Oc Auth x Hydra x LDAP : draft of claims enrich for traefik + draft of forwarding

2024-10-28 14:58:11 +01:00 · 2024-10-28 14:58:11 +01:00 · 7198c40d30
commit 7198c40d30
parent 05c4aab72a
37 changed files with 4181 additions and 610 deletions
--- a/BIN
+++ b/BIN
--- a/BIN
+++ b/BIN
--- a/conf/config.go
+++ b/conf/config.go
@ -3,10 +3,24 @@ package conf
 import "sync"

 type Config struct {
-	NatsUrl      string
-	NatsLogin    string
-	NatsPassword string
-	OidcUrl      string
+	PVKPath string
+
+	LDAPEndpoints  string
+	LDAPBindDN     string
+	LDAPBindPW     string
+	LDAPBaseDN     string
+	LDAPRoleBaseDN string
+
+	ClientSecret string
+
+	Auth                   string
+	AuthConnectorHost      string
+	AuthConnectorPort      int
+	AuthConnectorAdminPort int
+
+	PermissionConnectorHost      string
+	PermissionConnectorPort      int
+	PermissionConnectorAdminPort int
 }

 var instance *Config
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -1,84 +0,0 @@
-package controllers
-
-import (
-	"fmt"
-	"net/http"
-
-	beego "github.com/beego/beego/v2/server/web"
-)
-
-// Operations about auth
-type AuthController struct {
-	beego.Controller
-}
-
-// @Title Get
-// @Description find auth by authid
-// @Param	authId		path 	string	true		"the authid you want to get"
-// @Success 200 {auth} models.auth
-// @Failure 403 :authId is empty
-// @router /discover/:url [get]
-func (o *AuthController) GetConfig() {
-	url := o.Ctx.Input.Param(":url")
-	response, err := http.Get(url + "/.well-known/openid-configuration")
-	if err != nil {
-		fmt.Println(err)
-	}
-	fmt.Println(url)
-	// read response body
-	data := make([]byte, 1024)
-	_, err = response.Body.Read(data)
-	if err != nil {
-		fmt.Println(err)
-	}
-	o.Data["json"] = data
-	o.ServeJSON()
-}
-
-// @Title Create
-// @Description create auths
-// @Param	body		body 	[]models.auth	true		"The auth content"
-// @Success 200 {string} models.auth.Id
-// @Failure 403 body is empty
-// @router / [post]
-func (o *AuthController) Post() {
-	// store and return Id or post with UUID
-	o.Data["json"] = map[string]string{"Id": "?"}
-	o.ServeJSON()
-}
-
-// @Title Get
-// @Description find auth by authid
-// @Param	authId		path 	string	true		"the authid you want to get"
-// @Success 200 {auth} models.auth
-// @Failure 403 :authId is empty
-// @router /:authId [get]
-func (o *AuthController) Get() {
-	authId := o.Ctx.Input.Param(":authId")
-	fmt.Println(authId)
-	o.ServeJSON()
-}
-
-// @Title Find
-// @Description find auths with query
-// @Param	query		path 	string	true	"the keywords you need"
-// @Success 200 {auths} []models.auth
-// @Failure 403
-// @router /find/:query [get]
-func (o *AuthController) Find() {
-	query := o.Ctx.Input.Param(":query")
-	fmt.Println(query)
-	o.ServeJSON()
-}
-
-// @Title Delete
-// @Description delete the auth
-// @Param	authId		path 	string	true		"The authId you want to delete"
-// @Success 200 {string} delete success!
-// @Failure 403 authId is empty
-// @router /:authId [delete]
-func (o *AuthController) Delete() {
-	authId := o.Ctx.Input.Param(":authId")
-	fmt.Println(authId)
-	o.ServeJSON()
-}
--- a/controllers/oauth2.go
+++ b/controllers/oauth2.go
@ -0,0 +1,225 @@
+package controllers
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"oc-auth/infrastructure"
+	auth_connectors "oc-auth/infrastructure/auth_connector"
+	"oc-auth/infrastructure/claims"
+	"strings"
+
+	oclib "cloud.o-forge.io/core/oc-lib"
+	model "cloud.o-forge.io/core/oc-lib/models/peer"
+	"cloud.o-forge.io/core/oc-lib/static"
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+// Operations about auth
+type OAuthController struct {
+	beego.Controller
+}
+
+// @Title Logout
+// @Description unauthenticate user
+// @Param	Authorization		header  string	false "auth token"
+// @Success 200 {string}
+// @router /ldap/logout [delete]
+func (o *OAuthController) LogOutLDAP() {
+	// authorize user
+	reqToken := o.Ctx.Request.Header.Get("Authorization")
+	splitToken := strings.Split(reqToken, "Bearer ")
+	if len(splitToken) < 2 {
+		reqToken = ""
+	} else {
+		reqToken = splitToken[1]
+	}
+	var res auth_connectors.Token
+	json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)
+
+	token, err := infrastructure.GetAuthConnector().Logout(reqToken)
+	if err != nil || token == nil {
+		o.Data["json"] = err
+	} else {
+		o.Data["json"] = token
+	}
+	o.ServeJSON()
+}
+
+// @Title Login
+// @Description authenticate user
+// @Param	body		body 	models.workflow	true		"The workflow content"
+// @Success 200 {string}
+// @router /ldap/login [post]
+func (o *OAuthController) LoginLDAP() {
+	// authorize user
+	var res auth_connectors.Token
+	json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &res)
+	ldap := auth_connectors.New()
+	found, err := ldap.Authenticate(o.Ctx.Request.Context(), res.Username, res.Password)
+	if err != nil || !found {
+		o.Data["json"] = err
+		o.Ctx.ResponseWriter.WriteHeader(401)
+		o.ServeJSON()
+		return
+	}
+	token, err := infrastructure.GetAuthConnector().Login(res.Username,
+		&http.Cookie{ // open a session
+			Name:  "csrf_token",
+			Value: o.XSRFToken(),
+		})
+	if err != nil || token == nil {
+		o.Data["json"] = err
+		o.Ctx.ResponseWriter.WriteHeader(401)
+	} else {
+		o.Data["json"] = token
+	}
+	o.ServeJSON()
+}
+
+// @Title Claims
+// @Description enrich token with claims
+// @Param	body		body 	models.Token	true		"The token info"
+// @Success 200 {string}
+// @router /claims [post]
+func (o *OAuthController) Claims() {
+	// enrich token with claims
+	var res claims.Claims
+	json.Unmarshal(o.Ctx.Input.CopyBody(100000), &res)
+	claims := res.Session.IDToken["id_token_claims"].(map[string]interface{})
+	userName := claims["sub"].(string)
+	_, loc := static.GetMyLocalJsonPeer()
+	o.Data["json"] = infrastructure.GetClaims().AddClaimsToToken(userName, loc["url"].(string))
+	o.ServeJSON()
+}
+
+// @Title Introspection
+// @Description introspect token
+// @Param	body		body 	models.Token	true		"The token info"
+// @Success 200 {string}
+// @router /refresh [post]
+func (o *OAuthController) Refresh() {
+	var token auth_connectors.Token
+	json.Unmarshal(o.Ctx.Input.CopyBody(100000), &token)
+	// refresh token
+	newToken, err := infrastructure.GetAuthConnector().Refresh(&token)
+	if err != nil || newToken == nil {
+		o.Data["json"] = err
+		o.Ctx.ResponseWriter.WriteHeader(401)
+	} else {
+		o.Data["json"] = newToken
+	}
+	o.ServeJSON()
+}
+
+// @Title Introspection
+// @Description introspect token
+// @Param	Authorization		header  string	false "auth token"
+// @Success 200 {string}
+// @router /introspect [get]
+func (o *OAuthController) Introspect() {
+	reqToken := o.Ctx.Request.Header.Get("Authorization")
+	splitToken := strings.Split(reqToken, "Bearer ")
+	if len(splitToken) < 2 {
+		reqToken = ""
+	} else {
+		reqToken = splitToken[1]
+	}
+	token, err := infrastructure.GetAuthConnector().Introspect(reqToken)
+	if err != nil || !token {
+		o.Data["json"] = err
+		o.Ctx.ResponseWriter.WriteHeader(401)
+	}
+	o.ServeJSON()
+}
+
+// @Title AuthForward
+// @Description auth forward
+// @Param	Authorization		header  string	false "auth token"
+// @Param	body		body 	models.workflow	true		"The workflow content"
+// @Success 200 {string}
+// @router /forward [get]
+func (o *OAuthController) InternalAuthForward() {
+	reqToken := o.Ctx.Request.Header.Get("Authorization")
+	splitToken := strings.Split(reqToken, "Bearer ")
+	if len(splitToken) < 2 {
+		reqToken = ""
+	} else {
+		reqToken = splitToken[1]
+	}
+	origin, publicKey, external := o.extractOrigin()
+	if reqToken != "" && !o.checkAuthForward(reqToken, publicKey) && origin != "" {
+		fmt.Println("Unauthorized", origin, reqToken)
+		o.Ctx.ResponseWriter.WriteHeader(401)
+		o.ServeJSON()
+		return
+	}
+	token, err := infrastructure.GetAuthConnector().Introspect(reqToken, &http.Cookie{
+		Name:  "csrf_token",
+		Value: o.XSRFToken(),
+	}) // may be a problem... we should check if token is valid on our side
+	// prefers a refresh token call
+	if err != nil || external {
+		fmt.Println("Unauthorized 2", err, external) // error
+		o.Ctx.ResponseWriter.WriteHeader(401)
+	} else if token && !external { // redirect to login
+		o.Data["json"] = token
+	}
+	o.ServeJSON()
+}
+
+func (o *OAuthController) extractOrigin() (string, string, bool) {
+	external := true
+	publicKey := ""
+	origin := o.Ctx.Request.Header.Get("X-Forwarded-Host")
+	if origin == "" {
+		origin = o.Ctx.Request.Header.Get("Origin")
+	}
+	idLoc, loc := static.GetMyLocalJsonPeer()
+	if origin != "" { // is external
+		peer := oclib.Search(nil, origin, oclib.LibDataEnum(oclib.PEER))
+		if peer.Code != 200 {
+			return "", "", external
+		}
+		p := peer.Data[0]
+		if strings.Contains(origin, "localhost") || strings.Contains(origin, "127.0.0.1") || idLoc == p.GetID() {
+			external = false
+		}
+		publicKey = p.(*model.Peer).PublicKey
+	} else {
+		external = false
+		publicKey = loc["public_key"].(string)
+	}
+	return origin, publicKey, external
+}
+
+func (o *OAuthController) checkAuthForward(reqToken string, publicKey string) bool {
+	bytes, err := base64.StdEncoding.DecodeString(reqToken) // Converting data
+	if err != nil {
+		fmt.Println("Failed to Decode secret", err)
+		return false
+	}
+	var decodedToken map[string]interface{}
+	err = json.Unmarshal(bytes, &decodedToken)
+	if err != nil {
+		fmt.Println("Failed to parse secret", err)
+		return false
+	} else if decodedToken["session"] != nil {
+		host := o.Ctx.Request.Header.Get("X-Forwarded-Host")
+		method := o.Ctx.Request.Header.Get("X-Forwarded-Method")
+		forward := o.Ctx.Request.Header.Get("X-Forwarded-Uri")
+		if forward == "" || method == "" {
+			fmt.Println("Forwarded headers are missing")
+			return false
+		}
+		// ask keto for permission is in claims
+		ok, err := infrastructure.GetClaims().DecodeClaimsInToken(
+			host, method, forward, decodedToken["session"].(map[string]interface{}), publicKey)
+		if err != nil {
+			fmt.Println("Failed to decode claims", err)
+		}
+		return ok
+	}
+	return false
+}
--- a/controllers/permission.go
+++ b/controllers/permission.go
@ -0,0 +1,192 @@
+package controllers
+
+import (
+	"oc-auth/infrastructure"
+
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+// Operations about auth
+type PermissionController struct {
+	beego.Controller
+}
+
+// @Title GetAll
+// @Description find permissions
+// @Success 200 {permission} string
+// @router / [get]
+func (o *PermissionController) GetAll() {
+	role, err := infrastructure.GetPermissionConnector().GetPermission("", "")
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetByRole
+// @Description find permission by role id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} string
+// @router /role/:id [get]
+func (o *PermissionController) GetByRole() {
+	id := o.Ctx.Input.Param(":id")
+	role, err := infrastructure.GetPermissionConnector().GetPermissionByRole(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetByUser
+// @Description find permission by user id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} string
+// @router /user/:id [get]
+func (o *PermissionController) GetByUser() {
+	id := o.Ctx.Input.Param(":id")
+	role, err := infrastructure.GetPermissionConnector().GetPermissionByUser(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Get
+// @Description find auth by permission
+// @Param	id		path 	string	true		"the permission you want to get"
+// @Success 200 {auth} models.auth
+// @router /:id/:relation[get]
+func (o *PermissionController) Get() {
+	id := o.Ctx.Input.Param(":id")
+	rel := o.Ctx.Input.Param(":relation")
+	role, err := infrastructure.GetPermissionConnector().GetPermission(id, rel)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Clear
+// @Description clear the permission
+// @Success 200 {string} delete success!
+// @router /clear [delete]
+func (o *PermissionController) Clear() {
+	role, code, err := infrastructure.GetPermissionConnector().DeletePermission("", "", true)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Bind
+// @Description bind the permission to role
+// @Param	role_id		path 	string	true		"The role_id you want to bind"
+// @Param	method		path 	string	true		"The method you want to relate role & permission"
+// @Param	permission_id		path 	string	true		"The permission_id you want to bind"
+// @Success 200 {string} bind success!
+// @router /:permission_id/:role_id/:relation [post]
+func (o *PermissionController) Bind() {
+	permission_id := o.Ctx.Input.Param(":permission_id")
+	role_id := o.Ctx.Input.Param(":role_id")
+	rel := o.Ctx.Input.Param(":relation")
+	role, code, err := infrastructure.GetPermissionConnector().BindPermission(role_id, permission_id, rel)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title UnBind
+// @Description unbind the permission to role
+// @Param	role_id		path 	string	true		"The role_id you want to unbind"
+// @Param	relation		path 	string	true		"The method you want to unrelate role & permission"
+// @Param	permission_id		path 	string	true		"The permission_id you want to unbind"
+// @Success 200 {string} bind success!
+// @router /:permission_id/:role_id/:relation [delete]
+func (o *PermissionController) UnBind() {
+	permission_id := o.Ctx.Input.Param(":permission_id")
+	role_id := o.Ctx.Input.Param(":role_id")
+	rel := o.Ctx.Input.Param(":relation")
+	role, code, err := infrastructure.GetPermissionConnector().UnBindPermission(role_id, permission_id, rel)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
--- a/controllers/registration.go
+++ b/controllers/registration.go
@ -1,52 +0,0 @@
-package controllers
-
-import (
-	"encoding/json"
-	"log"
-	"oc-auth/models"
-	"strings"
-
-	beego "github.com/beego/beego/v2/server/web"
-	"github.com/nats-io/nats.go"
-)
-
-// Operations about auth
-type RegistrationController struct {
-	beego.Controller
-}
-
-// @Title Create
-// @Description create auths
-// @Param	body		body 	models.Application	true		"The app info"
-// @Success 200 {string} models.auth.Id
-// @Failure 403 body is empty
-// @router / [post]
-func (o *RegistrationController) Post() {
-	var app models.Application
-	// Store the app info in the nats server
-	err := json.Unmarshal(o.Ctx.Input.RequestBody, &app)
-	if err != nil {
-		log.Fatal(err)
-	}
-	servers := []string{"nats://127.0.0.1:1222", "nats://127.0.0.1:1223", "nats://127.0.0.1:1224"}
-
-	nc, err := nats.Connect(strings.Join(servers, ","))
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer nc.Close()
-	js, err := nc.JetStream(nats.PublishAsyncMaxPending(256))
-	if err != nil {
-		log.Fatal(err)
-	}
-	kv, err := js.KeyValue("auth")
-	if err != nil {
-		log.Fatal(err)
-	}
-	kv.Put(app.ClientId, o.Ctx.Input.RequestBody)
-	// register to OIDC server
-
-	// store and return Id or post with UUID
-	o.Data["json"] = map[string]string{"Id": "?"}
-	o.ServeJSON()
-}
--- a/controllers/role.go
+++ b/controllers/role.go
@ -0,0 +1,213 @@
+package controllers
+
+import (
+	"oc-auth/infrastructure"
+
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+// Operations about auth
+type RoleController struct {
+	beego.Controller
+}
+
+// @Title Create
+// @Description create role
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} create success!
+// @router /:id [post]
+func (o *RoleController) Post() {
+	// store and return Id or post with UUID
+	id := o.Ctx.Input.Param(":id")
+	role, code, err := infrastructure.GetPermissionConnector().CreateRole(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetByUser
+// @Description find role by user id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {auth} string
+// @router /user/:id [get]
+func (o *RoleController) GetByUser() {
+	id := o.Ctx.Input.Param(":id")
+	role, err := infrastructure.GetPermissionConnector().GetRoleByUser(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title GetAll
+// @Description find roles
+// @Success 200 {role} string
+// @router / [get]
+func (o *RoleController) GetAll() {
+	role, err := infrastructure.GetPermissionConnector().GetRole("")
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Get
+// @Description find role by id
+// @Param	id		path 	string	true		"the id you want to get"
+// @Success 200 {role} string
+// @router /:id [get]
+func (o *RoleController) Get() {
+	id := o.Ctx.Input.Param(":id")
+	role, err := infrastructure.GetPermissionConnector().GetRole(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  200,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Delete
+// @Description delete the role
+// @Param	id		path 	string	true		"The id you want to delete"
+// @Success 200 {string} delete success!
+// @router /:id [delete]
+func (o *RoleController) Delete() {
+	id := o.Ctx.Input.Param(":id")
+	role, code, err := infrastructure.GetPermissionConnector().DeleteRole(id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Clear
+// @Description clear the role
+// @Success 200 {string} delete success!
+// @router /clear [delete]
+func (o *RoleController) Clear() {
+	role, code, err := infrastructure.GetPermissionConnector().DeleteRole("")
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title Bind
+// @Description bind the role to user
+// @Param	user_id		path 	string	true		"The user_id you want to bind"
+// @Param	role_id		path 	string	true		"The role_id you want to bind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:role_id [post]
+func (o *RoleController) Bind() {
+	user_id := o.Ctx.Input.Param(":user_id")
+	role_id := o.Ctx.Input.Param(":role_id")
+	role, code, err := infrastructure.GetPermissionConnector().BindRole(user_id, role_id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
+
+// @Title UnBind
+// @Description unbind the role to user
+// @Param	role_id		path 	string	true		"The role_id you want to unbind"
+// @Param	user_id		path 	string	true		"The user_id you want to unbind"
+// @Success 200 {string} bind success!
+// @router /:user_id/:role_id [delete]
+func (o *RoleController) UnBind() {
+	user_id := o.Ctx.Input.Param(":user_id")
+	role_id := o.Ctx.Input.Param(":role_id")
+	role, code, err := infrastructure.GetPermissionConnector().UnBindRole(user_id, role_id)
+	if err != nil {
+		o.Data["json"] = map[string]interface{}{
+			"data":  nil,
+			"error": err.Error(),
+			"code":  code,
+		}
+
+	} else {
+		o.Data["json"] = map[string]interface{}{
+			"data":  role,
+			"error": nil,
+			"code":  200,
+		}
+	}
+	o.ServeJSON()
+}
--- a/controllers/version.go
+++ b/controllers/version.go
@ -17,3 +17,12 @@ func (c *VersionController) GetAll() {
 	c.Data["json"] = map[string]string{"version": "1"}
 	c.ServeJSON()
 }
+
+// @Title Get
+// @Description get version
+// @Success 200
+// @router /discovery [get]
+func (c *VersionController) Get() {
+	c.Data["json"] = map[string]string{"version": "1"}
+	c.ServeJSON()
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,10 +1,20 @@
 version: '3.4'

