option(auth.auth_key) = "none";
+    option(auth.auth) = true;
    option (google.api.http) = {
      get: "/api/v1/user/login",
    };
--- a/protogen/protogen.go
+++ b/protogen/protogen.go
@ -33,15 +33,26 @@ func GetProtoMethod(m *protogen.Method) (method string, path string) {
 	return "", ""
 }

-func GetAuthKey(m *protogen.Method) string {
+func GetAuthKey(m *protogen.Method) (authKey string, needAuth bool) {
+
 	if op, ok := m.Desc.Options().(*descriptorpb.MethodOptions); ok {
 		if opts, err := proto.GetExtension(op, auth.E_AuthKey); err != nil {
 			//log.Println(err)
 		} else {
 			if vv, ok := opts.(*string); ok {
-				return *vv
+				return *vv, true
+			}
+		}
+	}
+
+	if op, ok := m.Desc.Options().(*descriptorpb.MethodOptions); ok {
+		if opts, err := proto.GetExtension(op, auth.E_Auth); err != nil {
+			//log.Println(err)
+		} else {
+			if _, ok := opts.(*bool); ok {
+				return "", true
 			}
 		}
 	}
-	return ""
+	return "", false
 }
--- a/third_party/auth/auth.pb.go
+++ b/third_party/auth/auth.pb.go
@ -2,7 +2,7 @@
 // versions:
 // 	protoc-gen-go v1.28.1
 // 	protoc        v3.17.3
-// source: auth.proto
+// source: third_party/auth/auth.proto

 package auth

@ -20,72 +20,87 @@ const (
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )

-var file_auth_proto_extTypes = []protoimpl.ExtensionInfo{
+var file_third_party_auth_auth_proto_extTypes = []protoimpl.ExtensionInfo{
 	{
 		ExtendedType:  (*descriptorpb.MethodOptions)(nil),
 		ExtensionType: (*string)(nil),
 		Field:         1111,
 		Name:          "auth.auth_key",
 		Tag:           "bytes,1111,opt,name=auth_key",
-		Filename:      "auth.proto",
+		Filename:      "third_party/auth/auth.proto",
+	},
+	{
+		ExtendedType:  (*descriptorpb.MethodOptions)(nil),
+		ExtensionType: (*bool)(nil),
+		Field:         1112,
+		Name:          "auth.auth",
+		Tag:           "varint,1112,opt,name=auth",
+		Filename:      "third_party/auth/auth.proto",
 	},
 }

 // Extension fields to descriptorpb.MethodOptions.
 var (
 	// optional string auth_key = 1111;
-	E_AuthKey = &file_auth_proto_extTypes[0]
+	E_AuthKey = &file_third_party_auth_auth_proto_extTypes[0]
+	// optional bool auth = 1112;
+	E_Auth = &file_third_party_auth_auth_proto_extTypes[1]
 )

-var File_auth_proto protoreflect.FileDescriptor
+var File_third_party_auth_auth_proto protoreflect.FileDescriptor

-var file_auth_proto_rawDesc = []byte{
-	0x0a, 0x0a, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x61, 0x75,
-	0x74, 0x68, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x3a, 0x0a, 0x08, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6b, 0x65, 0x79,
-	0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x18, 0xd7, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79,
-	0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x2e, 0x64, 0x69, 0x75, 0x6c, 0x6f, 0x2e, 0x63, 0x6f,
-	0x6d, 0x2f, 0x6d, 0x6f, 0x67, 0x66, 0x65, 0x65, 0x2f, 0x6b, 0x69, 0x74, 0x2f, 0x74, 0x68, 0x69,
-	0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+var file_third_party_auth_auth_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x74, 0x68, 0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x2f, 0x61, 0x75,
+	0x74, 0x68, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x61,
+	0x75, 0x74, 0x68, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x3a, 0x0a, 0x08, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6b, 0x65,
+	0x79, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x18, 0xd7, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x75, 0x74, 0x68, 0x4b, 0x65,
+	0x79, 0x3a, 0x33, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68,
+	0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xd8, 0x08, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x42, 0x2b, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x2e, 0x64, 0x69,
+	0x75, 0x6c, 0x6f, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6d, 0x6f, 0x67, 0x66, 0x65, 0x65, 0x2f, 0x6b,
+	0x69, 0x74, 0x2f, 0x74, 0x68, 0x69, 0x72, 0x64, 0x5f, 0x70, 0x61, 0x72, 0x74, 0x79, 0x2f, 0x61,
+	0x75, 0x74, 0x68, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

-var file_auth_proto_goTypes = []interface{}{
+var file_third_party_auth_auth_proto_goTypes = []interface{}{
 	(*descriptorpb.MethodOptions)(nil), // 0: google.protobuf.MethodOptions
 }
-var file_auth_proto_depIdxs = []int32{
+var file_third_party_auth_auth_proto_depIdxs = []int32{
 	0, // 0: auth.auth_key:extendee -> google.protobuf.MethodOptions
-	1, // [1:1] is the sub-list for method output_type
-	1, // [1:1] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	0, // [0:1] is the sub-list for extension extendee
+	0, // 1: auth.auth:extendee -> google.protobuf.MethodOptions
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	0, // [0:2] is the sub-list for extension extendee
 	0, // [0:0] is the sub-list for field type_name
 }

-func init() { file_auth_proto_init() }
-func file_auth_proto_init() {
-	if File_auth_proto != nil {
+func init() { file_third_party_auth_auth_proto_init() }
+func file_third_party_auth_auth_proto_init() {
+	if File_third_party_auth_auth_proto != nil {
 		return
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_auth_proto_rawDesc,
+			RawDescriptor: file_third_party_auth_auth_proto_rawDesc,
 			NumEnums:      0,
 			NumMessages:   0,
-			NumExtensions: 1,
+			NumExtensions: 2,
 			NumServices:   0,
 		},
-		GoTypes:           file_auth_proto_goTypes,
-		DependencyIndexes: file_auth_proto_depIdxs,
-		ExtensionInfos:    file_auth_proto_extTypes,
+		GoTypes:           file_third_party_auth_auth_proto_goTypes,
+		DependencyIndexes: file_third_party_auth_auth_proto_depIdxs,
+		ExtensionInfos:    file_third_party_auth_auth_proto_extTypes,
 	}.Build()
-	File_auth_proto = out.File
-	file_auth_proto_rawDesc = nil
-	file_auth_proto_goTypes = nil
-	file_auth_proto_depIdxs = nil
+	File_third_party_auth_auth_proto = out.File
+	file_third_party_auth_auth_proto_rawDesc = nil
+	file_third_party_auth_auth_proto_goTypes = nil
+	file_third_party_auth_auth_proto_depIdxs = nil
 }
--- a/third_party/auth/auth.proto
+++ b/third_party/auth/auth.proto
@ -6,4 +6,5 @@ import "google/protobuf/descriptor.proto";

 extend google.protobuf.MethodOptions{
  string auth_key = 1111;
+  bool auth = 1112;
 }