refactor: auth service

proto/api/v1/auth_service.proto

@@ -4,26 +4,40 @@ package memos.api.v1;
 
 import "api/v1/user_service.proto";
 import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
 import "google/protobuf/empty.proto";
 
 option go_package = "gen/api/v1";
 
 service AuthService {
-  // GetAuthStatus returns the current auth status of the user.
+  // GetAuthStatus returns the current authentication status of the user.
+  // This method is idempotent and safe, suitable for checking authentication state.
   rpc GetAuthStatus(GetAuthStatusRequest) returns (User) {
-    option (google.api.http) = {post: "/api/v1/auth/status"};
+    option (google.api.http) = {get: "/api/v1/auth/status"};
   }
-  // SignIn signs in the user.
-  rpc SignIn(SignInRequest) returns (User) {
-    option (google.api.http) = {post: "/api/v1/auth/signin"};
+
+  // CreateSession authenticates a user and creates a new session.
+  // Returns the authenticated user information upon successful authentication.
+  rpc CreateSession(CreateSessionRequest) returns (User) {
+    option (google.api.http) = {
+      post: "/api/v1/auth/sessions"
+      body: "*"
+    };
   }
-  // SignUp signs up the user with the given username and password.
-  rpc SignUp(SignUpRequest) returns (User) {
-    option (google.api.http) = {post: "/api/v1/auth/signup"};
+
+  // RegisterUser creates a new user account with username and password.
+  // Returns the newly created user information upon successful registration.
+  rpc RegisterUser(RegisterUserRequest) returns (User) {
+    option (google.api.http) = {
+      post: "/api/v1/auth/users"
+      body: "*"
+    };
   }
-  // SignOut signs out the user.
-  rpc SignOut(SignOutRequest) returns (google.protobuf.Empty) {
-    option (google.api.http) = {post: "/api/v1/auth/signout"};
+
+  // DeleteSession terminates the current user session.
+  // This is an idempotent operation that invalidates the user's authentication.
+  rpc DeleteSession(DeleteSessionRequest) returns (google.protobuf.Empty) {
+    option (google.api.http) = {delete: "/api/v1/auth/sessions/current"};
   }
 }
 
@@ -33,8 +47,9 @@ message GetAuthStatusResponse {
   User user = 1;
 }
 
-message SignInRequest {
+message CreateSessionRequest {
   // Provide one authentication method (username/password or SSO).
+  // Required field to specify the authentication method.
   oneof method {
     // Username and password authentication method.
     PasswordCredentials password_credentials = 1;
@@ -42,31 +57,44 @@ message SignInRequest {
     // SSO provider authentication method.
     SSOCredentials sso_credentials = 2;
   }
+
   // Whether the session should never expire.
-  bool never_expire = 3;
+  // Optional field that defaults to false for security.
+  bool never_expire = 3 [(google.api.field_behavior) = OPTIONAL];
 }
 
 message PasswordCredentials {
   // The username to sign in with.
-  string username = 1;
+  // Required field for password-based authentication.
+  string username = 1 [(google.api.field_behavior) = REQUIRED];
+
   // The password to sign in with.
-  string password = 2;
+  // Required field for password-based authentication.
+  string password = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
 message SSOCredentials {
   // The ID of the SSO provider.
-  int32 idp_id = 1;
-  // The code to sign in with.
-  string code = 2;
-  // The redirect URI.
-  string redirect_uri = 3;
+  // Required field to identify the SSO provider.
+  int32 idp_id = 1 [(google.api.field_behavior) = REQUIRED];
+
+  // The authorization code from the SSO provider.
+  // Required field for completing the SSO flow.
+  string code = 2 [(google.api.field_behavior) = REQUIRED];
+
+  // The redirect URI used in the SSO flow.
+  // Required field for security validation.
+  string redirect_uri = 3 [(google.api.field_behavior) = REQUIRED];
 }
 
-message SignUpRequest {
+message RegisterUserRequest {
   // The username to sign up with.
-  string username = 1;
+  // Required field that must be unique across the system.
+  string username = 1 [(google.api.field_behavior) = REQUIRED];
+
   // The password to sign up with.
-  string password = 2;
+  // Required field that should meet security requirements.
+  string password = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
-message SignOutRequest {}
+message DeleteSessionRequest {}

proto/api/v1/markdown_service.proto

@@ -3,68 +3,88 @@ syntax = "proto3";
 package memos.api.v1;
 
 import "google/api/annotations.proto";
+import "google/api/field_behavior.proto";
 
 option go_package = "gen/api/v1";
 
