syntax = "proto3";

package authorize;

service Authorizer {
  rpc IsAuthorized(IsAuthorizedRequest) returns (IsAuthorizedReply) {}
}

message IsAuthorizedRequest {
  // User Context
  //
  string user_token = 1;
  // Request Context
  //
  // Method specifies the HTTP method (GET, POST, PUT, etc.).
  string request_method = 2;
  // URL specifies either the URI being requested
  string request_url = 3;
  // host specifies the host on which the URL per RFC 7230, section 5.4
  string request_host = 4;
  // request_uri is the unmodified request-target of the
  // Request-Line (RFC 7230, Section 3.1.1) as sent by the client
  string request_request_uri = 5;
  // RemoteAddr allows HTTP servers and other software to record
  // the network address that sent the request, usually for
  string request_remote_addr = 6;
  // headers represents key-value pairs in an HTTP header; map[string][]string
  message Headers { repeated string value = 1; }
  map<string, Headers> request_headers = 7;
}

message IsAuthorizedReply {
  bool allow = 1;
  bool session_expired = 2; // special case
  repeated string deny_reasons = 3;
  string signed_jwt = 4;
  string user = 5;
  string email = 6;
  repeated string groups = 7;
  HTTPStatus http_status = 8;
}

message HTTPStatus {
  int32 code = 1;
  string message = 2;
  map<string, string> headers = 3;
}