 services:
-  ocauth:
-    image: 'ocauth:latest'
+  oc-auth:
+    image: 'oc-auth:latest'
    ports:
-      - 8088:8080
-    container_name: ocauth
-
- 
+      - 8094:8080
+    container_name: oc-auth
+    environment:
+          PVK_PATH: /etc/oc/pvk.pem
+          LDAP_ENDPOINTS: ldap:389
+          LDAP_BINDDN: cn=admin,dc=example,dc=com
+          LDAP_BINDPW: password
+          LDAP_BASEDN: "dc=example,dc=com"
+          LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
+    networks: 
+      - catalog
+networks: 
+  catalog:
+    external: true
--- a/docker_auth.json
+++ b/docker_auth.json
@ -1,6 +1,7 @@
 {
-    "natsurl":"http://localhost:4080", 
-    "login":"admin", 
-    "password":"admin",
-    "oidcserver":"http://localhost:8080"
+    "MONGO_URL":"mongodb://mongo:27017/", 
+    "MONGO_DATABASE":"DC_myDC",
+    "NATS_URL": "nats://nats:4222",
+    "PORT" : 8080,
+    "AUTH_CONNECTOR_HOST": "hydra"
 }
--- a/go.mod
+++ b/go.mod
@ -3,59 +3,131 @@ module oc-auth
 go 1.22.0

 require (
-	cloud.o-forge.io/core/oc-lib v0.0.0-20240927065314-0ac55a0ec151
-	github.com/beego/beego/v2 v2.0.7
+	cloud.o-forge.io/core/oc-lib v0.0.0-20241025125832-c34e5579fcfc
+	github.com/beego/beego/v2 v2.3.1
 	github.com/nats-io/nats.go v1.37.0
 	github.com/ory/hydra-client-go v1.11.8
 	github.com/smartystreets/goconvey v1.7.2
-	golang.org/x/oauth2 v0.5.0
+	golang.org/x/oauth2 v0.23.0
+)
+
+require (
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
+	github.com/dgraph-io/ristretto v0.1.1 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/gobuffalo/pop/v6 v6.0.8 // indirect
+	github.com/gofrs/uuid v4.3.0+incompatible // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/glog v1.2.0 // indirect
+	github.com/golang/mock v1.6.0 // indirect
+	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mattn/goveralls v0.0.12 // indirect
+	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/openzipkin/zipkin-go v0.4.1 // indirect
+	github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe // indirect
+	github.com/ory/go-convenience v0.1.0 // indirect
+	github.com/ory/x v0.0.575 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.9 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/viper v1.16.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.42.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 // indirect
+	go.opentelemetry.io/contrib/propagators/b3 v1.17.0 // indirect
+	go.opentelemetry.io/contrib/propagators/jaeger v1.17.0 // indirect
+	go.opentelemetry.io/contrib/samplers/jaegerremote v0.11.0 // indirect
+	go.opentelemetry.io/otel v1.16.0 // indirect
+	go.opentelemetry.io/otel/exporters/jaeger v1.16.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.16.0 // indirect
+	go.opentelemetry.io/otel/exporters/zipkin v1.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.16.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
+	go.opentelemetry.io/otel/trace v1.16.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.10.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/grpc v1.63.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 )