 service MarkdownService {
   // ParseMarkdown parses the given markdown content and returns a list of nodes.
+  // This is a utility method that transforms markdown text into structured nodes.
   rpc ParseMarkdown(ParseMarkdownRequest) returns (ParseMarkdownResponse) {
     option (google.api.http) = {
       post: "/api/v1/markdown:parse"
       body: "*"
     };
   }
+
   // RestoreMarkdownNodes restores the given nodes to markdown content.
+  // This is the inverse operation of ParseMarkdown.
   rpc RestoreMarkdownNodes(RestoreMarkdownNodesRequest) returns (RestoreMarkdownNodesResponse) {
     option (google.api.http) = {
-      post: "/api/v1/markdown/node:restore"
+      post: "/api/v1/markdown:restore"
       body: "*"
     };
   }
+
   // StringifyMarkdownNodes stringify the given nodes to plain text content.
+  // This removes all markdown formatting and returns plain text.
   rpc StringifyMarkdownNodes(StringifyMarkdownNodesRequest) returns (StringifyMarkdownNodesResponse) {
     option (google.api.http) = {
-      post: "/api/v1/markdown/node:stringify"
+      post: "/api/v1/markdown:stringify"
       body: "*"
     };
   }
+
   // GetLinkMetadata returns metadata for a given link.
+  // This is useful for generating link previews.
   rpc GetLinkMetadata(GetLinkMetadataRequest) returns (LinkMetadata) {
-    option (google.api.http) = {get: "/api/v1/markdown/link:metadata"};
+    option (google.api.http) = {get: "/api/v1/markdown/links:getMetadata"};
   }
 }
 
 message ParseMarkdownRequest {
-  string markdown = 1;
+  // The markdown content to parse.
+  string markdown = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
 message ParseMarkdownResponse {
+  // The parsed markdown nodes.
   repeated Node nodes = 1;
 }
 
 message RestoreMarkdownNodesRequest {
-  repeated Node nodes = 1;
+  // The nodes to restore to markdown content.
+  repeated Node nodes = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
 message RestoreMarkdownNodesResponse {
+  // The restored markdown content.
   string markdown = 1;
 }
 
 message StringifyMarkdownNodesRequest {
-  repeated Node nodes = 1;
+  // The nodes to stringify to plain text.
+  repeated Node nodes = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
 message StringifyMarkdownNodesResponse {
+  // The plain text content.
   string plain_text = 1;
 }
 
 message GetLinkMetadataRequest {
-  string link = 1;
+  // The link URL to get metadata for.
+  string link = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
 message LinkMetadata {
+  // The title of the linked page.
   string title = 1;
+
+  // The description of the linked page.
   string description = 2;
+
+  // The URL of the preview image for the linked page.
   string image = 3;
 }
 
@@ -218,7 +238,10 @@ message TableNode {
 }
 
 message EmbeddedContentNode {
+  // The resource name of the embedded content.
   string resource_name = 1;
+
+  // Additional parameters for the embedded content.
   string params = 2;
 }
 
@@ -289,7 +312,10 @@ message SuperscriptNode {
 }
 
 message ReferencedContentNode {
+  // The resource name of the referenced content.
   string resource_name = 1;
+
+  // Additional parameters for the referenced content.
   string params = 2;
 }
 

proto/gen/api/v1/auth_service.pb.go

@@ -103,35 +103,37 @@ func (x *GetAuthStatusResponse) GetUser() *User {
 	return nil
 }
 
-type SignInRequest struct {
+type CreateSessionRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
 	// Provide one authentication method (username/password or SSO).
+	// Required field to specify the authentication method.
 	//
 	// Types that are valid to be assigned to Method:
 	//
-	//	*SignInRequest_PasswordCredentials
-	//	*SignInRequest_SsoCredentials
-	Method isSignInRequest_Method `protobuf_oneof:"method"`
+	//	*CreateSessionRequest_PasswordCredentials
+	//	*CreateSessionRequest_SsoCredentials
+	Method isCreateSessionRequest_Method `protobuf_oneof:"method"`
 	// Whether the session should never expire.
+	// Optional field that defaults to false for security.
 	NeverExpire   bool `protobuf:"varint,3,opt,name=never_expire,json=neverExpire,proto3" json:"never_expire,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 
-func (x *SignInRequest) Reset() {
-	*x = SignInRequest{}
+func (x *CreateSessionRequest) Reset() {
+	*x = CreateSessionRequest{}
 	mi := &file_api_v1_auth_service_proto_msgTypes[2]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 
-func (x *SignInRequest) String() string {
+func (x *CreateSessionRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*SignInRequest) ProtoMessage() {}
+func (*CreateSessionRequest) ProtoMessage() {}
 
