support protobuf versioning (#2458)

* update protos

* adjust protobuf imports for new proto structure

* update service name

* go back to a simpler approach

* update protos

* fall back to v1 worker module

* update protobuf submodule

* update imports for new client_types protobuf module

* update proto submodule

* update imports for updated protos

* handle updated handshake type

* formatting

* handle proto naming updates

* update protobuf submodule

* replace raw integers with enum

Author: wojcik91

Cargo.lock

@@ -76,6 +76,7 @@ parse_link_header = "0.4"
 paste = "1.0"
 pgp = { version = "0.19", default-features = false }
 prost = "0.14"
+prost-types = "0.14"
 pulldown-cmark = "0.13"
 # match version used by sqlx
 rand = "0.8"

Cargo.toml

@@ -559,6 +559,7 @@ fn get_source_addrs(
                     None
                 }
             }
+            IpVersion::Unspecified => None,
         })
         .collect();
 

crates/defguard_core/src/enterprise/firewall/mod.rs

@@ -1,5 +1,8 @@
 use defguard_common::{db::models::Settings, types::AuthFlowType};
-use defguard_proto::proxy::{ClientMfaOidcAuthenticateRequest, DeviceInfo, MfaMethod};
+use defguard_proto::{
+    client_types::MfaMethod,
+    proxy::{ClientMfaOidcAuthenticateRequest, DeviceInfo},
+};
 use openidconnect::{AuthorizationCode, Nonce};
 use tonic::Status;
 

crates/defguard_core/src/enterprise/grpc/desktop_client_mfa.rs

@@ -2,7 +2,10 @@ use defguard_common::db::{
     Id,
     models::{Device, polling_token::PollingToken, user::User},
 };
-use defguard_proto::proxy::{DeviceInfo, InstanceInfoRequest, InstanceInfoResponse};
+use defguard_proto::{
+    client_types::{InstanceInfoRequest, InstanceInfoResponse},
+    proxy::DeviceInfo,
+};
 use sqlx::PgPool;
 use tonic::Status;
 

crates/defguard_core/src/enterprise/grpc/polling.rs

@@ -8,7 +8,7 @@ use defguard_common::db::{
         gateway::Gateway, group::Group, oauth2client::OAuth2Client, proxy::Proxy,
     },
 };
-use defguard_proto::proxy::MfaMethod;
+use defguard_proto::client_types::MfaMethod;
 
 use crate::{
     db::WebHook,

crates/defguard_core/src/events.rs

@@ -1,5 +1,5 @@
 use base64::{Engine, prelude::BASE64_STANDARD};
-use defguard_proto::proxy::{ClientPlatformInfo, DeviceInfo};
+use defguard_proto::{client_types::ClientPlatformInfo, proxy::DeviceInfo};
 use prost::Message;
 use semver::Version;
 

crates/defguard_core/src/grpc/client_version.rs

@@ -194,7 +194,7 @@ impl InstanceInfo {
     }
 }
 
-impl From<InstanceInfo> for defguard_proto::proxy::InstanceInfo {
+impl From<InstanceInfo> for defguard_proto::client_types::InstanceInfo {
     fn from(instance: InstanceInfo) -> Self {
         Self {
             name: instance.name,

crates/defguard_core/src/grpc/mod.rs

@@ -19,11 +19,16 @@ use defguard_common::{
     types::user_info::UserInfo,
 };
 use defguard_mail::templates::mfa_code_mail;
-use defguard_proto::proxy::{
-    self, AwaitRemoteMfaFinishRequest, AwaitRemoteMfaFinishResponse, ClientMfaFinishRequest,
-    ClientMfaFinishResponse, ClientMfaStartRequest, ClientMfaStartResponse,
-    ClientMfaTokenValidationRequest, ClientMfaTokenValidationResponse, CoreResponse, MfaMethod,
-    core_response::Payload,
+use defguard_proto::{
+    client_types::{
+        ClientMfaFinishRequest, ClientMfaFinishResponse, ClientMfaStartRequest,
+        ClientMfaStartResponse, MfaMethod,
+    },
+    proxy::{
+        self, AwaitRemoteMfaFinishRequest, AwaitRemoteMfaFinishResponse,
+        ClientMfaTokenValidationRequest, ClientMfaTokenValidationResponse, CoreResponse,
+        core_response::Payload,
+    },
 };
 use sqlx::{PgConnection, PgPool};
 use thiserror::Error;