 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/coocood/freecache v1.2.4
+	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.22.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/go-playground/validator/v10 v10.22.1 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
 	github.com/goraz/onion v0.1.3 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/i-core/rlog v1.0.0
 	github.com/jtolds/gls v4.20.0+incompatible // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
+	github.com/justinas/nosurf v1.1.1
+	github.com/kelseyhightower/envconfig v1.4.0
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/montanaflynn/stats v0.7.1 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nats-io/nkeys v0.4.7 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.41.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/ory/fosite v0.47.0
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.60.1 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/rs/zerolog v1.33.0 // indirect
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
+	github.com/shiena/ansicolor v0.0.0-20230509054315-a9deabde6e02 // indirect
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.2 // indirect
 	github.com/xdg-go/stringprep v1.0.4 // indirect
-	github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 // indirect
-	go.mongodb.org/mongo-driver v1.16.0 // indirect
-	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
+	go.mongodb.org/mongo-driver v1.17.1 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -3,6 +3,7 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
@ -13,6 +14,9 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@ -30,53 +34,161 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.o-forge.io/core/oc-lib v0.0.0-20240927065314-0ac55a0ec151 h1:Sjap/XMOz3ludAGHKk1GimzWKb2wFmoo5tdBQ1E8/Ro=
-cloud.o-forge.io/core/oc-lib v0.0.0-20240927065314-0ac55a0ec151/go.mod h1:FIJD0taWLJ5pjQLJ6sfE2KlTkvbmk5SMcyrxdjsaVz0=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241016115009-b43226648692 h1:cfRhQioLwTBg9h1OOOp3VcUsBChO97M9lRDP8aq2Gkk=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241016115009-b43226648692/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241016151521-9654d59fc076 h1:kPIBXPWdO47YdZClB/QYkt3EaReYS7Gs/c4FSXzhjtI=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241016151521-9654d59fc076/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017121404-847ef2e95c64 h1:iPyRjeEiQD0lo40OlboBeVZke7zw+uYCvqcPdq+p60E=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017121404-847ef2e95c64/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017121618-1561d0c81e9d h1:BagZaE9jASefM9u5Hf/xyWXXJEd2/xwmRzL6GFy6nqg=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017121618-1561d0c81e9d/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017140500-73fce1d8fb8d h1:ZnXPVbPYXVS/lWOf+aAPnHwQMpzKoIoowLdzsZ08Hi8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017140500-73fce1d8fb8d/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017150409-3c54f3d39ee8 h1:5Lx4J+ict5ge+Q4vQdytpIm7AghAno3VPSQRuqWus7Q=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241017150409-3c54f3d39ee8/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241018065112-59a1b52242b3 h1:IH0kY/aDvaxQAYDHuxpG82vf40P4QygIxf7mAxm7epU=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241018065112-59a1b52242b3/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241021074805-8e82b87fb396 h1:43xWXPcQJqxeMeStuQMwu81wGrMbmcjVBLBby6F5MiQ=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241021074805-8e82b87fb396/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241021093952-e45fefe88369 h1:sM2UjMJzeeNkHWflFkfArMIJQ6MYNMf1LEkSbso5T5I=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241021093952-e45fefe88369/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241022072818-72d5c64c2d9d h1:zLcbjXkJhKzXqAceRSSYfOHs//A77NbesWy2UBoPXfw=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241022072818-72d5c64c2d9d/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241022122752-55a25aba835b h1:2R2Ig3c//nOjTnXLC2wj8ONIQ95bdriuEIQMNjqyDIo=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241022122752-55a25aba835b/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023070736-158d3aacc866 h1:qM1GvdwqrksvMOzm12Wjz4ug+dFq/U7OxXOQQ2SUals=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023070736-158d3aacc866/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023075508-84deb17e37f0 h1:ufVT1FwXjwuEZWScSsrNLVuEHW/G8+NJNxPmkPPRXW8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023075508-84deb17e37f0/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023085115-cd902c6688f6 h1:wpOwV9rHrD4msZgZ5PH2Xf+sbeZ8PIOXcx6O10VnVgI=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023085115-cd902c6688f6/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023092234-cc8fc2df2161 h1:T4Lkp3H/I/dZbiOkpd+FE4EmepUFyWk39oqX2d75NbQ=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241023092234-cc8fc2df2161/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241025125832-c34e5579fcfc h1:kDoodLH2HuIuZ0oppb3z+9YBYl7XwneXlqSGlYh/BnY=
+cloud.o-forge.io/core/oc-lib v0.0.0-20241025125832-c34e5579fcfc/go.mod h1:t+zpCTVKVdHH/BImwtMYY2QIWLMXKgY4n/JhFm3Vpu8=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8=
+github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/beego/beego/v2 v2.0.7 h1:9KNnUM40tn3pbCOFfe6SJ1oOL0oTi/oBS/C/wCEdAXA=
-github.com/beego/beego/v2 v2.0.7/go.mod h1:f0uOEkmJWgAuDTlTxUdgJzwG3PDSIf3UWF3NpMohbFE=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
+github.com/beego/beego/v2 v2.3.1 h1:7MUKMpJYzOXtCUsTEoXOxsDV/UcHw6CPbaWMlthVNsc=
+github.com/beego/beego/v2 v2.3.1/go.mod h1:5cqHsOHJIxkq44tBpRvtDe59GuVRVv/9/tyVDxd5ce4=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/coocood/freecache v1.2.4 h1:UdR6Yz/X1HW4fZOuH0Z94KwG851GWOSknua5VUbb/5M=
+github.com/coocood/freecache v1.2.4/go.mod h1:RBUWa/Cy+OHdfTGFEhEuE1pMCMX51Ncizj7rthiQ3vk=
 github.com/coreos/etcd v3.3.17+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
+github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
+github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw=
 github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/etcd v3.3.17+incompatible/go.mod h1:cdZ77EstHBwVtD6iTgzgvogwcjo9m4iOqoijouPJ4bs=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
-github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
+github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
+github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc=
+github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc=
+github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA=
+github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
+github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ=
+github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
-github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA=
+github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gobuffalo/attrs v1.0.3/go.mod h1:KvDJCE0avbufqS0Bw3UV7RQynESY0jjod+572ctX4t8=
+github.com/gobuffalo/envy v1.10.2/go.mod h1:qGAGwdvDsaEtPhfBzb3o0SfDea8ByGn9j8bKmVft9z8=
+github.com/gobuffalo/fizz v1.14.4/go.mod h1:9/2fGNXNeIFOXEEgTPJwiK63e44RjG+Nc4hfMm1ArGM=
+github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=
+github.com/gobuffalo/genny/v2 v2.1.0/go.mod h1:4yoTNk4bYuP3BMM6uQKYPvtP6WsXFGm2w2EFYZdRls8=
+github.com/gobuffalo/github_flavored_markdown v1.1.3/go.mod h1:IzgO5xS6hqkDmUh91BW/+Qxo/qYnvfzoz3A7uLkg77I=
+github.com/gobuffalo/helpers v0.6.7/go.mod h1:j0u1iC1VqlCaJEEVkZN8Ia3TEzfj/zoXANqyJExTMTA=
+github.com/gobuffalo/logger v1.0.7/go.mod h1:u40u6Bq3VVvaMcy5sRBclD8SXhBYPS0Qk95ubt+1xJM=
+github.com/gobuffalo/nulls v0.4.2/go.mod h1:EElw2zmBYafU2R9W4Ii1ByIj177wA/pc0JdjtD0EsH8=
+github.com/gobuffalo/packd v1.0.2/go.mod h1:sUc61tDqGMXON80zpKGp92lDb86Km28jfvX7IAyxFT8=
+github.com/gobuffalo/plush/v4 v4.1.16/go.mod h1:6t7swVsarJ8qSLw1qyAH/KbrcSTwdun2ASEQkOznakg=
+github.com/gobuffalo/pop/v6 v6.0.8 h1:9+5ShHYh3x9NDFCITfm/gtKDDRSgOwiY7kA0Hf7N9aQ=
+github.com/gobuffalo/pop/v6 v6.0.8/go.mod h1:f4JQ4Zvkffcevz+t+XAwBLStD7IQs19DiIGIDFYw1eA=
+github.com/gobuffalo/tags/v3 v3.1.4/go.mod h1:ArRNo3ErlHO8BtdA0REaZxijuWnWzF6PUXngmMXd2I0=
+github.com/gobuffalo/validate/v3 v3.3.3/go.mod h1:YC7FsbJ/9hW/VjQdmXPvFqvRis4vrRYFxr69WiNZw6g=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
+github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.3.0+incompatible h1:CaSVZxm5B+7o45rtab4jC2G37WGYX1zQfuU2i6DSvnc=
+github.com/gofrs/uuid v4.3.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -87,6 +199,8 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
+github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@ -100,9 +214,11 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@ -114,12 +230,16 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@ -127,47 +247,149 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/goraz/onion v0.1.3 h1:KhyvbDA2b70gcz/d5izfwTiOH8SmrvV43AsVzpng3n0=
 github.com/goraz/onion v0.1.3/go.mod h1:XEmz1XoBz+wxTgWB8NwuvRm4RAu3vKxvrmYtzK+XCuQ=
+github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
+github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2 h1:dygLcbEBA+t/P7ck6a8AkXv6juQ4cK0RHBoh32jxhHM=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2/go.mod h1:Ap9RLCIJVtgQg1/BBgVEfypOAySvvlcpcVQkSzJCH4Y=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
 github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
+github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/i-core/rlog v1.0.0 h1:8CY2rsqvm3Z9cfl3hroppn8LTBwbtL45+ho79JTz8Jg=
+github.com/i-core/rlog v1.0.0/go.mod h1:wTQKCF9IKx2HlNQ2M7dUpP3zIOD5ayqF4X3uQFbwY3g=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
+github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
+github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
+github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
+github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
+github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
+github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
+github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.13.0/go.mod h1:AnowpAqO4CMIIJNZl2VJp+KrkAZciAkhEl0W0JIobpI=
+github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
+github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
+github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
+github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA=
+github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
+github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
+github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
+github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
+github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
+github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
+github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
+github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
+github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
+github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
+github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw=
+github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
+github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
+github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo=
+github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg=
+github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
+github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
+github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
+github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/justinas/nosurf v1.1.1 h1:92Aw44hjSK4MxJeMSyDa7jwuI9GR2J/JCQiaKvXXSlk=
+github.com/justinas/nosurf v1.1.1/go.mod h1:ALpWdSbuNGy2lZWtyXdjkYv4edL23oSEgfBT1gPJ5BQ=
+github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
+github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
-github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
+github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
+github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs=
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
+github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/goveralls v0.0.12 h1:PEEeF0k1SsTjOBQ8FOmrOAoCu4ytuMaWCnWe94zxbCg=
+github.com/mattn/goveralls v0.0.12/go.mod h1:44ImGEUfmqH8bBtaMrYKsM65LXfNLWmwaxFGjZwgMSQ=
+github.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@ -175,8 +397,12 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
+github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/montanaflynn/stats v0.7.1 h1:etflOAAHORrCC44V+aR6Ftzort912ZU+YLiSTuV8eaE=
 github.com/montanaflynn/stats v0.7.1/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nats-io/nats.go v1.37.0 h1:07rauXbVnnJvv1gfIyghFEo6lUcYRY0WXc3x7x0vUxE=
 github.com/nats-io/nats.go v1.37.0/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8=
 github.com/nats-io/nkeys v0.4.7 h1:RwNJbbIdYCoClSDNY7QVKZlyb/wfT6ugvFCiKy6vDvI=
@ -184,33 +410,74 @@ github.com/nats-io/nkeys v0.4.7/go.mod h1:kqXRgRDPlGy7nGaEDMuYzmiJCIAAWDK0IMBtDm
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/ogier/pflag v0.0.1/go.mod h1:zkFki7tvTa0tafRvTBIZTvzYyAu6kQhPZFnshFFPE+g=
+github.com/openzipkin/zipkin-go v0.4.1 h1:kNd/ST2yLLWhaWrkgchya40TJabe8Hioj9udfPcEO5A=
+github.com/openzipkin/zipkin-go v0.4.1/go.mod h1:qY0VqDSN1pOBN94dBc6w2GJlWLiovAyg7Qt6/I9HecM=
+github.com/ory/fosite v0.47.0 h1:Iqu5uhx54JqZQPn2hRhqjESrmRRyQb00uJjfEi1a1QI=
+github.com/ory/fosite v0.47.0/go.mod h1:5U6c9nOLxyTdD/qrFv7N88TSxkdk5Wq8NzvB7UViDP0=
+github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe h1:rvu4obdvqR0fkSIJ8IfgzKOWwZ5kOT2UNfLq81Qk7rc=
+github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe/go.mod h1:z4n3u6as84LbV4YmgjHhnwtccQqzf4cZlSk9f1FhygI=
+github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8=
+github.com/ory/go-convenience v0.1.0/go.mod h1:uEY/a60PL5c12nYz4V5cHY03IBmwIAEm8TWB0yn9KNs=
 github.com/ory/hydra-client-go v1.11.8 h1:GwJjvH/DBcfYzoST4vUpi4pIRzDGH5oODKpIVuhwVyc=
 github.com/ory/hydra-client-go v1.11.8/go.mod h1:4YuBuwUEC4yiyDrnKjGYc1tB3gUXan4ZiUYMjXJbfxA=
+github.com/ory/x v0.0.575 h1:LvOeR+YlJ6/JtvIJvSwMoDBY/i3GACUe7HpWXHGNUTA=
+github.com/ory/x v0.0.575/go.mod h1:aeJFTlvDLGYSABzPS3z5SeLcYC52Ek7uGZiuYGcTMSU=
 github.com/pelletier/go-toml v1.6.0/go.mod h1:5N711Q9dKgbdkxHL+MEfF31hpT7l0S0s/t2kKREewys=
+github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
+github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.41.0 h1:npo01n6vUlRViIj5fgwiK8vlNIh8bnoxqh3gypKsyAw=
-github.com/prometheus/common v0.41.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
+github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA=
+github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
+github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
+github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
+github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
 github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
 github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME=
+github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 h1:DAYUYH5869yV94zvCES9F51oYtN5oGlwjxJJz7ZCnik=
 github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18/go.mod h1:nkxAfR/5quYxwPZhyDxgasBMnRtBZd0FCEpawpjMUFg=
+github.com/shiena/ansicolor v0.0.0-20230509054315-a9deabde6e02 h1:v9ezJDHA1XGxViAUSIoO/Id7Fl63u6d0YmsAm+/p2hs=
+github.com/shiena/ansicolor v0.0.0-20230509054315-a9deabde6e02/go.mod h1:RF16/A3L0xSa0oSERcnhd8Pu3IXSDZSK2gmGIMsttFE=
+github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skarademir/naturalsort v0.0.0-20150715044055-69a5d87bef62/go.mod h1:oIdVclZaltY1Nf7OQUkg1/2jImBJ+ZfKZuDIRSwk3p0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
@ -218,39 +485,138 @@ github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYl
 github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
+github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
+github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
+github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
+github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
+github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
+github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
+github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=
 github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
 github.com/xdg-go/stringprep v1.0.4 h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=
 github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
-github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo=
-github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U=
+github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM=
+github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4=
-go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw=
+github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM=
+go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.42.0 h1:0vzgiFDsCh/jxRCR1xcRrtMoeCu2itXz/PsXst5P8rI=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.42.0/go.mod h1:y0vOY2OKFMOTvwxKfurStPayUUKGHlNeVqNneHmFXr0=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 h1:pginetY7+onl4qN1vl0xW/V/v6OBZ0vVdH+esuJgvmM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0/go.mod h1:XiYsayHc36K3EByOO6nbAXnAWbrUxdjUROCEeeROOH8=
+go.opentelemetry.io/contrib/propagators/b3 v1.17.0 h1:ImOVvHnku8jijXqkwCSyYKRDt2YrnGXD4BbhcpfbfJo=
+go.opentelemetry.io/contrib/propagators/b3 v1.17.0/go.mod h1:IkfUfMpKWmynvvE0264trz0sf32NRTZL4nuAN9AbWRc=
+go.opentelemetry.io/contrib/propagators/jaeger v1.17.0 h1:Zbpbmwav32Ea5jSotpmkWEl3a6Xvd4tw/3xxGO1i05Y=
+go.opentelemetry.io/contrib/propagators/jaeger v1.17.0/go.mod h1:tcTUAlmO8nuInPDSBVfG+CP6Mzjy5+gNV4mPxMbL0IA=
+go.opentelemetry.io/contrib/samplers/jaegerremote v0.11.0 h1:P3JkQvs0s4Ww3hPb+jWFW9N6A0ioew7WwGTyqwgeofs=
+go.opentelemetry.io/contrib/samplers/jaegerremote v0.11.0/go.mod h1:U+s0mJMfMC2gicc4WEgZ50JSR+5DhOIjcvFOCVAe8/U=
+go.opentelemetry.io/otel v1.16.0 h1:Z7GVAX/UkAXPKsy94IU+i6thsQS4nb7LviLpnaNeW8s=
+go.opentelemetry.io/otel v1.16.0/go.mod h1:vl0h9NUa1D5s1nv3A5vZOYWn8av4K8Ml6JDeHrT/bx4=
+go.opentelemetry.io/otel/exporters/jaeger v1.16.0 h1:YhxxmXZ011C0aDZKoNw+juVWAmEfv/0W2XBOv9aHTaA=
+go.opentelemetry.io/otel/exporters/jaeger v1.16.0/go.mod h1:grYbBo/5afWlPpdPZYhyn78Bk04hnvxn2+hvxQhKIQM=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 h1:t4ZwRPU+emrcvM2e9DHd0Fsf0JTPVcbfa/BhTDF03d0=
+go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0/go.mod h1:vLarbg68dH2Wa77g71zmKQqlQ8+8Rq3GRG31uc0WcWI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 h1:cbsD4cUcviQGXdw8+bo5x2wazq10SKz8hEbtCRPcU78=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0/go.mod h1:JgXSGah17croqhJfhByOLVY719k1emAXC8MVhCIJlRs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.16.0 h1:iqjq9LAB8aK++sKVcELezzn655JnBNdsDhghU4G/So8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.16.0/go.mod h1:hGXzO5bhhSHZnKvrDaXB82Y9DRFour0Nz/KrBh7reWw=
+go.opentelemetry.io/otel/exporters/zipkin v1.16.0 h1:WdMSH6vIJ+myJfr/HB/pjsYoJWQP0Wz/iJ1haNO5hX4=
+go.opentelemetry.io/otel/exporters/zipkin v1.16.0/go.mod h1:QjDOKdylighHJBc7pf4Vo6fdhtiEJEqww/3Df8TOWjo=
+go.opentelemetry.io/otel/metric v1.16.0 h1:RbrpwVG1Hfv85LgnZ7+txXioPDoh6EdbZHo26Q3hqOo=
+go.opentelemetry.io/otel/metric v1.16.0/go.mod h1:QE47cpOmkwipPiefDwo2wDzwJrlfxxNYodqc4xnGCo4=
+go.opentelemetry.io/otel/sdk v1.16.0 h1:Z1Ok1YsijYL0CSJpHt4cS3wDDh7p572grzNrBMiMWgE=
+go.opentelemetry.io/otel/sdk v1.16.0/go.mod h1:tMsIuKXuuIWPBAOrH+eHtvhTL+SntFtXF9QD68aP6p4=
+go.opentelemetry.io/otel/trace v1.16.0 h1:8JRpaObFoW0pxuVPapkgH8UhHQj+bJW8jJsCZEu5MQs=
+go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLkqr2QVwea0ef0=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
+go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec=
+go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
+go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
+go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
+go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
+go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
+go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
+go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -273,6 +639,7 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@ -281,7 +648,14 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -294,6 +668,7 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -308,18 +683,38 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
-golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -328,23 +723,35 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -357,26 +764,58 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -388,14 +827,18 @@ golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@ -403,6 +846,7 @@ golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@ -418,10 +862,27 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -442,6 +903,9 @@ google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -450,6 +914,7 @@ google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@ -479,6 +944,19 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
+google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
+google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de h1:jFNzHPIeuzhdRwVhbZdiym9q0ory/xY3sA+v2wPg8I0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de h1:cZGRis4/ot9uVm639a+rHCUaG0JJHEsdyzSQTMX+suY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@ -491,6 +969,12 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.63.0 h1:WjKe+dnvABXyPJMD7KDNLxtoGk5tgk+YFWN6cBWjZE8=