-func (x *SignInRequest) ProtoReflect() protoreflect.Message {
+func (x *CreateSessionRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v1_auth_service_proto_msgTypes[2]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -143,66 +145,68 @@ func (x *SignInRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use SignInRequest.ProtoReflect.Descriptor instead.
-func (*SignInRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use CreateSessionRequest.ProtoReflect.Descriptor instead.
+func (*CreateSessionRequest) Descriptor() ([]byte, []int) {
 	return file_api_v1_auth_service_proto_rawDescGZIP(), []int{2}
 }
 
-func (x *SignInRequest) GetMethod() isSignInRequest_Method {
+func (x *CreateSessionRequest) GetMethod() isCreateSessionRequest_Method {
 	if x != nil {
 		return x.Method
 	}
 	return nil
 }
 
-func (x *SignInRequest) GetPasswordCredentials() *PasswordCredentials {
+func (x *CreateSessionRequest) GetPasswordCredentials() *PasswordCredentials {
 	if x != nil {
-		if x, ok := x.Method.(*SignInRequest_PasswordCredentials); ok {
+		if x, ok := x.Method.(*CreateSessionRequest_PasswordCredentials); ok {
 			return x.PasswordCredentials
 		}
 	}
 	return nil
 }
 
-func (x *SignInRequest) GetSsoCredentials() *SSOCredentials {
+func (x *CreateSessionRequest) GetSsoCredentials() *SSOCredentials {
 	if x != nil {
-		if x, ok := x.Method.(*SignInRequest_SsoCredentials); ok {
+		if x, ok := x.Method.(*CreateSessionRequest_SsoCredentials); ok {
 			return x.SsoCredentials
 		}
 	}
 	return nil
 }
 
-func (x *SignInRequest) GetNeverExpire() bool {
+func (x *CreateSessionRequest) GetNeverExpire() bool {
 	if x != nil {
 		return x.NeverExpire
 	}
 	return false
 }
 
-type isSignInRequest_Method interface {
-	isSignInRequest_Method()
+type isCreateSessionRequest_Method interface {
+	isCreateSessionRequest_Method()
 }
 
-type SignInRequest_PasswordCredentials struct {
+type CreateSessionRequest_PasswordCredentials struct {
 	// Username and password authentication method.
 	PasswordCredentials *PasswordCredentials `protobuf:"bytes,1,opt,name=password_credentials,json=passwordCredentials,proto3,oneof"`
 }
 
-type SignInRequest_SsoCredentials struct {
+type CreateSessionRequest_SsoCredentials struct {
 	// SSO provider authentication method.
 	SsoCredentials *SSOCredentials `protobuf:"bytes,2,opt,name=sso_credentials,json=ssoCredentials,proto3,oneof"`
 }
 
-func (*SignInRequest_PasswordCredentials) isSignInRequest_Method() {}
+func (*CreateSessionRequest_PasswordCredentials) isCreateSessionRequest_Method() {}
 
-func (*SignInRequest_SsoCredentials) isSignInRequest_Method() {}
+func (*CreateSessionRequest_SsoCredentials) isCreateSessionRequest_Method() {}
 
 type PasswordCredentials struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
 	// The username to sign in with.
+	// Required field for password-based authentication.
 	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	// The password to sign in with.
+	// Required field for password-based authentication.
 	Password      string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -255,10 +259,13 @@ func (x *PasswordCredentials) GetPassword() string {
 type SSOCredentials struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
 	// The ID of the SSO provider.
+	// Required field to identify the SSO provider.
 	IdpId int32 `protobuf:"varint,1,opt,name=idp_id,json=idpId,proto3" json:"idp_id,omitempty"`
-	// The code to sign in with.
+	// The authorization code from the SSO provider.
+	// Required field for completing the SSO flow.
 	Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
-	// The redirect URI.
+	// The redirect URI used in the SSO flow.
+	// Required field for security validation.
 	RedirectUri   string `protobuf:"bytes,3,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -315,30 +322,32 @@ func (x *SSOCredentials) GetRedirectUri() string {
 	return ""
 }
 
-type SignUpRequest struct {
+type RegisterUserRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
 	// The username to sign up with.
+	// Required field that must be unique across the system.
 	Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"`
 	// The password to sign up with.
+	// Required field that should meet security requirements.
 	Password      string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 
-func (x *SignUpRequest) Reset() {
-	*x = SignUpRequest{}
+func (x *RegisterUserRequest) Reset() {
+	*x = RegisterUserRequest{}
 	mi := &file_api_v1_auth_service_proto_msgTypes[5]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 
-func (x *SignUpRequest) String() string {
+func (x *RegisterUserRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*SignUpRequest) ProtoMessage() {}
+func (*RegisterUserRequest) ProtoMessage() {}
 