crates/defguard_core/src/grpc/proxy/client_mfa.rs

@@ -11,9 +11,12 @@ use defguard_common::{
         },
     },
 };
-use defguard_proto::proxy::{
-    DeviceConfig as ProtoDeviceConfig, DeviceConfigResponse, DeviceInfo,
-    LocationMfaMode as ProtoLocationMfaMode,
+use defguard_proto::{
+    client_types::{
+        DeviceConfig as ProtoDeviceConfig, DeviceConfigResponse,
+        LocationMfaMode as ProtoLocationMfaMode,
+    },
+    proxy::DeviceInfo,
 };
 use sqlx::PgPool;
 use tonic::Status;
@@ -94,33 +97,31 @@ pub async fn build_device_config_response(
 
             // DEPRECATED(1.5): superseeded by location_mfa_mode
             let mfa_enabled = network.location_mfa_mode == LocationMfaMode::Internal;
-            let config =
-                ProtoDeviceConfig {
-                    config: Device::create_config(&network, &wireguard_network_device),
-                    network_id: network.id,
-                    network_name: network.name,
-                    assigned_ip: wireguard_network_device.wireguard_ips.as_csv(),
-                    endpoint: format!("{}:{}", network.endpoint, network.port),
-                    pubkey: network.pubkey,
-                    allowed_ips: network.allowed_ips.as_csv(),
-                    dns: network.dns,
-                    keepalive_interval: network.keepalive_interval,
-                    #[allow(deprecated)]
-                    mfa_enabled,
-                    location_mfa_mode: Some(
-                        <LocationMfaMode as Into<ProtoLocationMfaMode>>::into(
-                            network.location_mfa_mode,
-                        )
-                        .into(),
-                    ),
-                    service_location_mode:
-                        Some(
-                            <ServiceLocationMode as Into<
-                                defguard_proto::proxy::ServiceLocationMode,
-                            >>::into(network.service_location_mode)
-                            .into(),
-                        ),
-                };
+            let config = ProtoDeviceConfig {
+                config: Device::create_config(&network, &wireguard_network_device),
+                network_id: network.id,
+                network_name: network.name,
+                assigned_ip: wireguard_network_device.wireguard_ips.as_csv(),
+                endpoint: format!("{}:{}", network.endpoint, network.port),
+                pubkey: network.pubkey,
+                allowed_ips: network.allowed_ips.as_csv(),
+                dns: network.dns,
+                keepalive_interval: network.keepalive_interval,
+                #[allow(deprecated)]
+                mfa_enabled,
+                location_mfa_mode: Some(
+                    <LocationMfaMode as Into<ProtoLocationMfaMode>>::into(
+                        network.location_mfa_mode,
+                    )
+                    .into(),
+                ),
+                service_location_mode: Some(
+                    <ServiceLocationMode as Into<
+                        defguard_proto::client_types::ServiceLocationMode,
+                    >>::into(network.service_location_mode)
+                    .into(),
+                ),
+            };
             configs.push(config);
         }
     } else {
@@ -173,13 +174,12 @@ pub async fn build_device_config_response(
                         )
                         .into(),
                     ),
-                    service_location_mode:
-                        Some(
-                            <ServiceLocationMode as Into<
-                                defguard_proto::proxy::ServiceLocationMode,
-                            >>::into(network.service_location_mode)
-                            .into(),
-                        ),
+                    service_location_mode: Some(
+                        <ServiceLocationMode as Into<
+                            defguard_proto::client_types::ServiceLocationMode,
+                        >>::into(network.service_location_mode)
+                        .into(),
+                    ),
                 };
                 configs.push(config);
             }