+google.golang.org/grpc v1.63.0/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@ -503,18 +987,24 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/infrastructure/auth_connector/auth_connector.go
+++ b/infrastructure/auth_connector/auth_connector.go
@ -0,0 +1,28 @@
+package auth_connectors
+
+import (
+	"net/http"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+type AuthConnector interface {
+	Status() tools.State
+	Login(username string, cookies ...*http.Cookie) (*Token, error)
+	Logout(token string, cookies ...*http.Cookie) (*Token, error)
+	Introspect(token string, cookie ...*http.Cookie) (bool, error)
+	Refresh(token *Token) (*Token, error)
+}
+
+type Token struct {
+	Active      bool   `json:"active"`
+	AccessToken string `json:"access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+	Challenge   string `json:"challenge"`
+	Username    string `json:"username,omitempty"`
+	Password    string `json:"password,omitempty"`
+}
+
+type Redirect struct {
+	RedirectTo string `json:"redirect_to"`
+}
--- a/infrastructure/auth_connector/hydra_connector.go
+++ b/infrastructure/auth_connector/hydra_connector.go
@ -0,0 +1,240 @@
+package auth_connectors
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"oc-auth/conf"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+type HydraConnector struct {
+	State        string `json:"state"`
+	Scopes       string `json:"scope"`
+	ClientID     string `json:"client_id"`
+	ResponseType string `json:"response_type"`
+
+	Caller *tools.HTTPCaller
+}
+
+func (a HydraConnector) Status() tools.State {
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	var responseBody map[string]interface{}
+	host := conf.GetConfig().AuthConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().AuthConnectorPort)
+	resp, err := caller.CallGet("http://"+host+":"+port, "/health/ready")
+	if err != nil {
+		return tools.DEAD
+	}
+	err = json.Unmarshal(resp, &responseBody)
+	if err != nil || responseBody["status"] != "ok" {
+		return tools.DEAD
+	}
+	return tools.ALIVE
+}
+
+// urlFormat formats the URL of the peer with the data type API function
+func (a *HydraConnector) urlFormat(url string, replaceWith string) string {
+	// localhost is replaced by the local peer URL
+	// because localhost must collide on a web request security protocol
+	r := regexp.MustCompile("(http://[a-z]+:[0-9]+)/oauth2")
+	t := r.FindString(url)
+	if t != "" {
+		url = strings.Replace(url, t, replaceWith, -1)
+	}
+	return url
+}
+
+func (a HydraConnector) challenge(username string, url string, challenge string, cookies ...*http.Cookie) (*Redirect, string, []*http.Cookie, error) {
+	body := map[string]interface{}{
+		"remember_for": 0,
+		"remember":     true,
+	}
+	if challenge != "consent" {
+		body["subject"] = username
+	}
+	s := strings.Split(url, challenge+"_challenge=")
+	resp, err := a.Caller.CallRaw(http.MethodPut,
+		a.getPath(true, true), "/auth/requests/"+challenge+"/accept?"+challenge+"_challenge="+s[1],
+		body, "application/json", true, cookies...) // "remember": true, "subject": username
+	if err != nil {
+		return nil, s[1], cookies, err
+	}
+	defer resp.Body.Close()
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, s[1], cookies, err
+	}
+	var token Redirect
+	err = json.Unmarshal(b, &token)
+	if err != nil {
+		return nil, s[1], cookies, err
+	}
+	return &token, s[1], cookies, nil
+}
+
+func (a HydraConnector) Refresh(token *Token) (*Token, error) {
+	isValid, err := a.Introspect(token.AccessToken)
+	if err != nil || !isValid {
+		return nil, err
+	}
+	return a.Login(token.Username)
+}
+
+func (a HydraConnector) tryLog(username string, url string, subpath string, challenge string, cookies ...*http.Cookie) (*Redirect, string, []*http.Cookie, error) {
+	resp, err := a.Caller.CallRaw(http.MethodGet, url, subpath,
+		map[string]interface{}{}, "application/json", true, cookies...)
+	if err != nil || resp.Request.Response == nil || resp.Request.Response.Header["Set-Cookie"] == nil {
+		return nil, "", cookies, err
+	}
+	cc := resp.Request.Response.Header["Set-Cookie"] // retrieve oauth2 csrf token cookie
+	if len(cc) > 0 {
+		for _, c := range cc {
+			first := strings.Split(c, ";")
+			cookies = append(cookies, &http.Cookie{
+				Name:  strings.Split(first[0], "=")[0],
+				Value: strings.ReplaceAll(first[0], strings.Split(first[0], "=")[0]+"=", ""),
+			})
+		}
+	}
+	return a.challenge(username, resp.Request.URL.String(), challenge, cookies...)
+}
+
+func (a HydraConnector) extractTokenFromFragment(fragment string) *Token {
+	splittedFragment := strings.Split(fragment, "#")
+	f := splittedFragment[0]
+	if len(splittedFragment) > 1 {
+		f = splittedFragment[1]
+	}
+	token := &Token{}
+	frags := strings.Split(f, "&")
+	for _, f := range frags {
+		splittedFrag := strings.Split(f, "=")
+		if len(splittedFrag) > 1 {
+			if splittedFrag[0] == "access_token" {
+				token.AccessToken = strings.ReplaceAll(splittedFrag[1], "ory_at_", "")
+			}
+			if splittedFrag[0] == "expires_in" {
+				i, err := strconv.Atoi(splittedFrag[1])
+				if err != nil {
+					return nil
+				}
+				token.ExpiresIn = i
+			}
+		}
+	}
+	return token
+}
+
+func (a HydraConnector) getClient() string {
+	resp, err := a.Caller.CallGet(a.getPath(true, false), "/clients")
+	if err != nil {
+		return ""
+	}
+	var clients []interface{}
+	err = json.Unmarshal(resp, &clients)
+	if err != nil || len(clients) == 0 {
+		return ""
+	}
+	return clients[0].(map[string]interface{})["client_id"].(string)
+}
+
+func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Token, err error) {
+	clientID := a.getClient()
+	redirect, challenge, cookies, err := a.tryLog(username, a.getPath(false, true),
+		"/auth?client_id="+clientID+"&response_type="+strings.ReplaceAll(a.ResponseType, " ", "%20")+"&scope="+strings.ReplaceAll(a.Scopes, " ", "%20")+"&state="+a.State,
+		"login", cookies...)
+	if err != nil || redirect == nil {
+		return nil, err
+	}
+	redirect, challenge, cookies, err = a.tryLog(username, a.urlFormat(redirect.RedirectTo, a.getPath(false, true)), "", "consent", cookies...)
+	if err != nil || redirect == nil {
+		return nil, err
+	}
+	// problem with consent THERE we need to accept the consent challenge && get the token
+	url := ""
+	resp, err := a.Caller.CallRaw(http.MethodGet, a.urlFormat(redirect.RedirectTo, a.getPath(false, true)), "", map[string]interface{}{},
+		"application/json", true, cookies...)
+	if err != nil {
+		s := strings.Split(err.Error(), "\"")
+		if len(s) > 1 && strings.Contains(s[1], "access_token") {
+			url = s[1]
+			err = nil
+		} else {
+			return nil, err
+		}
+	} else {
+		url = resp.Request.Response.Request.URL.Fragment
+	}
+	token := a.extractTokenFromFragment(url)
+	fmt.Println(url, token)
+	if token == nil || token.AccessToken == "" {
+		return nil, errors.New("no token found")
+	}
+	token.Challenge = challenge
+	token.Active = true
+	token.Username = username
+	fmt.Println(token)
+	return token, nil
+}
+
+func (a HydraConnector) Logout(token string, cookies ...*http.Cookie) (*Token, error) {
+	p := a.getPath(false, true) + "/revoke"
+	urls := url.Values{}
+	urls.Add("token", token)
+	urls.Add("client_id", a.getClient())
+	urls.Add("client_secret", conf.GetConfig().ClientSecret)
+	_, err := a.Caller.CallForm(http.MethodPost, p, "", urls, "application/x-www-form-urlencoded", true)
+	if err != nil {
+		return nil, err
+	}
+	return &Token{
+		AccessToken: token,
+		Active:      false,
+	}, nil
+}
+func (a HydraConnector) Introspect(token string, cookie ...*http.Cookie) (bool, error) {
+	// check validity of the token by calling introspect endpoint
+	// if token is not active, we need to re-authenticate by sending the user to the login page
+	urls := url.Values{}
+	urls.Add("token", token)
+	resp, err := a.Caller.CallForm(http.MethodPost, a.getPath(true, true), "/introspect", urls,
+		"application/x-www-form-urlencoded", true, cookie...)
+	if err != nil || resp.StatusCode >= 300 {
+		return false, err
+	}
+	defer resp.Body.Close()
+	b, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+	var introspect Token
+	err = json.Unmarshal(b, &introspect)
+	if err != nil {
+		return false, err
+	}
+	introspect.AccessToken = token
+	return introspect.Active, nil
+}
+
+func (a HydraConnector) getPath(isAdmin bool, isOauth bool) string {
+	host := conf.GetConfig().AuthConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().AuthConnectorPort)
+	if isAdmin {
+		port = fmt.Sprintf("%v", conf.GetConfig().AuthConnectorAdminPort) + "/admin"
+	}
+	oauth := ""
+	if isOauth {
+		oauth = "/oauth2"
+	}
+	fmt.Println("http://" + host + ":" + port + oauth)
+	return "http://" + host + ":" + port + oauth
+
+}
--- a/infrastructure/auth_connector/ldap.go
+++ b/infrastructure/auth_connector/ldap.go
@ -0,0 +1,386 @@
+package auth_connectors
+
+import (
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"oc-auth/conf"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/coocood/freecache"
+	"github.com/go-ldap/ldap/v3"
+	"github.com/i-core/rlog"
+	"go.uber.org/zap"
+)
+
+var (
+	// errInvalidCredentials is an error that happens when a user's password is invalid.
+	errInvalidCredentials = fmt.Errorf("invalid credentials")
+	// errConnectionTimeout is an error that happens when no one LDAP endpoint responds.
+	errConnectionTimeout = fmt.Errorf("connection timeout")
+	// errMissedUsername is an error that happens
+	errMissedUsername = errors.New("username is missed")
+	// errUnknownUsername is an error that happens
+	errUnknownUsername = errors.New("unknown username")
+)
+
+type conn interface {
+	Bind(bindDN, password string) error
+	SearchUser(user string, attrs ...string) ([]map[string]interface{}, error)
+	SearchUserRoles(user string, attrs ...string) ([]map[string]interface{}, error)
+	Close() error
+}
+
+type connector interface {
+	Connect(ctx context.Context, addr string) (conn, error)
+}
+
+// Config is a LDAP configuration.
+type Config struct {
+	Endpoints      []string          `envconfig:"endpoints" required:"true" desc:"a LDAP's server URLs as \"<address>:<port>\""`
+	BindDN         string            `envconfig:"binddn" desc:"a LDAP bind DN"`
+	BindPass       string            `envconfig:"bindpw" json:"-" desc:"a LDAP bind password"`
+	BaseDN         string            `envconfig:"basedn" required:"true" desc:"a LDAP base DN for searching users"`
+	AttrClaims     map[string]string `envconfig:"attr_claims" default:"name:name,sn:family_name,givenName:given_name,mail:email" desc:"a mapping of LDAP attributes to OpenID connect claims"`
+	RoleBaseDN     string            `envconfig:"role_basedn" required:"true" desc:"a LDAP base DN for searching roles"`
+	RoleAttr       string            `envconfig:"role_attr" default:"description" desc:"a LDAP group's attribute that contains a role's name"`
+	RoleClaim      string            `envconfig:"role_claim" default:"https://github.com/i-core/werther/claims/roles" desc:"a name of an OpenID Connect claim that contains user roles"`
+	CacheSize      int               `envconfig:"cache_size" default:"512" desc:"a user info cache's size in KiB"`
+	CacheTTL       time.Duration     `envconfig:"cache_ttl" default:"30m" desc:"a user info cache TTL"`
+	IsTLS          bool              `envconfig:"is_tls" default:"false" desc:"should LDAP connection be established via TLS"`
+	FlatRoleClaims bool              `envconfig:"flat_role_claims" desc:"add roles claim as single list"`
+}
+
+// New creates a new LDAP client.
+func New() *Client {
+	cnf := Config{
+		Endpoints:  strings.Split(conf.GetConfig().LDAPEndpoints, ","),
+		BindDN:     conf.GetConfig().LDAPBindDN,
+		BindPass:   conf.GetConfig().LDAPBindPW,
+		BaseDN:     conf.GetConfig().LDAPBaseDN,
+		RoleBaseDN: conf.GetConfig().LDAPRoleBaseDN,
+	}
+	return &Client{
+		Config:    cnf,
+		connector: &ldapConnector{BaseDN: cnf.BaseDN, RoleBaseDN: cnf.RoleBaseDN, IsTLS: cnf.IsTLS},
+		cache:     freecache.NewCache(cnf.CacheSize * 1024),
+	}
+}
+
+type Client struct {
+	Config
+	connector connector
+	cache     *freecache.Cache
+}
+
+func (cli *Client) Authenticate(ctx context.Context, username, password string) (bool, error) {
+	if username == "" || password == "" {
+		return false, nil
+	}
+
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+
+	cn, ok := <-cli.connect(ctx)
+	cancel()
+	if !ok {
+		return false, errConnectionTimeout
+	}
+	defer cn.Close()
+
+	// Find a user DN by his or her username.
+	details, err := cli.findBasicUserDetails(cn, username, []string{"dn"})
+	if err != nil {
+		return false, err
+	}
+	if details == nil {
+		return false, nil
+	}
+
+	if err := cn.Bind(details["dn"].(string), password); err != nil {
+		if err == errInvalidCredentials {
+			return false, nil
+		}
+		return false, err
+	}
+
+	// Clear the claims' cache because of possible re-authentication. We don't want stale claims after re-login.
+	if ok := cli.cache.Del([]byte(username)); ok {
+		log := rlog.FromContext(ctx)
+		log.Debug("Cleared user's OIDC claims in the cache")
+	}
+
+	return true, nil
+}
+
+// Claim is the FindOIDCClaims result struct
+type LDAPClaim struct {
+	Code  string      // the root claim name
+	Name  string      // the claim name
+	Value interface{} // the value
+}
+
+// FindOIDCClaims finds all OIDC claims for a user.
+func (cli *Client) FindOIDCClaims(ctx context.Context, username string) ([]LDAPClaim, error) {
+	if username == "" {
+		return nil, errMissedUsername
+	}
+
+	log := rlog.FromContext(ctx).Sugar()
+
+	// Retrieving from LDAP is slow. So, we try to get claims for the given username from the cache.
+	switch cdata, err := cli.cache.Get([]byte(username)); err {
+	case nil:
+		var claims []LDAPClaim
+		if err = json.Unmarshal(cdata, &claims); err != nil {
+			log.Info("Failed to unmarshal user's OIDC claims", zap.Error(err), "data", cdata)
+			return nil, err
+		}
+		log.Debugw("Retrieved user's OIDC claims from the cache", "claims", claims)
+		return claims, nil
+	case freecache.ErrNotFound:
+		log.Debug("User's OIDC claims is not found in the cache")
+	default:
+		log.Infow("Failed to retrieve user's OIDC claims from the cache", zap.Error(err))
+	}
+
+	// Try to make multiple TCP connections to the LDAP server for getting claims.
+	// Accept the first one, and cancel others.
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithCancel(ctx)
+
+	cn, ok := <-cli.connect(ctx)
+	cancel()
+	if !ok {
+		return nil, errConnectionTimeout
+	}
+	defer cn.Close()
+
+	// We need to find LDAP attribute's names for all required claims.
+	attrs := []string{"dn"}
+	for k := range cli.AttrClaims {
+		attrs = append(attrs, k)
+	}
+	// Find the attributes in the LDAP server.
+	details, err := cli.findBasicUserDetails(cn, username, attrs)
+	if err != nil {
+		return nil, err
+	}
+	if details == nil {
+		return nil, errUnknownUsername
+	}
+	log.Infow("Retrieved user's info from LDAP", "details", details)
+
+	// Transform the retrieved attributes to corresponding claims.
+	claims := make([]LDAPClaim, 0, len(details))
+	for attr, v := range details {
+		if claim, ok := cli.AttrClaims[attr]; ok {
+			claims = append(claims, LDAPClaim{claim, claim, v})
+		}
+	}
+
+	// User's roles is stored in LDAP as groups. We find all groups in a role's DN
+	// that include the user as a member.
+	entries, err := cn.SearchUserRoles(fmt.Sprintf("%s", details["dn"]), "dn", cli.RoleAttr)
+	if err != nil {
+		return nil, err
+	}
+
+	roles := make(map[string]interface{})
+	for _, entry := range entries {
+		roleDN, ok := entry["dn"].(string)
+		if !ok || roleDN == "" {
+			log.Infow("No required LDAP attribute for a role", "ldapAttribute", "dn", "entry", entry)
+			continue
+		}
+		if entry[cli.RoleAttr] == nil {
+			log.Infow("No required LDAP attribute for a role", "ldapAttribute", cli.RoleAttr, "roleDN", roleDN)
+			continue
+		}
+
+		// Ensure that a role's DN is inside of the role's base DN.
+		// It's sufficient to compare the DN's suffix with the base DN.
+		n, k := len(roleDN), len(cli.RoleBaseDN)
+		if n < k || !strings.EqualFold(roleDN[n-k:], cli.RoleBaseDN) {
+			panic("You should never see that")
+		}
+		// The DN without the role's base DN must contain a CN and OU
+		// where the CN is for uniqueness only, and the OU is an application id.
+		path := strings.Split(roleDN[:n-k-1], ",")
+		if len(path) != 2 {
+			log.Infow("A role's DN without the role's base DN must contain two nodes only",
+				"roleBaseDN", cli.RoleBaseDN, "roleDN", roleDN)
+			continue
+		}
+		appID := path[1][len("OU="):]
+
+		var appRoles []interface{}
+		if v := roles[appID]; v != nil {
+			appRoles = v.([]interface{})
+		}
+		appRoles = append(appRoles, entry[cli.RoleAttr])
+		roles[appID] = appRoles
+	}
+
+	claims = append(claims, LDAPClaim{cli.RoleClaim, cli.RoleClaim, roles})
+
+	if cli.FlatRoleClaims {
+		for appID, appRoles := range roles {
+			claims = append(claims, LDAPClaim{cli.RoleClaim, cli.RoleClaim + "/" + appID, appRoles})
+		}
+	}
+
+	// Save the claims in the cache for future queries.
+	cdata, err := json.Marshal(claims)
+	if err != nil {
+		log.Infow("Failed to marshal user's OIDC claims for caching", zap.Error(err), "claims", claims)
+	}
+	if err = cli.cache.Set([]byte(username), cdata, int(cli.CacheTTL.Seconds())); err != nil {
+		log.Infow("Failed to store user's OIDC claims into the cache", zap.Error(err), "claims", claims)
+	}
+
+	return claims, nil
+}
+
+func (cli *Client) connect(ctx context.Context) <-chan conn {
+	var (
+		wg sync.WaitGroup
+		ch = make(chan conn)
+	)
+	wg.Add(len(cli.Endpoints))
+	for _, addr := range cli.Endpoints {
+		fmt.Println("addr", addr)
+		go func(addr string) {
+			defer wg.Done()
+
+			cn, err := cli.connector.Connect(ctx, addr)
+			if err != nil {
+				fmt.Println("Failed to create a LDAP connection", "address", addr)
+				return
+			}
+			select {
+			case <-ctx.Done():
+				cn.Close()
+				fmt.Println("a LDAP connection is cancelled", "address", addr)
+				return
+			case ch <- cn:
+			}
+		}(addr)
+	}
+	go func() {
+		wg.Wait()
+		close(ch)
+	}()
+	return ch
+}
+
+// findBasicUserDetails finds user's LDAP attributes that were specified. It returns nil if no such user.
+func (cli *Client) findBasicUserDetails(cn conn, username string, attrs []string) (map[string]interface{}, error) {
+	if cli.BindDN != "" {
+		// We need to login to a LDAP server with a service account for retrieving user data.
+		if err := cn.Bind(cli.BindDN, cli.BindPass); err != nil {
+			return nil, errors.New(err.Error() + " : failed to login to a LDAP woth a service account")
+		}
+	}
+
+	entries, err := cn.SearchUser(username, attrs...)
+	if err != nil {
+		return nil, err
+	}
+	if len(entries) != 1 {
+		// We didn't find the user.
+		return nil, nil
+	}
+
+	var (
+		entry   = entries[0]
+		details = make(map[string]interface{})
+	)
+	for _, attr := range attrs {
+		if v, ok := entry[attr]; ok {
+			details[attr] = v
+		}
+	}
+	return details, nil
+}
+
+type ldapConnector struct {
+	BaseDN     string
+	RoleBaseDN string
+	IsTLS      bool
+}
+
+func (c *ldapConnector) Connect(ctx context.Context, addr string) (conn, error) {
+	d := net.Dialer{Timeout: ldap.DefaultTimeout}
+	tcpcn, err := d.DialContext(ctx, "tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+
+	if c.IsTLS {
+		tlscn, err := tls.DialWithDialer(&d, "tcp", addr, nil)
+		if err != nil {
+			return nil, err
+		}
+		tcpcn = tlscn
+	}
+
+	ldapcn := ldap.NewConn(tcpcn, c.IsTLS)
+
+	ldapcn.Start()
+	return &ldapConn{Conn: ldapcn, BaseDN: c.BaseDN, RoleBaseDN: c.RoleBaseDN}, nil
+}
+
+type ldapConn struct {
+	*ldap.Conn
+	BaseDN     string
+	RoleBaseDN string
+}
+
+func (c *ldapConn) Bind(bindDN, password string) error {
+	err := c.Conn.Bind(bindDN, password)
+	if ldapErr, ok := err.(*ldap.Error); ok && ldapErr.ResultCode == ldap.LDAPResultInvalidCredentials {
+		return errInvalidCredentials
+	}
+	return err
+}
+
+func (c *ldapConn) SearchUser(user string, attrs ...string) ([]map[string]interface{}, error) {
+	query := fmt.Sprintf(
+		"(&(|(objectClass=organizationalPerson)(objectClass=inetOrgPerson))"+
+			"(|(uid=%[1]s)(mail=%[1]s)(userPrincipalName=%[1]s)(sAMAccountName=%[1]s)))", user)
+	return c.searchEntries(c.BaseDN, query, attrs)
+}
+
+func (c *ldapConn) SearchUserRoles(user string, attrs ...string) ([]map[string]interface{}, error) {
+	query := fmt.Sprintf("(|"+
+		"(&(|(objectClass=group)(objectClass=groupOfNames))(member=%[1]s))"+
+		"(&(objectClass=groupOfUniqueNames)(uniqueMember=%[1]s))"+
+		")", user)
+	return c.searchEntries(c.RoleBaseDN, query, attrs)
+}
+
+// searchEntries executes a LDAP query, and returns a result as entries where each entry is mapping of LDAP attributes.
+func (c *ldapConn) searchEntries(baseDN, query string, attrs []string) ([]map[string]interface{}, error) {
+	req := ldap.NewSearchRequest(baseDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, query, attrs, nil)
+	res, err := c.Search(req)
+	if err != nil {
+		return nil, err
+	}
+
+	var entries []map[string]interface{}
+	for _, v := range res.Entries {
+		entry := map[string]interface{}{"dn": v.DN}
+		for _, attr := range v.Attributes {
+			// We need the first value only for the named attribute.
+			entry[attr.Name] = attr.Values[0]
+		}
+		entries = append(entries, entry)
+	}
+	return entries, nil
+}