-func (x *SignUpRequest) ProtoReflect() protoreflect.Message {
+func (x *RegisterUserRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v1_auth_service_proto_msgTypes[5]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -350,45 +359,45 @@ func (x *SignUpRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use SignUpRequest.ProtoReflect.Descriptor instead.
-func (*SignUpRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use RegisterUserRequest.ProtoReflect.Descriptor instead.
+func (*RegisterUserRequest) Descriptor() ([]byte, []int) {
 	return file_api_v1_auth_service_proto_rawDescGZIP(), []int{5}
 }
 
-func (x *SignUpRequest) GetUsername() string {
+func (x *RegisterUserRequest) GetUsername() string {
 	if x != nil {
 		return x.Username
 	}
 	return ""
 }
 
-func (x *SignUpRequest) GetPassword() string {
+func (x *RegisterUserRequest) GetPassword() string {
 	if x != nil {
 		return x.Password
 	}
 	return ""
 }
 
-type SignOutRequest struct {
+type DeleteSessionRequest struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
 
-func (x *SignOutRequest) Reset() {
-	*x = SignOutRequest{}
+func (x *DeleteSessionRequest) Reset() {
+	*x = DeleteSessionRequest{}
 	mi := &file_api_v1_auth_service_proto_msgTypes[6]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
 }
 
-func (x *SignOutRequest) String() string {
+func (x *DeleteSessionRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*SignOutRequest) ProtoMessage() {}
+func (*DeleteSessionRequest) ProtoMessage() {}
 
-func (x *SignOutRequest) ProtoReflect() protoreflect.Message {
+func (x *DeleteSessionRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_api_v1_auth_service_proto_msgTypes[6]
 	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -400,8 +409,8 @@ func (x *SignOutRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use SignOutRequest.ProtoReflect.Descriptor instead.
-func (*SignOutRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use DeleteSessionRequest.ProtoReflect.Descriptor instead.
+func (*DeleteSessionRequest) Descriptor() ([]byte, []int) {
 	return file_api_v1_auth_service_proto_rawDescGZIP(), []int{6}
 }
 
@@ -409,31 +418,31 @@ var File_api_v1_auth_service_proto protoreflect.FileDescriptor
 
