@0xc7941adf5db6bbf0;

using Rust = import "programming_language/rust.capnp";
$Rust.parentModule("schema");

using CSharp = import "programming_language/csharp.capnp";
$CSharp.namespace("FabAccessAPI.Schema");

using General = import "general.capnp";
using Space = import "space.capnp".Space;
using Role = import "role.capnp".Role;

struct User
{
    id @0 :General.UUID;
    username @1 :Text;
    space @2 :Space;

    struct UserInfoExtended
    {
        id @0 :General.UUID;
        firstname @1 :Text;
        lastname @2 :Text;
        address @3 :Address;

        struct Address
        { # TODO POST*CODE
            text @0 :Text;
        }
    }

    info @3 :Info;
    interface Info $CSharp.name("InfoInterface") {
        getUserInfoExtended @0 () -> ( userInfoExtended :UserInfoExtended );
    }

    manage @4 :Manage;
    interface Manage $CSharp.name("ManageInterface") {
        pwd @0 ( pwd :Text ) -> ();
    }

    admin @5 :Admin;
    interface Admin $CSharp.name("AdminInterface") {
        addRole @0 ( role :Role ) -> ();
        removeRole @1 ( role :Role ) -> ();
    }

    cardDESFireEV2 @6 :CardDESFireEV2;
    interface CardDESFireEV2 $CSharp.name("CardDESFireInterface") {
        # Card authentication using NXP/MiFare DESFire cards.
        # These cards have the ability to restrict access for data on the cards using symmetric
        # encryption and using a keyed Diffie-Hellman to prevent eavesdropping by any relaying
        # party.

        getTokenList @0 () -> ( tokens :List(Data) );
        # Get a list of all user Token currently bound to an user. This will generally be the number
        # of cards they use.

        genCardToken @1 () -> ( token :Data );
        # Generate a new Token that can be used to access an user in a pseudonymized fashion.
        # This call is extremely cheap to make as the server will not store this Token.

        bind @2 ( token :Data, auth_key :Data ) -> ();
        # Bind a given URL to a given auth key. The server will store both URL and key, so using
        # this frequently will force the server to store large amounts of data. 
        # Trying to bind a new key to an existing URL will fail.

        unbind @3 ( token :Text ) -> ();
        # Unbind the key associated with the given token. This will fail all future attempts to use
        # the card with the associated key.
    }
}