--- a/infrastructure/claims/claims.go
+++ b/infrastructure/claims/claims.go
@ -0,0 +1,18 @@
+package claims
+
+// Tokenizer interface
+type ClaimService interface {
+	AddClaimsToToken(userId string, host string) Claims
+	DecodeClaimsInToken(host string, method string, forward string, sessionClaims map[string]interface{}, publicKey string) (bool, error)
+}
+
+// SessionClaims struct
+type SessionClaims struct {
+	AccessToken map[string]interface{} `json:"access_token"`
+	IDToken     map[string]interface{} `json:"id_token"`
+}
+
+// Claims struct
+type Claims struct {
+	Session SessionClaims `json:"session"`
+}
--- a/infrastructure/claims/hydra_claims.go
+++ b/infrastructure/claims/hydra_claims.go
@ -0,0 +1,133 @@
+package claims
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"oc-auth/conf"
+	"oc-auth/infrastructure/perms_connectors"
+	"oc-auth/infrastructure/utils"
+	"os"
+	"strings"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+type HydraClaims struct{}
+
+func (h HydraClaims) generateKey(relation string, path string) (string, error) {
+	method, err := utils.ExtractMethod(relation, false)
+	if err != nil {
+		return "", err
+	}
+	p := strings.ReplaceAll(strings.ToUpper(path), "/", "_")
+	return strings.ToLower(method.String()) + "_" + p, nil
+}
+
+// decode key expect to extract method and path from key
+func (h HydraClaims) decodeKey(key string) (tools.METHOD, string, error) {
+	s := strings.Split(key, "_")
+	if len(s) < 2 {
+		return tools.GET, "", errors.New("invalid key")
+	}
+	meth, err := utils.ExtractMethod(s[0], false)
+	if err != nil {
+		return meth, "", err
+	}
+	p := strings.ReplaceAll(strings.ToLower(s[1]), "_", "/")
+	return meth, p, nil
+}
+
+func (h HydraClaims) DecodeSignature(host string, signature string, publicKey string) (bool, error) {
+	hashed := sha256.Sum256([]byte(host))
+	// get public key into a variable
+	spkiBlock, _ := pem.Decode([]byte(publicKey))
+	key, _ := x509.ParsePKCS1PublicKey(spkiBlock.Bytes)
+	err := rsa.VerifyPKCS1v15(key, crypto.SHA256, hashed[:], []byte(signature))
+	if err != nil {
+		return false, err
+	}
+	return true, nil
+}
+
+func (h HydraClaims) encodeSignature(host string) (string, error) {
+	hashed := sha256.Sum256([]byte(host))
+	// READ FILE TO GET PRIVATE KEY FROM PVK PEM PATH
+	content, err := os.ReadFile(conf.GetConfig().PVKPath)
+	if err != nil {
+		return "", err
+	}
+	privateKey := string(content)
+	spkiBlock, _ := pem.Decode([]byte(privateKey))
+	key, _ := x509.ParsePKCS1PrivateKey(spkiBlock.Bytes)
+	signature, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, hashed[:])
+	if err != nil {
+		return "", err
+	}
+	return string(signature), nil
+}
+
+func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims map[string]interface{}, publicKey string) (bool, error) {
+	if sessionClaims["id_token"] == nil || sessionClaims["access_token"] == nil {
+		return false, errors.New("invalid session claims")
+	}
+	idTokenClaims := sessionClaims["id_token"].(map[string]interface{})
+	signature := idTokenClaims["signature"].(string)
+	if ok, err := h.DecodeSignature(host, signature, publicKey); !ok {
+		return false, err
+	}
+	claims := sessionClaims["access_token"].(map[string]interface{})
+	path := strings.ReplaceAll(forward, "http://"+host, "")
+	splittedPath := strings.Split(path, "/")
+	for m, p := range claims {
+		splittedP := strings.Split(p.(string), "/")
+		if len(splittedP) != len(splittedPath) {
+			return false, errors.New("invalid path")
+		}
+		for i, v := range splittedP {
+			if strings.Contains(v, ":") { // is a param
+				continue
+			} else if v != splittedPath[i] {
+				meth, _, err := h.decodeKey(m)
+				if err != nil {
+					return false, err
+				}
+				perm := perms_connectors.Permission{
+					Relation: "permits" + strings.ToLower(meth.String()),
+					Object:   p.(string),
+				}
+				return perms_connectors.GetPermissionConnector().CheckPermission(perm, nil, true), nil
+			}
+		}
+	}
+	return false, errors.New("no permission found")
+}
+
+// add claims to token method of HydraTokenizer
+func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims {
+	claims := Claims{}
+	perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId)
+	if err != nil {
+		return claims
+	}
+	for _, perm := range perms {
+		key, err := h.generateKey(perm.Relation, perm.Object)
+		if err != nil {
+			continue
+		}
+		claims.Session.AccessToken[key] = perm.Object
+	}
+	sign, err := h.encodeSignature(host)
+	if err != nil {
+		return claims
+	}
+	claims.Session.IDToken["signature"] = sign
+	return claims
+
+}
+
+// add signature in the token MISSING
--- a/infrastructure/infrastructure.go
+++ b/infrastructure/infrastructure.go
@ -0,0 +1,32 @@
+package infrastructure
+
+import (
+	"oc-auth/conf"
+	auth_connectors "oc-auth/infrastructure/auth_connector"
+	"oc-auth/infrastructure/claims"
+	"oc-auth/infrastructure/perms_connectors"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+var t = map[string]claims.ClaimService{
+	"hydra": claims.HydraClaims{},
+}
+
+var a = map[string]auth_connectors.AuthConnector{
+	"hydra": auth_connectors.HydraConnector{
+		Caller: tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{}),
+		State:  "12345678", ResponseType: "token", Scopes: "openid profile email roles"}, // base url
+}
+
+func GetAuthConnector() auth_connectors.AuthConnector {
+	return a[conf.GetConfig().Auth]
+}
+
+func GetPermissionConnector() perms_connectors.PermConnector {
+	return perms_connectors.GetPermissionConnector()
+}
+
+func GetClaims() claims.ClaimService {
+	return t[conf.GetConfig().Auth]
+}
--- a/infrastructure/perms_connectors/keto_connector.go
+++ b/infrastructure/perms_connectors/keto_connector.go
@ -0,0 +1,360 @@
+package perms_connectors
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"oc-auth/conf"
+	"oc-auth/infrastructure/utils"
+
+	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+type KetoConnector struct{}
+
+func (k KetoConnector) namespace() string {
+	return "open-cloud"
+}
+
+func (k KetoConnector) scope() string {
+	return "oc-auth"
+}
+
+func (f KetoConnector) permToQuery(perm Permission, permDependancies *Permission) string {
+	n := "?namespace=" + perm.Namespace()
+	if perm.Object != "" {
+		n += "&object=" + perm.Object
+	}
+	if perm.Subject != "" {
+		n += "&subject_id=" + perm.Subject
+	}
+	if perm.Relation != "" {
+		n += "&relation=" + perm.Relation
+	}
+	if permDependancies != nil {
+		n += "&subject_set.namespace=" + perm.Namespace()
+		if permDependancies.Object != "" {
+			n += "&subject_set.object=" + permDependancies.Object
+		}
+		if permDependancies.Subject != "" {
+			n += "&subject_set.subject_id=" + permDependancies.Subject
+		}
+		if permDependancies.Relation != "" {
+			n += "&subject_set.relation=" + permDependancies.Relation
+		}
+	}
+	return n
+}
+
+func (k KetoConnector) Status() tools.State {
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	var responseBody map[string]interface{}
+	host := conf.GetConfig().PermissionConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorPort)
+	resp, err := caller.CallGet("http://"+host+":"+port, "/health/ready")
+	if err != nil {
+		return tools.DEAD
+	}
+	err = json.Unmarshal(resp, &responseBody)
+	if err != nil || responseBody["status"] != "ok" {
+		return tools.DEAD
+	}
+	return tools.ALIVE
+}
+
+func (k KetoConnector) CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool {
+	if (perm.Object == k.scope() || perm.Subject == k.scope()) && !internal {
+		log := oclib.GetLogger()
+		log.Error().Msg("Permission denied : Ask illegal permission")
+		return false
+	}
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	var responseBody map[string]interface{}
+	host := conf.GetConfig().PermissionConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorPort)
+	resp, err := caller.CallGet("http://"+host+":"+port, "/relation-tuples/check"+k.permToQuery(perm, permDependancies))
+	if err != nil {
+		log := oclib.GetLogger()
+		log.Error().Msg(err.Error())
+		return false
+	}
+	err = json.Unmarshal(resp, &responseBody)
+	if err != nil || responseBody["allowed"] == nil {
+		return false
+	}
+	return responseBody["allowed"].(bool)
+}
+
+func (k KetoConnector) DeleteRole(roleID string) (string, int, error) {
+	k.deleteRelationShip("", "", roleID, nil)
+	_, code, err := k.deleteRelationShip(roleID, "", k.scope(), nil)
+	if err != nil {
+		return "", code, err
+	}
+	return roleID, 200, nil
+}
+
+func (k KetoConnector) DeletePermission(permID string, relation string, internal bool) (string, int, error) {
+	meth, err := utils.ExtractMethod(relation, internal)
+	if err != nil {
+		for _, method := range []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE} {
+			k.DeletePermission("", method.String(), internal)
+		}
+		return "", 200, err
+	}
+	k.deleteRelationShip("", "", permID, nil)
+	_, code, err := k.deleteRelationShip(permID, "permits"+meth.String(), k.scope(), nil)
+	if err != nil {
+		return "", code, err
+	}
+	return permID, 200, nil
+}
+
+func (k KetoConnector) CreateRole(roleID string) (string, int, error) {
+	p, code, err := k.createRelationShip(roleID, "is", k.scope(), nil)
+	if err != nil {
+		return "", code, err
+	}
+	return p.Object, 200, nil
+}
+
+func (k KetoConnector) CreatePermission(permID string, relation string, internal bool) (string, int, error) {
+	meth, err := utils.ExtractMethod(relation, internal)
+	if err != nil {
+		return "", 422, err
+	}
+	p, code, err := k.createRelationShip(permID, "permits"+meth.String(), k.scope(), nil)
+	if err != nil {
+		return "", code, err
+	}
+	return p.Object, 200, nil
+}
+
+func (k KetoConnector) GetRole(roleID string) ([]string, error) {
+	arr := []string{}
+	roles, err := k.get(roleID, "is", k.scope())
+	if err != nil {
+		return arr, err
+	}
+	for _, role := range roles {
+		arr = append(arr, role.Object)
+	}
+	return arr, nil
+}
+
+func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
+	arr := []string{}
+	roles, err := k.get("", "is", userID)
+	if err != nil {
+		return arr, err
+	}
+	for _, role := range roles {
+		arr = append(arr, role.Object)
+	}
+	return arr, nil
+}
+
+func (k KetoConnector) GetPermission(permID string, relation string) ([]Permission, error) {
+	meth, err := utils.ExtractMethod(relation, true)
+	if err != nil {
+		p := []Permission{}
+		for _, method := range []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE} {
+			fmt.Println("blblbl", permID, "permits"+method.String(), k.scope())
+			perms, err := k.get(permID, "permits"+method.String(), k.scope())
+			fmt.Println("blblbl2", perms, err)
+			if err == nil && len(perms) > 0 {
+				p = append(p, perms...)
+			}
+		}
+		return p, nil
+	}
+	return k.get(permID, "permits"+meth.String(), k.scope())
+}
+
+func (k KetoConnector) GetPermissionByRole(roleID string) ([]Permission, error) {
+	return k.get("", "", roleID)
+}
+func (k KetoConnector) GetPermissionByUser(userID string) ([]Permission, error) {
+	roles, err := k.get("", "is", userID)
+	perms := []Permission{}
+	if err != nil {
+		return perms, err
+	}
+	for _, role := range roles {
+		p, err := k.get(role.Object, "", k.scope())
+		if err != nil {
+			log := oclib.GetLogger()
+			log.Error().Msg(err.Error())
+			continue
+		}
+		perms = append(perms, p...)
+	}
+	return perms, nil
+}
+
+func (k KetoConnector) get(object string, relation string, subject string) ([]Permission, error) {
+	t := []Permission{}
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	host := conf.GetConfig().PermissionConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorPort)
+	resp, err := caller.CallGet("http://"+host+":"+port, "/relation-tuples"+k.permToQuery(
+		Permission{Object: object, Relation: relation, Subject: subject}, nil))
+	if err != nil {
+		return t, err
+	}
+	var data map[string]interface{}
+	err = json.Unmarshal(resp, &data)
+	if err != nil {
+		return t, err
+	}
+	if data["relation_tuples"] != nil {
+		for _, v := range data["relation_tuples"].([]interface{}) {
+			t = append(t, Permission{
+				Relation: v.(map[string]interface{})["relation"].(string),
+				Subject:  v.(map[string]interface{})["subject_id"].(string),
+				Object:   v.(map[string]interface{})["object"].(string),
+			})
+		}
+	}
+	return t, nil
+}
+
+func (k KetoConnector) BindRole(userID string, roleID string) (string, int, error) {
+	_, code, err := k.createRelationShip(roleID, "member", userID, nil)
+	if err != nil {
+		return roleID, code, err
+	}
+	return roleID, 200, nil
+}
+
+func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
+	meth, err := utils.ExtractMethod(relation, false)
+	if err != nil {
+		return nil, 422, err
+	}
+	perms, err := k.GetPermission(permID, meth.String())
+	if err != nil || len(perms) != 1 {
+		if len(perms) == 0 {
+			return nil, 404, errors.New("Permission not found")
+		} else if len(perms) > 1 {
+			return nil, 409, errors.New("Multiple permission found")
+		}
+	}
+	_, code, err := k.createRelationShip(roleID, perms[0].Relation, permID, nil)
+	if err != nil {
+		return nil, code, err
+	}
+	return &Permission{
+		Object:   roleID,
+		Relation: perms[0].Relation,
+		Subject:  permID,
+	}, 200, nil
+}
+
+func (k KetoConnector) UnBindRole(userID string, roleID string) (string, int, error) {
+	_, code, err := k.deleteRelationShip(roleID, "member", userID, nil)
+	if err != nil {
+		return roleID, code, err
+	}
+	return roleID, 200, nil
+}
+
+func (k KetoConnector) UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
+	meth, err := utils.ExtractMethod(relation, false)
+	if err != nil {
+		return nil, 422, err
+	}
+	perms, err := k.GetPermission(permID, meth.String())
+	if err != nil || len(perms) != 1 {
+		if len(perms) == 0 {
+			return nil, 404, errors.New("Permission not found")
+		} else if len(perms) > 1 {
+			return nil, 409, errors.New("Multiple permission found")
+		}
+	}
+	_, code, err := k.deleteRelationShip(roleID, perms[0].Relation, permID, nil)
+	if err != nil {
+		return nil, code, err
+	}
+	return &Permission{
+		Object:   roleID,
+		Relation: perms[0].Relation,
+		Subject:  permID,
+	}, 200, nil
+}
+func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
+	exist, err := k.get(object, relation, subject)
+	if err == nil && len(exist) > 0 {
+		return nil, 409, errors.New("Relation already exist")
+	}
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	body := map[string]interface{}{"namespace": k.namespace(), "object": object, "relation": relation, "subject_id": subject}
+
+	if subPerm != nil {
+		s, code, err := k.createRelationShip(subPerm.Object, subPerm.Relation, subPerm.Subject, nil)
+		if err != nil {
+			return nil, code, err
+		}
+		body["subject_set"] = map[string]interface{}{"namespace": s.Namespace(), "object": s.Object, "relation": s.Relation, "subject_id": s.Subject}
+	}
+	host := conf.GetConfig().PermissionConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorAdminPort)
+	b, err := caller.CallPut("http://"+host+":"+port, "/relation-tuples", body)
+	if err != nil {
+		log := oclib.GetLogger()
+		log.Error().Msg(err.Error())
+		return nil, 500, err
+	}
+	var data map[string]interface{}
+	err = json.Unmarshal(b, &data)
+	if err != nil {
+		log := oclib.GetLogger()
+		log.Error().Msg(err.Error())
+		return nil, 500, err
+	}
+	perm := &Permission{
+		Object:   data["object"].(string),
+		Relation: data["relation"].(string),
+		Subject:  data["subject_id"].(string),
+	}
+	if data["subject_set"] != nil {
+		sub := data["subject_set"].(map[string]interface{})
+		perm.SubPermission = &Permission{
+			Object:   sub["object"].(string),
+			Relation: sub["relation"].(string),
+			Subject:  sub["subject_id"].(string),
+		}
+	}
+	return perm, 200, nil
+}
+
+func (k KetoConnector) deleteRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
+	exist, err := k.get(object, relation, subject)
+	if err == nil && len(exist) == 0 {
+		return nil, 409, errors.New("Relation does not exist")
+	}
+	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
+	n := k.permToQuery(Permission{Object: object, Relation: relation, Subject: subject}, subPerm)
+	host := conf.GetConfig().PermissionConnectorHost
+	port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorAdminPort)
+	fmt.Println(host, port, n)
+	b, err := caller.CallDelete("http://"+host+":"+port, "/relation-tuples"+n)
+	fmt.Println(b, err)
+	if err != nil {
+		log := oclib.GetLogger()
+		log.Error().Msg(err.Error())
+		return nil, 500, err
+	}
+	var data map[string]interface{}
+	err = json.Unmarshal(b, &data)
+	if err == nil && data["code"].(int) > 300 {
+		return nil, data["code"].(int), errors.New("Error while deleting relation")
+	}
+	return &Permission{
+		Object:        object,
+		Relation:      relation,
+		Subject:       subject,
+		SubPermission: subPerm,
+	}, 200, nil
+}
--- a/infrastructure/perms_connectors/perms_connector.go
+++ b/infrastructure/perms_connectors/perms_connector.go
@ -0,0 +1,52 @@
+package perms_connectors
+
+import (
+	"oc-auth/conf"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+type Permission struct {
+	Object        string      `json:"object,omitempty"`
+	Relation      string      `json:"relation,omitempty"`
+	Subject       string      `json:"subject,omitempty"`
+	SubPermission *Permission `json:"sub_perm,omitempty"`
+}
+
+func (p Permission) Namespace() string {
+	return "open-cloud"
+}
+
+func (k Permission) Scope() string {
+	return "oc-auth"
+}
+
+type PermConnector interface {
+	Status() tools.State
+	CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool
+	BindRole(userID string, roleID string) (string, int, error)
+	BindPermission(roleID string, permID string, relation string) (*Permission, int, error)
+
+	UnBindRole(userID string, roleID string) (string, int, error)
+	UnBindPermission(roleID string, permID string, relation string) (*Permission, int, error)
+
+	CreateRole(roleID string) (string, int, error)
+	CreatePermission(permID string, relation string, internal bool) (string, int, error)
+	DeleteRole(roleID string) (string, int, error)
+	DeletePermission(permID string, relation string, internal bool) (string, int, error)
+
+	GetRoleByUser(userID string) ([]string, error)
+	GetPermissionByRole(roleID string) ([]Permission, error)
+	GetPermissionByUser(userID string) ([]Permission, error)
+
+	GetRole(roleID string) ([]string, error)
+	GetPermission(permID string, relation string) ([]Permission, error)
+}
+
+var c = map[string]PermConnector{
+	"keto": KetoConnector{},
+}
+
+func GetPermissionConnector() PermConnector {
+	return c[conf.GetConfig().PermissionConnectorHost]
+}
--- a/infrastructure/utils/utils.go
+++ b/infrastructure/utils/utils.go
@ -0,0 +1,21 @@
+package utils
+
+import (
+	"errors"
+	"strings"
+
+	"cloud.o-forge.io/core/oc-lib/tools"
+)
+
+func ExtractMethod(relation string, internal bool) (tools.METHOD, error) {
+	meths := []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE}
+	if internal {
+		meths = append(meths, []tools.METHOD{tools.STRICT_INTERNAL_GET, tools.STRICT_INTERNAL_POST, tools.STRICT_INTERNAL_POST, tools.STRICT_INTERNAL_DELETE}...)
+	}
+	for _, method := range meths {
+		if (!internal && strings.Contains(strings.ToUpper(relation), strings.ToUpper(method.String()))) || (internal && strings.ToUpper(relation) == strings.ToUpper(method.String())) {
+			return method, nil
+		}
+	}
+	return tools.GET, errors.New("method not found")
+}
--- a/keto/docker-compose.yml
+++ b/keto/docker-compose.yml
@ -0,0 +1,21 @@
+version: '3.4'
+
+services:
+  keto:
+    image: oryd/keto:v0.7.0-alpha.1-sqlite
+    ports:
+      - "4466:4466"
+      - "4467:4467"
+    command: serve -c /home/ory/keto.yml
+    restart: on-failure
+    volumes:
+      - type: bind
+        source: .
+        target: /home/ory
+    container_name: keto
+    networks: 
+      - catalog
+
+networks: 
+  catalog:
+    external: true
--- a/keto/keto.yml
+++ b/keto/keto.yml
@ -0,0 +1,18 @@
+version: v0.6.0-alpha.1
+
+log:
+  level: debug
+
+namespaces:
+  - id: 0
+    name: open-cloud
+
+dsn: memory
+
+serve:
+  read:
+    host: 0.0.0.0
+    port: 4466
+  write:
+    host: 0.0.0.0
+    port: 4467
--- a/ldap-hyda/config.yaml
+++ b/ldap-hyda/config.yaml
@ -0,0 +1,466 @@
+# Ory Hydra Configuration
+#
+#
+# !!WARNING!!
+# This configuration file is for documentation purposes only. Do not use it in production. As all configuration items
+# are enabled, it will not work out of the box either.
+#
+#
+# Ory Hydra can be configured using a configuration file and passing the file location using `--config path/to/config.yaml`.
+# Per default, Ory Hydra will look up and load file ~/.hydra.yaml. All configuration keys can be set using environment
+# variables as well.
+#
+# Setting environment variables is easy:
+#
+## Linux / OSX
+#
+# $ export MY_ENV_VAR=foo
+# $ hydra ...
+#
+# alternatively:
+#
+# $ MY_ENV_VAR=foo hydra ...
+#
+## Windows
+#
+### Command Prompt
+#
+# > set MY_ENV_VAR=foo
+# > hydra ...
+#
+### Powershell
+#
+# > $env:MY_ENV_VAR="foo"
+# > hydra ...
+#
+## Docker
+#
+# $ docker run -e MY_ENV_VAR=foo oryd/hydra:...
+#
+#
+# Assuming the following configuration layout:
+#
+# serve:
+#   public:
+#     port: 4444
+#     something_else: foobar
+#
+# Key `something_else` can be set as an environment variable by uppercasing it's path:
+#   `serve.public.port.somethihng_else` -> `SERVE.PUBLIC.PORT.SOMETHING_ELSE`
+# and replacing `.` with `_`:
+#   `serve.public.port.somethihng_else` -> `SERVE_PUBLIC_PORT_SOMETHING_ELSE`
+#