 const file_api_v1_auth_service_proto_rawDesc = "" +
 	"\n" +
-	"\x19api/v1/auth_service.proto\x12\fmemos.api.v1\x1a\x19api/v1/user_service.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x1bgoogle/protobuf/empty.proto\"\x16\n" +
+	"\x19api/v1/auth_service.proto\x12\fmemos.api.v1\x1a\x19api/v1/user_service.proto\x1a\x1cgoogle/api/annotations.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x1bgoogle/protobuf/empty.proto\"\x16\n" +
 	"\x14GetAuthStatusRequest\"?\n" +
 	"\x15GetAuthStatusResponse\x12&\n" +
-	"\x04user\x18\x01 \x01(\v2\x12.memos.api.v1.UserR\x04user\"\xdd\x01\n" +
-	"\rSignInRequest\x12V\n" +
+	"\x04user\x18\x01 \x01(\v2\x12.memos.api.v1.UserR\x04user\"\xe9\x01\n" +
+	"\x14CreateSessionRequest\x12V\n" +
 	"\x14password_credentials\x18\x01 \x01(\v2!.memos.api.v1.PasswordCredentialsH\x00R\x13passwordCredentials\x12G\n" +
-	"\x0fsso_credentials\x18\x02 \x01(\v2\x1c.memos.api.v1.SSOCredentialsH\x00R\x0essoCredentials\x12!\n" +
-	"\fnever_expire\x18\x03 \x01(\bR\vneverExpireB\b\n" +
-	"\x06method\"M\n" +
-	"\x13PasswordCredentials\x12\x1a\n" +
-	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
-	"\bpassword\x18\x02 \x01(\tR\bpassword\"^\n" +
-	"\x0eSSOCredentials\x12\x15\n" +
-	"\x06idp_id\x18\x01 \x01(\x05R\x05idpId\x12\x12\n" +
-	"\x04code\x18\x02 \x01(\tR\x04code\x12!\n" +
-	"\fredirect_uri\x18\x03 \x01(\tR\vredirectUri\"G\n" +
-	"\rSignUpRequest\x12\x1a\n" +
-	"\busername\x18\x01 \x01(\tR\busername\x12\x1a\n" +
-	"\bpassword\x18\x02 \x01(\tR\bpassword\"\x10\n" +
-	"\x0eSignOutRequest2\x82\x03\n" +
+	"\x0fsso_credentials\x18\x02 \x01(\v2\x1c.memos.api.v1.SSOCredentialsH\x00R\x0essoCredentials\x12&\n" +
+	"\fnever_expire\x18\x03 \x01(\bB\x03\xe0A\x01R\vneverExpireB\b\n" +
+	"\x06method\"W\n" +
+	"\x13PasswordCredentials\x12\x1f\n" +
+	"\busername\x18\x01 \x01(\tB\x03\xe0A\x02R\busername\x12\x1f\n" +
+	"\bpassword\x18\x02 \x01(\tB\x03\xe0A\x02R\bpassword\"m\n" +
+	"\x0eSSOCredentials\x12\x1a\n" +
+	"\x06idp_id\x18\x01 \x01(\x05B\x03\xe0A\x02R\x05idpId\x12\x17\n" +
+	"\x04code\x18\x02 \x01(\tB\x03\xe0A\x02R\x04code\x12&\n" +
+	"\fredirect_uri\x18\x03 \x01(\tB\x03\xe0A\x02R\vredirectUri\"W\n" +
+	"\x13RegisterUserRequest\x12\x1f\n" +
+	"\busername\x18\x01 \x01(\tB\x03\xe0A\x02R\busername\x12\x1f\n" +
+	"\bpassword\x18\x02 \x01(\tB\x03\xe0A\x02R\bpassword\"\x16\n" +
+	"\x14DeleteSessionRequest2\xb8\x03\n" +
 	"\vAuthService\x12d\n" +
-	"\rGetAuthStatus\x12\".memos.api.v1.GetAuthStatusRequest\x1a\x12.memos.api.v1.User\"\x1b\x82\xd3\xe4\x93\x02\x15\"\x13/api/v1/auth/status\x12V\n" +
-	"\x06SignIn\x12\x1b.memos.api.v1.SignInRequest\x1a\x12.memos.api.v1.User\"\x1b\x82\xd3\xe4\x93\x02\x15\"\x13/api/v1/auth/signin\x12V\n" +
-	"\x06SignUp\x12\x1b.memos.api.v1.SignUpRequest\x1a\x12.memos.api.v1.User\"\x1b\x82\xd3\xe4\x93\x02\x15\"\x13/api/v1/auth/signup\x12]\n" +
-	"\aSignOut\x12\x1c.memos.api.v1.SignOutRequest\x1a\x16.google.protobuf.Empty\"\x1c\x82\xd3\xe4\x93\x02\x16\"\x14/api/v1/auth/signoutB\xa8\x01\n" +
+	"\rGetAuthStatus\x12\".memos.api.v1.GetAuthStatusRequest\x1a\x12.memos.api.v1.User\"\x1b\x82\xd3\xe4\x93\x02\x15\x12\x13/api/v1/auth/status\x12i\n" +
+	"\rCreateSession\x12\".memos.api.v1.CreateSessionRequest\x1a\x12.memos.api.v1.User\" \x82\xd3\xe4\x93\x02\x1a:\x01*\"\x15/api/v1/auth/sessions\x12d\n" +
+	"\fRegisterUser\x12!.memos.api.v1.RegisterUserRequest\x1a\x12.memos.api.v1.User\"\x1d\x82\xd3\xe4\x93\x02\x17:\x01*\"\x12/api/v1/auth/users\x12r\n" +
+	"\rDeleteSession\x12\".memos.api.v1.DeleteSessionRequest\x1a\x16.google.protobuf.Empty\"%\x82\xd3\xe4\x93\x02\x1f*\x1d/api/v1/auth/sessions/currentB\xa8\x01\n" +
 	"\x10com.memos.api.v1B\x10AuthServiceProtoP\x01Z0github.com/usememos/memos/proto/gen/api/v1;apiv1\xa2\x02\x03MAX\xaa\x02\fMemos.Api.V1\xca\x02\fMemos\\Api\\V1\xe2\x02\x18Memos\\Api\\V1\\GPBMetadata\xea\x02\x0eMemos::Api::V1b\x06proto3"
 