+# Environment variables always override values from the configuration file. Here are some more examples:
+#
+# Configuration key | Environment variable |
+# ------------------|----------------------|
+# dsn               | DSN                  |
+# serve.admin.host  | SERVE_ADMIN_HOST     |
+# ------------------|----------------------|
+#
+#
+# List items such as
+#
+#secrets:
+#  system:
+#    - oc-auth-got-secret
+#     - this-is-an-old-secret
+#     - this-is-another-old-secret
+#
+# must be separated using `,` when using environment variables. The environment variable equivalent to the code section#
+# above is:
+#
+# Linux/macOS: $ export SECRETS_SYSTEM=this-is-the-primary-secret,this-is-an-old-secret,this-is-another-old-secret
+# Windows: > set SECRETS_SYSTEM=this-is-the-primary-secret,this-is-an-old-secret,this-is-another-old-secret
+
+# log configures the logger
+log:
+  # Sets the log level, supports "panic", "fatal", "error", "warn", "info" and "debug". Defaults to "info".
+  level: info
+  # Sets the log format. Leave it undefined for text based log format, or set to "json" for JSON formatting.
+  format: json
+
+# serve controls the configuration for the http(s) daemon(s).
+serve:
+  # public controls the public daemon serving public API endpoints like /oauth2/auth, /oauth2/token, /.well-known/jwks.json
+  public:
+    # The port to listen on. Defaults to 4444
+    port: 4444
+    # The interface or unix socket Ory Hydra should listen and handle public API requests on.
+    # Use the prefix "unix:" to specify a path to a unix socket.
+    # Leave empty to listen on all interfaces.
+    host: localhost # leave this out or empty to listen on all devices which is the default
+    # host: unix:/path/to/socket
+    # socket:
+    #   owner: hydra
+    #   group: hydra
+    #   mode: 0775
+
+    # cors configures Cross Origin Resource Sharing for public endpoints.
+    cors:
+      # set enabled to true to enable CORS. Defaults to false.
+      enabled: true
+      # allowed_origins is a list of origins (comma separated values) a cross-domain request can be executed from.
+      # If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*)
+      # to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.
+      #
+      # If empty or undefined, this defaults to `*`, allowing CORS from every domain (if cors.enabled: true).
+      allowed_origins:
+        - https://example.com
+        - https://*.example.com
+      # allowed_methods is list of HTTP methods the user agent is allowed to use with cross-domain
+      # requests. Defaults to the methods listed.
+      allowed_methods:
+        - POST
+        - GET
+        - PUT
+        - PATCH
+        - DELETE
+
+      # A list of non simple headers the client is allowed to use with cross-domain requests. Defaults to the listed values.
+      allowed_headers:
+        - Authorization
+        - Content-Type
+
+      # Sets which headers (comma separated values) are safe to expose to the API of a CORS API specification. Defaults to the listed values.
+      exposed_headers:
+        - Content-Type
+
+      # Sets whether the request can include user credentials like cookies, HTTP authentication
+      # or client side SSL certificates. Defaults to true.
+      allow_credentials: true
+
+      # Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request
+      # is preceded by a preflight request. Defaults to 0.
+      max_age: 10
+
+      # If set to true, adds additional log output to debug server side CORS issues. Defaults to false.
+      debug: true
+
+    # Access Log configuration for public server.
+    request_log:
+      # Disable access log for health and metrics endpoints.
+      disable_for_health: false
+
+  # admin controls the admin daemon serving admin API endpoints like /jwk, /client, ...
+  admin:
+    # The port to listen on. Defaults to 4445
+    port: 4445
+    # The interface or unix socket Ory Hydra should listen and handle administrative API requests on.
+    # Use the prefix "unix:" to specify a path to a unix socket.
+    # Leave empty to listen on all interfaces.
+    host: localhost # leave this out or empty to listen on all devices which is the default
+    # host: unix:/path/to/socket
+    # socket:
+    #   owner: hydra
+    #   group: hydra
+    #   mode: 0775
+
+    # cors configures Cross Origin Resource Sharing for admin endpoints.
+    cors:
+      # set enabled to true to enable CORS. Defaults to false.
+      enabled: true
+      # allowed_origins is a list of origins (comma separated values) a cross-domain request can be executed from.
+      # If the special * value is present in the list, all origins will be allowed. An origin may contain a wildcard (*)
+      # to replace 0 or more characters (i.e.: http://*.domain.com). Only one wildcard can be used per origin.
+      #
+      # If empty or undefined, this defaults to `*`, allowing CORS from every domain (if cors.enabled: true).
+      allowed_origins:
+        - https://example.com
+        - https://*.example.com
+      # allowed_methods is list of HTTP methods the user agent is allowed to use with cross-domain
+      # requests. Defaults to GET and POST.
+      allowed_methods:
+        - POST
+        - GET
+        - PUT
+        - PATCH
+        - DELETE
+
+      # A list of non simple headers the client is allowed to use with cross-domain requests. Defaults to the listed values.
+      allowed_headers:
+        - Authorization
+        - Content-Type
+
+      # Sets which headers (comma separated values) are safe to expose to the API of a CORS API specification. Defaults to the listed values.
+      exposed_headers:
+        - Content-Type
+
+      # Sets whether the request can include user credentials like cookies, HTTP authentication
+      # or client side SSL certificates.
+      allow_credentials: true
+
+      # Sets how long (in seconds) the results of a preflight request can be cached. If set to 0, every request
+      # is preceded by a preflight request. Defaults to 0.
+      max_age: 10
+
+      # If set to true, adds additional log output to debug server side CORS issues. Defaults to false.
+      debug: true
+
+    # Access Log configuration for admin server.
+    request_log:
+      # Disable access log for health endpoints.
+      disable_for_health: false
+
+  # tls configures HTTPS (HTTP over TLS). If configured, the server automatically supports HTTP/2.
+  tls:
+    # key configures the private key (pem encoded)
+    key:
+      # The key can either be loaded from a file:
+      path: /path/to/key.pem
+      # Or from a base64 encoded (without padding) string:
+      base64: LS0tLS1CRUdJTiBFTkNSWVBURUQgUFJJVkFURSBLRVktLS0tLVxuTUlJRkRqQkFCZ2txaGtpRzl3MEJCUTB3...
+
+    # cert configures the TLS certificate (PEM encoded)
+    cert:
+      # The cert can either be loaded from a file:
+      path: /path/to/cert.pem
+      # Or from a base64 encoded (without padding) string:
+      base64: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tXG5NSUlEWlRDQ0FrMmdBd0lCQWdJRVY1eE90REFOQmdr...
+
+    # Whitelist one or multiple CIDR address ranges and allow them to terminate TLS connections.
+    # Be aware that the X-Forwarded-Proto header must be set and must never be modifiable by anyone but
+    # your proxy / gateway / load balancer. Supports ipv4 and ipv6.
+    #
+    # Hydra serves http instead of https when this option is set.
+    #
+    # For more information head over to: https://www.ory.sh/docs/hydra/production#tls-termination
+    allow_termination_from:
+      - 127.0.0.1/32
+  cookies:
+    # specify the SameSite mode that cookies should be sent with
+    same_site_mode: Lax
+
+    # Some older browser versions don't work with SameSite=None. This option enables the workaround
+    # defined in https://web.dev/samesite-cookie-recipes/ which essentially stores a second cookie
+    # without SameSite as a fallback.
+    same_site_legacy_workaround: false
+
+# dsn sets the data source name. This configures the backend where Ory Hydra persists data.
+#
+## In-memory database
+#
+# If dsn is "memory", data will be written to memory and is lost when you restart this instance.
+# You can set this value using the DSN environment variable:
+#
+## SQL databases
+#
+# Ory Hydra supports popular SQL databases. For more detailed configuration information go to:
+# https://www.ory.sh/docs/hydra/dependencies-environment#sql
+#
+### PostgreSQL (recommended)
+#
+# If dsn is starting with postgres:// PostgreSQL will be used as storage backend:
+# dsn: dsn=postgres://user:password@host:123/database
+#
+### MySQL database
+#
+# If dsn is starting with mysql:// MySQL will be used as storage backend:
+# dsn: mysql://user:password@tcp(host:123)/database
+#
+### CockroachDB
+#
+# If dsn is starting with cockroach:// CockroachDB will be used as storage backend:
+# dsn: cockroach://user:password@host:123/database
+#
+dsn: memory
+# dsn: postgres://user:password@host:123/database
+# dsn: mysql://user:password@tcp(host:123)/database
+
+# hsm configures Hardware Security Module for hydra.openid.id-token, hydra.jwt.access-token keys
+# Either slot or token_label must be set. If token_label is set, then first slot in index with this label is used.
+hsm:
+  enabled: false
+  library: /path/to/hsm-vendor/library.so
+  pin: token-pin-code
+  slot: 0
+  token_label: hydra
+  # Key set prefix can be used in case of multiple Ory Hydra instances need to store keys on the same HSM partition.
+  # For example if `hsm.key_set_prefix=app1.` then key set `hydra.openid.id-token` would be generated/requested/deleted
+  # on HSM with `CKA_LABEL=app1.hydra.openid.id-token`.
+  key_set_prefix: app1.
+
+# webfinger configures ./well-known/ settings
+webfinger:
+  # jwks configures the /.well-known/jwks.json endpoint.
+  jwks:
+    # broadcast_keys is a list of JSON Web Keys that should be exposed at that endpoint. This is usually
+    # the public key for verifying OpenID Connect ID Tokens. However, you might want to add additional keys here as well.
+    broadcast_keys:
+      - hydra.openid.id-token # This key is always exposed by default
+      # - hydra.jwt.access-token # This key will be exposed when the OAuth2 Access Token strategy is set to JWT.
+
+  # oidc_discovery configures OpenID Connect Discovery (/.well-known/openid-configuration)
+  oidc_discovery:
+    client_registration_url: https://my-service.com/clients
+    # A list of supported claims to be broadcasted. Claim `sub` is always included:
+    supported_claims:
+      - email
+      - username
+    # The scope OAuth 2.0 Clients may request. Scope `offline`, `offline_access`, and `openid` are always included.
+    supported_scope:
+      - email
+      - whatever
+      - read.photos
+
+    # A URL of the userinfo endpoint to be advertised at the OpenID Connect
+    # Discovery endpoint /.well-known/openid-configuration. Defaults to Ory Hydra's userinfo endpoint at /userinfo.
+    # Set this value if you want to handle this endpoint yourself.
+    userinfo_url: https://example.org/my-custom-userinfo-endpoint
+
+# oidc configures OpenID Connect features.
+oidc:
+  # subject_identifiers configures the Subject Identifier algorithm.
+  #
+  # For more information please head over to the documentation:
+  # -> https://www.ory.sh/docs/hydra/advanced#subject-identifier-algorithms
+  subject_identifiers:
+    # which algorithms to enable. Defaults to "public"
+    supported_types:
+      - pairwise
+      - public
+    # configures the pairwise algorithm
+    pairwise:
+      # if "pairwise" is enabled, the salt must be defined.
+      salt: some-random-salt
+
+  # dynamic_client_registration configures OpenID Connect Dynamic Client Registration (exposed as admin endpoints /clients/...)
+  dynamic_client_registration:
+    enabled: false
+
+    # The OpenID Connect Dynamic Client Registration specification has no concept of whitelisting OAuth 2.0 Scope. If you
+    # want to expose Dynamic Client Registration, you should set the default scope enabled for newly registered clients.
+    # Keep in mind that users can overwrite this default by setting the "scope" key in the registration payload,
+    # effectively disabling the concept of whitelisted scopes.
+    default_scope:
+      - openid
+      - offline
+      - offline_access
+
+urls:
+  self:
+    # This value will be used as the "issuer" in access and ID tokens. It must be
+    # specified and using HTTPS protocol, unless --dev is set. This should typically be equal
+    # to the public value.
+    issuer: https://localhost:4444/
+
+    # This is the base location of the public endpoints of your Ory Hydra installation. This should typically be equal
+    # to the issuer value. If left unspecified, it falls back to the issuer value.
+    public: https://localhost:4444/
+
+  # Sets the login endpoint of the User Login & Consent flow. Defaults to an internal fallback URL.
+  login: https://my-login.app/login
+  # Sets the consent endpoint of the User Login & Consent flow. Defaults to an internal fallback URL.
+  consent: https://my-consent.app/consent
+  # Sets the logout endpoint. Defaults to an internal fallback URL.
+  logout: https://my-logout.app/logout
+  # Sets the error endpoint. The error ui will be shown when an OAuth2 error occurs that which can not be sent back
+  # to the client. Defaults to an internal fallback URL.
+  error: https://my-error.app/error
+  # When a user agent requests to logout, it will be redirected to this url afterwards per default.
+  post_logout_redirect: https://my-example.app/logout-successful
+
+strategies:
+  scope: DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY
+  # You may use JSON Web Tokens as access tokens.
+  #
+  # But seriously. Don't do that. It's not a great idea and has a ton of caveats and subtle security implications. Read more:
+  # -> https://www.ory.sh/docs/hydra/advanced#json-web-tokens
+  #
+  #  access_token: jwt
+
+# configures time to live
+ttl:
+  # configures how long a user login and consent flow may take. Defaults to 1h.
+  login_consent_request: 1h
+  # configures how long access tokens are valid. Defaults to 1h.
+  access_token: 1h
+  # configures how long refresh tokens are valid. Defaults to 720h. Set to -1 for refresh tokens to never expire.
+  refresh_token: 720h
+  # configures how long id tokens are valid. Defaults to 1h.
+  id_token: 1h
+  # configures how long auth codes are valid. Defaults to 10m.
+  auth_code: 10m
+
+oauth2:
+  # Set this to true if you want to share error debugging information with your OAuth 2.0 clients.
+  #	Keep in mind that debug information is very valuable when dealing with errors, but might also expose database error
+  #	codes and similar errors. Defaults to false.
+  expose_internal_errors: true
+  # Configures hashing algorithms. Supports only BCrypt at the moment.
+  hashers:
+    # Configures the BCrypt hashing algorithm used for hashing Client Secrets.
+    bcrypt:
+      # Sets the BCrypt cost. Minimum value is 4 and default value is 10. The higher the value, the more CPU time is being
+      # used to generate hashes.
+      cost: 10
+  pkce:
+    # Set this to true if you want PKCE to be enforced for all clients.
+    enforced: false
+    # Set this to true if you want PKCE to be enforced for public clients.
+    enforced_for_public_clients: false
+  session:
+    # store encrypted data in database, default true
+    encrypt_at_rest: true
+    ## refresh_token_rotation
+  # By default Refresh Tokens are rotated and invalidated with each use. See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.13.2 for more details
+  refresh_token_rotation:
+    #
+    ## grace_period
+    #
+    # Set the grace period for refresh tokens to be reused. Such reused tokens will result in multiple refresh tokens being issued.
+    #
+    # Examples:
+    # - 5s
+    # - 1m
+    grace_period: 0s
+
+# The secrets section configures secrets used for encryption and signing of several systems. All secrets can be rotated,
+# for more information on this topic navigate to:
+# -> https://www.ory.sh/docs/hydra/advanced#rotation-of-hmac-token-signing-and-database-and-cookie-encryption-keys
+secrets:
+  # The system secret must be at least 16 characters long. If none is provided, one will be generated. They key
+  #	is used to encrypt sensitive data using AES-GCM (256 bit) and validate HMAC signatures.
+  #
+  # The first item in the list is used for signing and encryption. The whole list is used for verifying signatures
+  # and decryption.
+  system:
+    - this-is-the-primary-secret
+    - this-is-an-old-secret
+    - this-is-another-old-secret
+  # A secret that is used to encrypt cookie sessions. Defaults to secrets.system. It is recommended to use
+  #	a separate secret in production.
+  #
+  # The first item in the list is used for signing and encryption. The whole list is used for verifying signatures
+  # and decryption.
+  cookie:
+    - this-is-the-primary-secret
+    - this-is-an-old-secret
+    - this-is-another-old-secret
+
+# Enables profiling if set. Use "cpu" to enable cpu profiling and "mem" to enable memory profiling. For more details
+# on profiling, head over to: https://blog.golang.org/profiling-go-programs
+profiling: cpu
+# profiling: mem
+
+# Ory Hydra supports distributed tracing.
+tracing:
+  # Set this to the tracing backend you wish to use. Currently supports jaeger. If omitted or empty, tracing will
+  # be disabled.
+  provider: jaeger
+  # Specifies the service name to use on the tracer.
+  service_name: Ory Hydra
+  providers:
+    # Configures the jaeger tracing backend.
+    jaeger:
+      # The address of the jaeger-agent where spans should be sent to
+      local_agent_address: 127.0.0.1:6831
+      sampling:
+        # The value passed to the sampler type that has been configured.
+        # Supported values: This is dependant on the sampling strategy used:
+        # - const: 0 or 1 (all or nothing)
+        # - rateLimiting: a constant rate (e.g. setting this to 3 will sample requests with the rate of 3 traces per second)
+        # - probabilistic: a value between 0..1
+        trace_id_ratio: 1.0
+        # The address of jaeger-agent's HTTP sampling server
+        server_url: http://localhost:5778/sampling
--- a/ldap-hyda/docker-compose.yml
+++ b/ldap-hyda/docker-compose.yml
@ -0,0 +1,80 @@
+version: "3"
+services:
+    hydra-client: 
+        image: hydra-home # oryd/hydra:v2.2.0
+        container_name: hydra-client
+        environment:
+            HYDRA_ADMIN_URL: http://hydra:4445
+            ORY_SDK_URL: http://hydra:4445
+        command:
+            - create
+            - oauth2-client
+            - --skip-consent
+            - --skip-logout-consent
+            - --skip-tls-verify
+            - --name
+            - test-client
+            - --secret
+            - oc-auth-got-secret
+            - --response-type
+            - id_token,token,code
+            - --grant-type
+            - implicit,refresh_token,authorization_code
+            - --scope
+            - openid,profile,email,roles
+            - --token-endpoint-auth-method
+            - client_secret_post
+            - --redirect-uri
+            - http://localhost:3000
+
+        networks:
+            - hydra-net
+            - catalog
+        deploy:
+            restart_policy:
+                condition: none
+        depends_on:
+            - hydra
+        healthcheck:
+            test: ["CMD", "curl", "-f", "http://hydra:4445"]
+            interval: 10s
+            timeout: 10s
+            retries: 10
+    hydra:
+        container_name: hydra
+        image: hydra-home # oryd/hydra:v2.2.0
+        environment:
+            SECRETS_SYSTEM: oc-auth-got-secret
+            LOG_LEAK_SENSITIVE_VALUES: true
+            URLS_SELF_ISSUER: http://hydra:4444
+            URLS_SELF_PUBLIC: http://hydra:4444
+            WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
+            WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
+            DSN: memory
+        command: serve all --dev
+        networks:
+            - hydra-net
+            - catalog
+        ports:
+            - "4444:4444"
+            - "4445:4445"
+        deploy:
+            restart_policy:
+                condition: on-failure
+    ldap:
+        image: pgarrett/ldap-alpine
+        container_name: ldap
+        volumes:
+            - "./ldap.ldif:/ldif/ldap.ldif"
+        networks:
+            - hydra-net
+            - catalog
+        ports:
+            - "389:389"
+        deploy:
+            restart_policy:
+                condition: on-failure
+networks:
+    hydra-net:
+    catalog:
+        external: true
--- a/ldap-hyda/ldap.ldif
+++ b/ldap-hyda/ldap.ldif
@ -0,0 +1,24 @@
+dn: uid=momo,ou=Users,dc=example,dc=com
+objectClass: inetOrgPerson
+cn: Kolya Gerasyimov
+sn: Gerasyimov
+uid: momo
+userPassword: 123
+mail: momo@example.com
+ou: Users
+
+dn: ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: AppRoles
+description: AppRoles
+
+dn: ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: organizationalunit
+ou: App1
+description: App1
+
+dn: cn=traveler,ou=App1,ou=AppRoles,dc=example,dc=com
+objectClass: groupofnames
+cn: traveler
+description: traveler
+member: uid=momo,ou=Users,dc=example,dc=com
--- a/main.go
+++ b/main.go
@ -1,41 +1,60 @@
 package main

 import (
+	"fmt"
 	"oc-auth/conf"
+	"oc-auth/infrastructure"
 	_ "oc-auth/routers"

 	oclib "cloud.o-forge.io/core/oc-lib"
+	"cloud.o-forge.io/core/oc-lib/tools"
 	beego "github.com/beego/beego/v2/server/web"
 )

 const appname = "oc-auth"

+// @securityDefinitions.apikey Bearer
+// @in header
+// @name Authorization
+// @description Type "Bearer" followed by a space and JWT token.
 func main() {
 	// Init the oc-lib
 	oclib.Init(appname)
-
 	// Load the right config file
 	o := oclib.GetConfLoader()

-	conf.GetConfig().NatsUrl = o.GetStringDefault("natsurl", "http://localhost:4080")
-	conf.GetConfig().NatsLogin = o.GetStringDefault("natslogin", "admin")
-	conf.GetConfig().NatsPassword = o.GetStringDefault("natspassword", "admin")
-	conf.GetConfig().OidcUrl = o.GetStringDefault("oidcurl", "admin")
+	conf.GetConfig().PVKPath = o.GetStringDefault("PVK_PATH", "./pvk.pem")
+	conf.GetConfig().ClientSecret = o.GetStringDefault("CLIENT_SECRET", "oc-auth-got-secret")

-	// feed the library with the loaded config
-	oclib.SetConfig(
-		o.GetStringDefault("MONGO_URL", "mongodb://127.0.0.1:27017"),
-		o.GetStringDefault("MONGO_DATABASE", "DC_myDC"),
-		"",
-		o.GetStringDefault("lokiurl", ""),
-		o.GetStringDefault("loglevel", "info"),
-	)
-	// Beego init
-	beego.BConfig.AppName = appname
-	beego.BConfig.Listen.HTTPPort = o.GetIntDefault("port", 8080)
-	beego.BConfig.WebConfig.DirectoryIndex = true
-	beego.BConfig.WebConfig.StaticDir["/swagger"] = "swagger"
+	conf.GetConfig().Auth = o.GetStringDefault("AUTH", "hydra")
+	conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
+	conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
+	conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
+	conf.GetConfig().PermissionConnectorHost = o.GetStringDefault("PERMISSION_CONNECTOR_HOST", "keto")
+	conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
+	conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)

+	// config LDAP
+	conf.GetConfig().LDAPEndpoints = o.GetStringDefault("LDAP_ENDPOINTS", "ldap:389")
+	conf.GetConfig().LDAPBindDN = o.GetStringDefault("LDAP_BINDDN", "cn=admin,dc=example,dc=com")
+	conf.GetConfig().LDAPBindPW = o.GetStringDefault("LDAP_BINDPW", "password")
+	conf.GetConfig().LDAPBaseDN = o.GetStringDefault("LDAP_BASEDN", "dc=example,dc=com")
+	conf.GetConfig().LDAPRoleBaseDN = o.GetStringDefault("LDAP_ROLE_BASEDN", "ou=AppRoles,dc=example,dc=com")
+
+	Discovery()
 	beego.Run()
-
+}
+func Discovery() {
+	fmt.Println("Discovered")
+	api := tools.API{}
+	addPermissions := func(m map[string]interface{}) {
+		conn := infrastructure.GetPermissionConnector()
+		for k, v := range m {
+			for _, p := range v.([]interface{}) {
+				conn.CreatePermission(k, p.(string), true)
+			}
+		}
+	}
+	api.ListenRouter(addPermissions)
+	tools.NewNATSCaller().SetNATSPub("api", tools.DISCOVERY, map[string]interface{}{})
 }
--- a/models/application.go
+++ b/models/application.go
@ -1,10 +0,0 @@
-package models
-
-// OpenId application
-type Application struct {
-	ClientId     string `json:"client_id,omitempty"`
-	ClientName   string `json:"client_name,omitempty"`
-	ClientSecret string `json:"client_secret,omitempty"`
-	AccessToken  string `json:"access_token,omitempty"`
-	CallbackUrl  string `json:"callback_url,omitempty"`
-}
--- a/models/auth.go
+++ b/models/auth.go
@ -1,12 +0,0 @@
-package models
-
-import (
-	"fmt"
-	"oc-auth/conf"
-)
-
-func init() {
-	c := conf.GetConfig()
-	// configure storage
-	fmt.Println(c.NatsUrl)
-}
--- a/models/registration.go
+++ b/models/registration.go
@ -1,137 +0,0 @@
-package models
-
-import (
-	"context"
-	"fmt"
-	"os"
-
-	client "github.com/ory/hydra-client-go"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/clientcredentials"
-)
-
-func CreateClient(clientId string, clientName string, clientSecret string) (string, string, error) {
-	tokenAuthMethod := "client_secret_post"
-	oAuth2Client := *client.NewOAuth2Client() // OAuth2Client |
-	oAuth2Client.SetClientId(clientId)
-	oAuth2Client.SetClientName(clientName)
-	oAuth2Client.SetClientSecret(clientSecret)
-	oAuth2Client.SetGrantTypes([]string{"client_credentials"})
-	oAuth2Client.TokenEndpointAuthMethod = &tokenAuthMethod
-
-	config := client.NewConfiguration()
-	config.Servers = client.ServerConfigurations{{URL: "http://127.0.0.1:4445"}}
-	client := client.NewAPIClient(config)
-
-	resp, _, err := client.AdminApi.CreateOAuth2Client(context.Background()).OAuth2Client(oAuth2Client).Execute()
-	if err != nil {
-		return "", "", err
-	}
-	return resp.GetClientId(), resp.GetClientSecret(), nil
-}
-
-func GetAccessToken(clientID, clientSecret string) (string, error) {
-	config := clientcredentials.Config{
-		ClientID:     clientID,
-		ClientSecret: clientSecret,
-		TokenURL:     "http://127.0.0.1:4444/oauth2/token",
-		AuthStyle:    oauth2.AuthStyleInParams,
-	}
-
-	token, err := config.Token(context.Background())
-	if err != nil {
-		fmt.Println("Error obtaining token:", err)
-		return "", err
-	}
-
-	return token.AccessToken, nil
-}
-
-func ListClients() {
-	configuration := client.NewConfiguration()
-	configuration.Servers = []client.ServerConfiguration{
-		{
-			URL: "http://localhost:4445", // Public API URL
-		},
-	}
-	apiClient := client.NewAPIClient(configuration)
-
-	limit := int64(20)
-	offset := int64(0)
-	clients, r, err := apiClient.AdminApi.ListOAuth2Clients(context.Background()).Limit(limit).Offset(offset).Execute()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListOAuth2Clients``: %v\n", err)
-		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
-	}
-	for i, c := range clients {
-		fmt.Fprintf(os.Stdout, "  %d : %s %s %s\n", i, *c.ClientId, c.GetClientName(), c.GetClientSecret())
-	}
-	fmt.Fprintf(os.Stdout, "We have %d clients\n", len(clients))
-}
-
-func DeleteClient(clientId string) {
-	configuration := client.NewConfiguration()
-	configuration.Servers = []client.ServerConfiguration{
-		{
-			URL: "http://localhost:4445", // Public API URL
-		},
-	}
-	apiClient := client.NewAPIClient(configuration)
-	r, err := apiClient.AdminApi.DeleteOAuth2Client(context.Background(), clientId).Execute()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteOAuth2Client``: %v\n", err)
-		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
-	}
-
-}
-
-func DeleteClients() {
-	configuration := client.NewConfiguration()
-	configuration.Servers = []client.ServerConfiguration{
-		{
-			URL: "http://localhost:4445", // Public API URL
-		},
-	}
-	apiClient := client.NewAPIClient(configuration)
-
-	limit := int64(20)
-	offset := int64(0)
-	clients, r, err := apiClient.AdminApi.ListOAuth2Clients(context.Background()).Limit(limit).Offset(offset).Execute()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListOAuth2Clients``: %v\n", err)
-		fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
-	}
-	for _, c := range clients {
-		fmt.Fprintf(os.Stdout, "  Deleting : %s %s %s\n", c.GetClientId(), c.GetClientName(), c.GetClientSecret())
-		r, err := apiClient.AdminApi.DeleteOAuth2Client(context.Background(), c.GetClientId()).Execute()
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteOAuth2Client``: %v\n", err)
-			fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
-		}
-		fmt.Fprintf(os.Stdout, "  Deleted: %s\n", c.GetClientId())
-	}
-	fmt.Fprintf(os.Stdout, "We deleted %d clients\n", len(clients))
-}
-
-func CreateCodeClient(clientId string) (string, string, error) {
-	config := client.NewConfiguration()
-	config.Servers = client.ServerConfigurations{{URL: "http://127.0.0.1:4445"}}
-	tokenAuthMethod := "client_secret_post"
-
-	oAuth2Client := *client.NewOAuth2Client() // OAuth2Client |
-	oAuth2Client.SetClientId(clientId + "_api")
-	oAuth2Client.SetGrantTypes([]string{"authorization_code", "refresh_token"})
-	oAuth2Client.SetResponseTypes([]string{"code", "id_token"})
-	oAuth2Client.SetScope("openid offline")
-	oAuth2Client.SetRedirectUris([]string{"http://127.0.0.1:5555/callback"})
-	oAuth2Client.TokenEndpointAuthMethod = &tokenAuthMethod
-
-	client := client.NewAPIClient(config)
-
-	resp, _, err := client.AdminApi.CreateOAuth2Client(context.Background()).OAuth2Client(oAuth2Client).Execute()
-	if err != nil {
-		return "", "", err
-	}
-
-	return resp.GetClientId(), resp.GetClientSecret(), nil
-}
--- a/BIN
+++ b/BIN
--- a/1
+++ b/1
@ -0,0 +1 @@
+{"namespace":"open-cloud","object":"test-role","relation":"-","subject_id":"oc-auth"}
--- a/routers/commentsRouter.go
+++ b/routers/commentsRouter.go
@ -7,51 +7,195 @@ import (

 func init() {

-    beego.GlobalControllerRouter["oc-auth/controllers:AuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:AuthController"],
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
        beego.ControllerComments{
-            Method: "Post",
-            Router: `/`,
+            Method: "Claims",
+            Router: `/claims`,
            AllowHTTPMethods: []string{"post"},
            MethodParams: param.Make(),
            Filters: nil,
            Params: nil})

-    beego.GlobalControllerRouter["oc-auth/controllers:AuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:AuthController"],
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
        beego.ControllerComments{
-            Method: "Get",
-            Router: `/:authId`,
+            Method: "InternalAuthForward",
+            Router: `/forward`,
            AllowHTTPMethods: []string{"get"},
            MethodParams: param.Make(),
            Filters: nil,
            Params: nil})

-    beego.GlobalControllerRouter["oc-auth/controllers:AuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:AuthController"],
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
        beego.ControllerComments{
-            Method: "Delete",
-            Router: `/:authId`,
+            Method: "Introspect",
+            Router: `/introspect`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
+        beego.ControllerComments{
+            Method: "LoginLDAP",
+            Router: `/ldap/login`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
+        beego.ControllerComments{
+            Method: "LogOutLDAP",
+            Router: `/ldap/logout`,
            AllowHTTPMethods: []string{"delete"},
            MethodParams: param.Make(),
            Filters: nil,
            Params: nil})

-    beego.GlobalControllerRouter["oc-auth/controllers:AuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:AuthController"],
+    beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:OAuthController"],
        beego.ControllerComments{
-            Method: "Find",
-            Router: `/find/:query`,
+            Method: "Refresh",
+            Router: `/refresh`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "GetAll",
+            Router: `/`,
            AllowHTTPMethods: []string{"get"},
            MethodParams: param.Make(),
            Filters: nil,
            Params: nil})

-    beego.GlobalControllerRouter["oc-auth/controllers:RegistrationController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RegistrationController"],
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "Get",
+            Router: `/:id/:relation[get]`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "Bind",
+            Router: `/:permission_id/:role_id/:relation`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "UnBind",
+            Router: `/:permission_id/:role_id/:relation`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "Clear",
+            Router: `/clear`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "GetByRole",
+            Router: `/role/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:PermissionController"],
+        beego.ControllerComments{
+            Method: "GetByUser",
+            Router: `/user/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "GetAll",
+            Router: `/`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
        beego.ControllerComments{
            Method: "Post",
-            Router: `/`,
+            Router: `/:id`,
            AllowHTTPMethods: []string{"post"},
            MethodParams: param.Make(),
            Filters: nil,
            Params: nil})

+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "Get",
+            Router: `/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "Delete",
+            Router: `/:id`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "Bind",
+            Router: `/:user_id/:role_id`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "UnBind",
+            Router: `/:user_id/:role_id`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "Clear",
+            Router: `/clear`,
+            AllowHTTPMethods: []string{"delete"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-auth/controllers:RoleController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:RoleController"],
+        beego.ControllerComments{
+            Method: "GetByUser",
+            Router: `/user/:id`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
    beego.GlobalControllerRouter["oc-auth/controllers:VersionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:VersionController"],
        beego.ControllerComments{
            Method: "GetAll",
@ -61,4 +205,13 @@ func init() {
            Filters: nil,
            Params: nil})