 var (
@@ -452,26 +461,26 @@ var file_api_v1_auth_service_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
 var file_api_v1_auth_service_proto_goTypes = []any{
 	(*GetAuthStatusRequest)(nil),  // 0: memos.api.v1.GetAuthStatusRequest
 	(*GetAuthStatusResponse)(nil), // 1: memos.api.v1.GetAuthStatusResponse
-	(*SignInRequest)(nil),         // 2: memos.api.v1.SignInRequest
+	(*CreateSessionRequest)(nil),  // 2: memos.api.v1.CreateSessionRequest
 	(*PasswordCredentials)(nil),   // 3: memos.api.v1.PasswordCredentials
 	(*SSOCredentials)(nil),        // 4: memos.api.v1.SSOCredentials
-	(*SignUpRequest)(nil),         // 5: memos.api.v1.SignUpRequest
-	(*SignOutRequest)(nil),        // 6: memos.api.v1.SignOutRequest
+	(*RegisterUserRequest)(nil),   // 5: memos.api.v1.RegisterUserRequest
+	(*DeleteSessionRequest)(nil),  // 6: memos.api.v1.DeleteSessionRequest
 	(*User)(nil),                  // 7: memos.api.v1.User
 	(*emptypb.Empty)(nil),         // 8: google.protobuf.Empty
 }
 var file_api_v1_auth_service_proto_depIdxs = []int32{
 	7, // 0: memos.api.v1.GetAuthStatusResponse.user:type_name -> memos.api.v1.User
-	3, // 1: memos.api.v1.SignInRequest.password_credentials:type_name -> memos.api.v1.PasswordCredentials
-	4, // 2: memos.api.v1.SignInRequest.sso_credentials:type_name -> memos.api.v1.SSOCredentials
+	3, // 1: memos.api.v1.CreateSessionRequest.password_credentials:type_name -> memos.api.v1.PasswordCredentials
+	4, // 2: memos.api.v1.CreateSessionRequest.sso_credentials:type_name -> memos.api.v1.SSOCredentials
 	0, // 3: memos.api.v1.AuthService.GetAuthStatus:input_type -> memos.api.v1.GetAuthStatusRequest
-	2, // 4: memos.api.v1.AuthService.SignIn:input_type -> memos.api.v1.SignInRequest
-	5, // 5: memos.api.v1.AuthService.SignUp:input_type -> memos.api.v1.SignUpRequest
-	6, // 6: memos.api.v1.AuthService.SignOut:input_type -> memos.api.v1.SignOutRequest
+	2, // 4: memos.api.v1.AuthService.CreateSession:input_type -> memos.api.v1.CreateSessionRequest
+	5, // 5: memos.api.v1.AuthService.RegisterUser:input_type -> memos.api.v1.RegisterUserRequest
+	6, // 6: memos.api.v1.AuthService.DeleteSession:input_type -> memos.api.v1.DeleteSessionRequest
 	7, // 7: memos.api.v1.AuthService.GetAuthStatus:output_type -> memos.api.v1.User
-	7, // 8: memos.api.v1.AuthService.SignIn:output_type -> memos.api.v1.User
-	7, // 9: memos.api.v1.AuthService.SignUp:output_type -> memos.api.v1.User
-	8, // 10: memos.api.v1.AuthService.SignOut:output_type -> google.protobuf.Empty
+	7, // 8: memos.api.v1.AuthService.CreateSession:output_type -> memos.api.v1.User
+	7, // 9: memos.api.v1.AuthService.RegisterUser:output_type -> memos.api.v1.User
+	8, // 10: memos.api.v1.AuthService.DeleteSession:output_type -> google.protobuf.Empty
 	7, // [7:11] is the sub-list for method output_type
 	3, // [3:7] is the sub-list for method input_type
 	3, // [3:3] is the sub-list for extension type_name
@@ -486,8 +495,8 @@ func file_api_v1_auth_service_proto_init() {
 	}
 	file_api_v1_user_service_proto_init()
 	file_api_v1_auth_service_proto_msgTypes[2].OneofWrappers = []any{
-		(*SignInRequest_PasswordCredentials)(nil),
-		(*SignInRequest_SsoCredentials)(nil),
+		(*CreateSessionRequest_PasswordCredentials)(nil),
+		(*CreateSessionRequest_SsoCredentials)(nil),
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{

proto/gen/api/v1/auth_service.pb.gw.go

@@ -54,88 +54,70 @@ func local_request_AuthService_GetAuthStatus_0(ctx context.Context, marshaler ru
 	return msg, metadata, err
 }
 
-var filter_AuthService_SignIn_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-
-func request_AuthService_SignIn_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_AuthService_CreateSession_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignInRequest
+		protoReq CreateSessionRequest
 		metadata runtime.ServerMetadata
 	)
-	io.Copy(io.Discard, req.Body)
-	if err := req.ParseForm(); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_SignIn_0); err != nil {
+	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
-	msg, err := client.SignIn(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	msg, err := client.CreateSession(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
 