+    beego.GlobalControllerRouter["oc-auth/controllers:VersionController"] = append(beego.GlobalControllerRouter["oc-auth/controllers:VersionController"],
+        beego.ControllerComments{
+            Method: "Get",
+            Router: `/discovery`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
 }
--- a/routers/router.go
+++ b/routers/router.go
@ -17,12 +17,17 @@ func init() {
 	ns := beego.NewNamespace("/oc",
 		beego.NSNamespace("/auth",
 			beego.NSInclude(
-				&controllers.AuthController{},
+				&controllers.OAuthController{},
 			),
 		),
-		beego.NSNamespace("/registration",
+		beego.NSNamespace("/role",
 			beego.NSInclude(
-				&controllers.RegistrationController{},
+				&controllers.RoleController{},
+			),
+		),
+		beego.NSNamespace("/permission",
+			beego.NSInclude(
+				&controllers.PermissionController{},
 			),
 		),
 		beego.NSNamespace("/version",
@ -31,6 +36,5 @@ func init() {
 			),
 		),
 	)
-
 	beego.AddNamespace(ns)
 }
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@ -9,55 +9,248 @@
            "email": "admin@o-cloud.io"
        },
        "license": {
-            "name": "MIT",
-            "url": "https://opensource.org/license/mit"
+            "name": "AGPL",
+            "url": "https://www.gnu.org/licenses/agpl-3.0.html"
        }
    },
    "basePath": "/oc",
    "paths": {
-        "/auth/": {
+        "/auth/claims": {
            "post": {
                "tags": [
                    "auth"
                ],
-                "description": "create auths\n\u003cbr\u003e",
-                "operationId": "AuthController.Create",
+                "description": "enrich token with claims\n\u003cbr\u003e",
+                "operationId": "OAuthController.Claims",
                "parameters": [
                    {
                        "in": "body",
                        "name": "body",
-                        "description": "The auth content",
+                        "description": "The token info",
                        "required": true,
                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/models.auth"
-                            }
+                            "$ref": "#/definitions/models.Token"
                        }
                    }
                ],
                "responses": {
                    "200": {
-                        "description": "{string} models.auth.Id"
-                    },
-                    "403": {
-                        "description": "body is empty"
+                        "description": "{string}"
                    }
                }
            }
        },
-        "/auth/discover/{url}": {
+        "/auth/forward": {
            "get": {
                "tags": [
                    "auth"
                ],
-                "description": "find auth by authid\n\u003cbr\u003e",
-                "operationId": "AuthController.Get",
+                "description": "auth forward\n\u003cbr\u003e",
+                "operationId": "OAuthController.AuthForward",
+                "parameters": [
+                    {
+                        "in": "header",
+                        "name": "Authorization",
+                        "description": "auth token",
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The workflow content",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.workflow"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string}"
+                    }
+                }
+            }
+        },
+        "/auth/introspect": {
+            "get": {
+                "tags": [
+                    "auth"
+                ],
+                "description": "introspect token\n\u003cbr\u003e",
+                "operationId": "OAuthController.Introspection",
+                "parameters": [
+                    {
+                        "in": "header",
+                        "name": "Authorization",
+                        "description": "auth token",
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string}"
+                    }
+                }
+            }
+        },
+        "/auth/ldap/login": {
+            "post": {
+                "tags": [
+                    "auth"
+                ],
+                "description": "authenticate user\n\u003cbr\u003e",
+                "operationId": "OAuthController.Login",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The workflow content",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.workflow"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string}"
+                    }
+                }
+            }
+        },
+        "/auth/ldap/logout": {
+            "delete": {
+                "tags": [
+                    "auth"
+                ],
+                "description": "unauthenticate user\n\u003cbr\u003e",
+                "operationId": "OAuthController.Logout",
+                "parameters": [
+                    {
+                        "in": "header",
+                        "name": "Authorization",
+                        "description": "auth token",
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string}"
+                    }
+                }
+            }
+        },
+        "/auth/refresh": {
+            "post": {
+                "tags": [
+                    "auth"
+                ],
+                "description": "introspect token\n\u003cbr\u003e",
+                "operationId": "OAuthController.Introspection",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The token info",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/models.Token"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string}"
+                    }
+                }
+            }
+        },
+        "/permission/": {
+            "get": {
+                "tags": [
+                    "permission"
+                ],
+                "description": "find permissions\n\u003cbr\u003e",
+                "operationId": "PermissionController.GetAll",
+                "responses": {
+                    "200": {
+                        "description": "{permission} string"
+                    }
+                }
+            }
+        },
+        "/permission/clear": {
+            "delete": {
+                "tags": [
+                    "permission"
+                ],
+                "description": "clear the permission\n\u003cbr\u003e",
+                "operationId": "PermissionController.Clear",
+                "responses": {
+                    "200": {
+                        "description": "{string} delete success!"
+                    }
+                }
+            }
+        },
+        "/permission/role/{id}": {
+            "get": {
+                "tags": [
+                    "permission"
+                ],
+                "description": "find permission by role id\n\u003cbr\u003e",
+                "operationId": "PermissionController.GetByRole",
                "parameters": [
                    {
                        "in": "path",
-                        "name": "authId",
-                        "description": "the authid you want to get",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} string"
+                    }
+                }
+            }
+        },
+        "/permission/user/{id}": {
+            "get": {
+                "tags": [
+                    "permission"
+                ],
+                "description": "find permission by user id\n\u003cbr\u003e",
+                "operationId": "PermissionController.GetByUser",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} string"
+                    }
+                }
+            }
+        },
+        "/permission/{id}/{relation[get]}": {
+            "get": {
+                "tags": [
+                    "permission"
+                ],
+                "description": "find auth by permission\n\u003cbr\u003e",
+                "operationId": "PermissionController.Get",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the permission you want to get",
                        "required": true,
                        "type": "string"
                    }
@ -65,75 +258,187 @@
                "responses": {
                    "200": {
                        "description": "{auth} models.auth"
-                    },
-                    "403": {
-                        "description": ":authId is empty"
                    }
                }
            }
        },
-        "/auth/find/{query}": {
-            "get": {
+        "/permission/{permission_id}/{role_id}/{relation}": {
+            "post": {
                "tags": [
-                    "auth"
+                    "permission"
                ],
-                "description": "find auths with query\n\u003cbr\u003e",
-                "operationId": "AuthController.Find",
+                "description": "bind the permission to role\n\u003cbr\u003e",
+                "operationId": "PermissionController.Bind",
                "parameters": [
                    {
                        "in": "path",
-                        "name": "query",
-                        "description": "the keywords you need",
+                        "name": "role_id",
+                        "description": "The role_id you want to bind",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "method",
+                        "description": "The method you want to relate role \u0026 permission",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "permission_id",
+                        "description": "The permission_id you want to bind",
                        "required": true,
                        "type": "string"
                    }
                ],
                "responses": {
                    "200": {
-                        "description": "{auths} []models.auth"
-                    },
-                    "403": {
-                        "description": ""
-                    }
-                }
-            }
-        },
-        "/auth/{authId}": {
-            "get": {
-                "tags": [
-                    "auth"
-                ],
-                "description": "find auth by authid\n\u003cbr\u003e",
-                "operationId": "AuthController.Get",
-                "parameters": [
-                    {
-                        "in": "path",
-                        "name": "authId",
-                        "description": "the authid you want to get",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "{auth} models.auth"
-                    },
-                    "403": {
-                        "description": ":authId is empty"
+                        "description": "{string} bind success!"
                    }
                }
            },
            "delete": {
                "tags": [
-                    "auth"
+                    "permission"
                ],
-                "description": "delete the auth\n\u003cbr\u003e",
-                "operationId": "AuthController.Delete",
+                "description": "unbind the permission to role\n\u003cbr\u003e",
+                "operationId": "PermissionController.UnBind",
                "parameters": [
                    {
                        "in": "path",
-                        "name": "authId",
-                        "description": "The authId you want to delete",
+                        "name": "role_id",
+                        "description": "The role_id you want to unbind",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "relation",
+                        "description": "The method you want to unrelate role \u0026 permission",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "permission_id",
+                        "description": "The permission_id you want to unbind",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string} bind success!"
+                    }
+                }
+            }
+        },
+        "/role/": {
+            "get": {
+                "tags": [
+                    "role"
+                ],
+                "description": "find roles\n\u003cbr\u003e",
+                "operationId": "RoleController.GetAll",
+                "responses": {
+                    "200": {
+                        "description": "{role} string"
+                    }
+                }
+            }
+        },
+        "/role/clear": {
+            "delete": {
+                "tags": [
+                    "role"
+                ],
+                "description": "clear the role\n\u003cbr\u003e",
+                "operationId": "RoleController.Clear",
+                "responses": {
+                    "200": {
+                        "description": "{string} delete success!"
+                    }
+                }
+            }
+        },
+        "/role/user/{id}": {
+            "get": {
+                "tags": [
+                    "role"
+                ],
+                "description": "find role by user id\n\u003cbr\u003e",
+                "operationId": "RoleController.GetByUser",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} string"
+                    }
+                }
+            }
+        },
+        "/role/{id}": {
+            "get": {
+                "tags": [
+                    "role"
+                ],
+                "description": "find role by id\n\u003cbr\u003e",
+                "operationId": "RoleController.Get",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{role} string"
+                    }
+                }
+            },
+            "post": {
+                "tags": [
+                    "role"
+                ],
+                "description": "create role\n\u003cbr\u003e",
+                "operationId": "RoleController.Create",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the id you want to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{auth} create success!"
+                    }
+                }
+            },
+            "delete": {
+                "tags": [
+                    "role"
+                ],
+                "description": "delete the role\n\u003cbr\u003e",
+                "operationId": "RoleController.Delete",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "The id you want to delete",
                        "required": true,
                        "type": "string"
                    }
@ -141,37 +446,64 @@
                "responses": {
                    "200": {
                        "description": "{string} delete success!"
-                    },
-                    "403": {
-                        "description": "authId is empty"
                    }
                }
            }
        },
-        "/registration/": {
+        "/role/{user_id}/{role_id}": {
            "post": {
                "tags": [
-                    "registration"
+                    "role"
                ],
-                "description": "create auths\n\u003cbr\u003e",
-                "operationId": "RegistrationController.Create",
+                "description": "bind the role to user\n\u003cbr\u003e",
+                "operationId": "RoleController.Bind",
                "parameters": [
                    {
-                        "in": "body",
-                        "name": "body",
-                        "description": "The app info",
+                        "in": "path",
+                        "name": "user_id",
+                        "description": "The user_id you want to bind",
                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/models.Application"
-                        }
+                        "type": "string"
+                    },
+                    {
+                        "in": "path",
+                        "name": "role_id",
+                        "description": "The role_id you want to bind",
+                        "required": true,
+                        "type": "string"
                    }
                ],
                "responses": {
                    "200": {
-                        "description": "{string} models.auth.Id"
+                        "description": "{string} bind success!"
+                    }
+                }
+            },
+            "delete": {
+                "tags": [
+                    "role"
+                ],
+                "description": "unbind the role to user\n\u003cbr\u003e",
+                "operationId": "RoleController.UnBind",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "role_id",
+                        "description": "The role_id you want to unbind",
+                        "required": true,
+                        "type": "string"
                    },
-                    "403": {
-                        "description": "body is empty"
+                    {
+                        "in": "path",
+                        "name": "user_id",
+                        "description": "The user_id you want to unbind",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "{string} bind success!"
                    }
                }
            }
@ -189,32 +521,29 @@
                    }
                }
            }
+        },
+        "/version/discovery": {
+            "get": {
+                "tags": [
+                    "version"
+                ],
+                "description": "get version\n\u003cbr\u003e",
+                "operationId": "VersionController.Get",
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            }
        }
    },
    "definitions": {
-        "models.Application": {
-            "title": "Application",
-            "type": "object",
-            "properties": {
-                "access_token": {
-                    "type": "string"
-                },
-                "callback_url": {
-                    "type": "string"
-                },
-                "client_id": {
-                    "type": "string"
-                },
-                "client_name": {
-                    "type": "string"
-                },
-                "client_secret": {
-                    "type": "string"
-                }
-            }
+        "models.Token": {
+            "title": "Token",
+            "type": "object"
        },
-        "models.auth": {
-            "title": "auth",
+        "models.workflow": {
+            "title": "workflow",
            "type": "object"
        }
    },
@ -224,7 +553,11 @@
            "description": "Operations about auth\n"
        },
        {
-            "name": "registration",
+            "name": "role",
+            "description": "Operations about auth\n"
+        },
+        {
+            "name": "permission",
            "description": "Operations about auth\n"
        },
        {
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@ -8,127 +8,375 @@ info:
  contact:
    email: admin@o-cloud.io
  license:
-    name: MIT
-    url: https://opensource.org/license/mit
+    name: AGPL
+    url: https://www.gnu.org/licenses/agpl-3.0.html
 basePath: /oc
 paths:
-  /auth/:
+  /auth/claims:
    post:
      tags:
      - auth
      description: |-
-        create auths
+        enrich token with claims
        <br>
-      operationId: AuthController.Create
+      operationId: OAuthController.Claims
      parameters:
      - in: body
        name: body
-        description: The auth content
+        description: The token info
        required: true
        schema:
-          type: array
-          items:
-            $ref: '#/definitions/models.auth'
+          $ref: '#/definitions/models.Token'
      responses:
        "200":
-          description: '{string} models.auth.Id'
-        "403":
-          description: body is empty
-  /auth/{authId}:
+          description: '{string}'
+  /auth/forward:
    get:
      tags:
      - auth
      description: |-
-        find auth by authid
+        auth forward
        <br>
-      operationId: AuthController.Get
+      operationId: OAuthController.AuthForward
+      parameters:
+      - in: header
+        name: Authorization
+        description: auth token
+        type: string
+      - in: body
+        name: body
+        description: The workflow content
+        required: true
+        schema:
+          $ref: '#/definitions/models.workflow'
+      responses:
+        "200":
+          description: '{string}'
+  /auth/introspect:
+    get:
+      tags:
+      - auth
+      description: |-
+        introspect token
+        <br>
+      operationId: OAuthController.Introspection
+      parameters:
+      - in: header
+        name: Authorization
+        description: auth token
+        type: string
+      responses:
+        "200":
+          description: '{string}'
+  /auth/ldap/login:
+    post:
+      tags:
+      - auth
+      description: |-
+        authenticate user
+        <br>
+      operationId: OAuthController.Login
+      parameters:
+      - in: body
+        name: body
+        description: The workflow content
+        required: true
+        schema:
+          $ref: '#/definitions/models.workflow'
+      responses:
+        "200":
+          description: '{string}'
+  /auth/ldap/logout:
+    delete:
+      tags:
+      - auth
+      description: |-
+        unauthenticate user
+        <br>
+      operationId: OAuthController.Logout
+      parameters:
+      - in: header
+        name: Authorization
+        description: auth token
+        type: string
+      responses:
+        "200":
+          description: '{string}'
+  /auth/refresh:
+    post:
+      tags:
+      - auth
+      description: |-
+        introspect token
+        <br>
+      operationId: OAuthController.Introspection
+      parameters:
+      - in: body
+        name: body
+        description: The token info
+        required: true
+        schema:
+          $ref: '#/definitions/models.Token'
+      responses:
+        "200":
+          description: '{string}'
+  /permission/:
+    get:
+      tags:
+      - permission
+      description: |-
+        find permissions
+        <br>
+      operationId: PermissionController.GetAll
+      responses:
+        "200":
+          description: '{permission} string'
+  /permission/{id}/{relation[get]}:
+    get:
+      tags:
+      - permission
+      description: |-
+        find auth by permission
+        <br>
+      operationId: PermissionController.Get
      parameters:
      - in: path
-        name: authId
-        description: the authid you want to get
+        name: id
+        description: the permission you want to get
        required: true
        type: string
      responses:
        "200":
          description: '{auth} models.auth'
-        "403":
-          description: :authId is empty
-    delete:
+  /permission/{permission_id}/{role_id}/{relation}:
+    post:
      tags:
-      - auth
+      - permission
      description: |-
-        delete the auth
+        bind the permission to role
        <br>
-      operationId: AuthController.Delete
+      operationId: PermissionController.Bind
      parameters:
      - in: path
-        name: authId
-        description: The authId you want to delete
+        name: role_id
+        description: The role_id you want to bind
+        required: true
+        type: string
+      - in: path
+        name: method
+        description: The method you want to relate role & permission
+        required: true
+        type: string
+      - in: path
+        name: permission_id
+        description: The permission_id you want to bind
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} bind success!'
+    delete:
+      tags:
+      - permission
+      description: |-
+        unbind the permission to role
+        <br>
+      operationId: PermissionController.UnBind
+      parameters:
+      - in: path
+        name: role_id
+        description: The role_id you want to unbind
+        required: true
+        type: string
+      - in: path
+        name: relation
+        description: The method you want to unrelate role & permission
+        required: true
+        type: string
+      - in: path
+        name: permission_id
+        description: The permission_id you want to unbind
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} bind success!'
+  /permission/clear:
+    delete:
+      tags:
+      - permission
+      description: |-
+        clear the permission
+        <br>
+      operationId: PermissionController.Clear
+      responses:
+        "200":
+          description: '{string} delete success!'
+  /permission/role/{id}:
+    get:
+      tags:
+      - permission
+      description: |-
+        find permission by role id
+        <br>
+      operationId: PermissionController.GetByRole
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} string'
+  /permission/user/{id}:
+    get:
+      tags:
+      - permission
+      description: |-
+        find permission by user id
+        <br>
+      operationId: PermissionController.GetByUser
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} string'
+  /role/:
+    get:
+      tags:
+      - role
+      description: |-
+        find roles
+        <br>
+      operationId: RoleController.GetAll
+      responses:
+        "200":
+          description: '{role} string'
+  /role/{id}:
+    get:
+      tags:
+      - role
+      description: |-
+        find role by id
+        <br>
+      operationId: RoleController.Get
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{role} string'
+    post:
+      tags:
+      - role
+      description: |-
+        create role
+        <br>
+      operationId: RoleController.Create
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} create success!'
+    delete:
+      tags:
+      - role
+      description: |-
+        delete the role
+        <br>
+      operationId: RoleController.Delete
+      parameters:
+      - in: path
+        name: id
+        description: The id you want to delete
        required: true
        type: string
      responses:
        "200":
          description: '{string} delete success!'
-        "403":
-          description: authId is empty
-  /auth/discover/{url}:
-    get:
-      tags:
-      - auth
-      description: |-
-        find auth by authid
-        <br>
-      operationId: AuthController.Get
-      parameters:
-      - in: path
-        name: authId
-        description: the authid you want to get
-        required: true
-        type: string
-      responses:
-        "200":
-          description: '{auth} models.auth'
-        "403":
-          description: :authId is empty
-  /auth/find/{query}:
-    get:
-      tags:
-      - auth
-      description: |-
-        find auths with query
-        <br>
-      operationId: AuthController.Find
-      parameters:
-      - in: path
-        name: query
-        description: the keywords you need
-        required: true
-        type: string
-      responses:
-        "200":
-          description: '{auths} []models.auth'
-        "403":
-          description: ""
-  /registration/:
+  /role/{user_id}/{role_id}:
    post:
      tags:
-      - registration
+      - role
      description: |-
-        create auths
+        bind the role to user
        <br>
-      operationId: RegistrationController.Create
+      operationId: RoleController.Bind
      parameters:
-      - in: body
-        name: body
-        description: The app info
+      - in: path
+        name: user_id
+        description: The user_id you want to bind
        required: true
-        schema:
-          $ref: '#/definitions/models.Application'
+        type: string
+      - in: path
+        name: role_id
+        description: The role_id you want to bind
+        required: true
+        type: string
      responses:
        "200":
-          description: '{string} models.auth.Id'
-        "403":
-          description: body is empty
+          description: '{string} bind success!'
+    delete:
+      tags:
+      - role
+      description: |-
+        unbind the role to user
+        <br>
+      operationId: RoleController.UnBind
+      parameters:
+      - in: path
+        name: role_id
+        description: The role_id you want to unbind
+        required: true
+        type: string
+      - in: path
+        name: user_id
+        description: The user_id you want to unbind
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{string} bind success!'
+  /role/clear:
+    delete:
+      tags:
+      - role
+      description: |-
+        clear the role
+        <br>
+      operationId: RoleController.Clear
+      responses:
+        "200":
+          description: '{string} delete success!'
+  /role/user/{id}:
+    get:
+      tags:
+      - role
+      description: |-
+        find role by user id
+        <br>
+      operationId: RoleController.GetByUser
+      parameters:
+      - in: path
+        name: id
+        description: the id you want to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: '{auth} string'
  /version/:
    get:
      tags:
@ -140,29 +388,32 @@ paths:
      responses:
        "200":
          description: ""
+  /version/discovery:
+    get:
+      tags:
+      - version
+      description: |-
+        get version
+        <br>
+      operationId: VersionController.Get
+      responses:
+        "200":
+          description: ""
 definitions:
-  models.Application:
-    title: Application
+  models.Token:
+    title: Token
    type: object
-    properties:
-      access_token:
-        type: string
-      callback_url:
-        type: string
-      client_id:
-        type: string
-      client_name:
-        type: string
-      client_secret:
-        type: string
-  models.auth:
-    title: auth
+  models.workflow:
+    title: workflow
    type: object
 tags:
 - name: auth
  description: |
    Operations about auth
- name: registration
+- name: role
+  description: |
+    Operations about auth
+- name: permission
  description: |
    Operations about auth
 - name: version
				`@ -0,0 +1 @@`
				`{"namespace":"open-cloud","object":"test-role","relation":"-","subject_id":"oc-auth"}`