-func local_request_AuthService_SignIn_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func local_request_AuthService_CreateSession_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignInRequest
+		protoReq CreateSessionRequest
 		metadata runtime.ServerMetadata
 	)
-	if err := req.ParseForm(); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_SignIn_0); err != nil {
+	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
-	msg, err := server.SignIn(ctx, &protoReq)
+	msg, err := server.CreateSession(ctx, &protoReq)
 	return msg, metadata, err
 }
 
-var filter_AuthService_SignUp_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-
-func request_AuthService_SignUp_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_AuthService_RegisterUser_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignUpRequest
+		protoReq RegisterUserRequest
 		metadata runtime.ServerMetadata
 	)
-	io.Copy(io.Discard, req.Body)
-	if err := req.ParseForm(); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_SignUp_0); err != nil {
+	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
-	msg, err := client.SignUp(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	msg, err := client.RegisterUser(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
 
-func local_request_AuthService_SignUp_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func local_request_AuthService_RegisterUser_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignUpRequest
+		protoReq RegisterUserRequest
 		metadata runtime.ServerMetadata
 	)
-	if err := req.ParseForm(); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-	if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_SignUp_0); err != nil {
+	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil && !errors.Is(err, io.EOF) {
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
 	}
-	msg, err := server.SignUp(ctx, &protoReq)
+	msg, err := server.RegisterUser(ctx, &protoReq)
 	return msg, metadata, err
 }
 
-func request_AuthService_SignOut_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func request_AuthService_DeleteSession_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignOutRequest
+		protoReq DeleteSessionRequest
 		metadata runtime.ServerMetadata
 	)
 	io.Copy(io.Discard, req.Body)
-	msg, err := client.SignOut(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	msg, err := client.DeleteSession(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err
 }
 
-func local_request_AuthService_SignOut_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+func local_request_AuthService_DeleteSession_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var (
-		protoReq SignOutRequest
+		protoReq DeleteSessionRequest
 		metadata runtime.ServerMetadata
 	)
-	msg, err := server.SignOut(ctx, &protoReq)
+	msg, err := server.DeleteSession(ctx, &protoReq)
 	return msg, metadata, err
 }
 
@@ -145,7 +127,7 @@ func local_request_AuthService_SignOut_0(ctx context.Context, marshaler runtime.
 // Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAuthServiceHandlerFromEndpoint instead.
 // GRPC interceptors will not work for this type of registration. To use interceptors, you must use the "runtime.WithMiddlewares" option in the "runtime.NewServeMux" call.
 func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthServiceServer) error {
-	mux.Handle(http.MethodPost, pattern_AuthService_GetAuthStatus_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodGet, pattern_AuthService_GetAuthStatus_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
@@ -165,65 +147,65 @@ func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
 		}
 		forward_AuthService_GetAuthStatus_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignIn_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodPost, pattern_AuthService_CreateSession_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/SignIn", runtime.WithHTTPPathPattern("/api/v1/auth/signin"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/CreateSession", runtime.WithHTTPPathPattern("/api/v1/auth/sessions"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := local_request_AuthService_SignIn_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		resp, md, err := local_request_AuthService_CreateSession_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignIn_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_CreateSession_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignUp_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodPost, pattern_AuthService_RegisterUser_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/SignUp", runtime.WithHTTPPathPattern("/api/v1/auth/signup"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/RegisterUser", runtime.WithHTTPPathPattern("/api/v1/auth/users"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := local_request_AuthService_SignUp_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		resp, md, err := local_request_AuthService_RegisterUser_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignUp_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_RegisterUser_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignOut_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodDelete, pattern_AuthService_DeleteSession_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/SignOut", runtime.WithHTTPPathPattern("/api/v1/auth/signout"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.AuthService/DeleteSession", runtime.WithHTTPPathPattern("/api/v1/auth/sessions/current"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := local_request_AuthService_SignOut_0(annotatedContext, inboundMarshaler, server, req, pathParams)
+		resp, md, err := local_request_AuthService_DeleteSession_0(annotatedContext, inboundMarshaler, server, req, pathParams)
 		md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer())
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignOut_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_DeleteSession_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 
 	return nil
@@ -265,7 +247,7 @@ func RegisterAuthServiceHandler(ctx context.Context, mux *runtime.ServeMux, conn
 // doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in
 // "AuthServiceClient" to call the correct interceptors. This client ignores the HTTP middlewares.
 func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthServiceClient) error {
-	mux.Handle(http.MethodPost, pattern_AuthService_GetAuthStatus_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodGet, pattern_AuthService_GetAuthStatus_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
@@ -282,70 +264,70 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
 		}
 		forward_AuthService_GetAuthStatus_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignIn_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodPost, pattern_AuthService_CreateSession_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/SignIn", runtime.WithHTTPPathPattern("/api/v1/auth/signin"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/CreateSession", runtime.WithHTTPPathPattern("/api/v1/auth/sessions"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_AuthService_SignIn_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_AuthService_CreateSession_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignIn_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_CreateSession_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignUp_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodPost, pattern_AuthService_RegisterUser_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/SignUp", runtime.WithHTTPPathPattern("/api/v1/auth/signup"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/RegisterUser", runtime.WithHTTPPathPattern("/api/v1/auth/users"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_AuthService_SignUp_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_AuthService_RegisterUser_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignUp_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_RegisterUser_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
-	mux.Handle(http.MethodPost, pattern_AuthService_SignOut_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle(http.MethodDelete, pattern_AuthService_DeleteSession_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/SignOut", runtime.WithHTTPPathPattern("/api/v1/auth/signout"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.AuthService/DeleteSession", runtime.WithHTTPPathPattern("/api/v1/auth/sessions/current"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_AuthService_SignOut_0(annotatedContext, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_AuthService_DeleteSession_0(annotatedContext, inboundMarshaler, client, req, pathParams)
 		annotatedContext = runtime.NewServerMetadataContext(annotatedContext, md)
 		if err != nil {
 			runtime.HTTPError(annotatedContext, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		forward_AuthService_SignOut_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_AuthService_DeleteSession_0(annotatedContext, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
 	})
 	return nil
 }
 
 var (
 	pattern_AuthService_GetAuthStatus_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "status"}, ""))
-	pattern_AuthService_SignIn_0        = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "signin"}, ""))
-	pattern_AuthService_SignUp_0        = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "signup"}, ""))
-	pattern_AuthService_SignOut_0       = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "signout"}, ""))
+	pattern_AuthService_CreateSession_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "sessions"}, ""))
+	pattern_AuthService_RegisterUser_0  = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "auth", "users"}, ""))
+	pattern_AuthService_DeleteSession_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4}, []string{"api", "v1", "auth", "sessions", "current"}, ""))
 )
 
 var (
 	forward_AuthService_GetAuthStatus_0 = runtime.ForwardResponseMessage
-	forward_AuthService_SignIn_0        = runtime.ForwardResponseMessage
-	forward_AuthService_SignUp_0        = runtime.ForwardResponseMessage
-	forward_AuthService_SignOut_0       = runtime.ForwardResponseMessage
+	forward_AuthService_CreateSession_0 = runtime.ForwardResponseMessage
+	forward_AuthService_RegisterUser_0  = runtime.ForwardResponseMessage
+	forward_AuthService_DeleteSession_0 = runtime.ForwardResponseMessage
 )

proto/gen/api/v1/auth_service_grpc.pb.go

@@ -21,23 +21,27 @@ const _ = grpc.SupportPackageIsVersion9
 
 const (
 	AuthService_GetAuthStatus_FullMethodName = "/memos.api.v1.AuthService/GetAuthStatus"
-	AuthService_SignIn_FullMethodName        = "/memos.api.v1.AuthService/SignIn"
-	AuthService_SignUp_FullMethodName        = "/memos.api.v1.AuthService/SignUp"
-	AuthService_SignOut_FullMethodName       = "/memos.api.v1.AuthService/SignOut"
+	AuthService_CreateSession_FullMethodName = "/memos.api.v1.AuthService/CreateSession"
+	AuthService_RegisterUser_FullMethodName  = "/memos.api.v1.AuthService/RegisterUser"
+	AuthService_DeleteSession_FullMethodName = "/memos.api.v1.AuthService/DeleteSession"
 )
 
 // AuthServiceClient is the client API for AuthService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type AuthServiceClient interface {
-	// GetAuthStatus returns the current auth status of the user.
+	// GetAuthStatus returns the current authentication status of the user.
+	// This method is idempotent and safe, suitable for checking authentication state.
 	GetAuthStatus(ctx context.Context, in *GetAuthStatusRequest, opts ...grpc.CallOption) (*User, error)
-	// SignIn signs in the user.
-	SignIn(ctx context.Context, in *SignInRequest, opts ...grpc.CallOption) (*User, error)
-	// SignUp signs up the user with the given username and password.
-	SignUp(ctx context.Context, in *SignUpRequest, opts ...grpc.CallOption) (*User, error)
-	// SignOut signs out the user.
-	SignOut(ctx context.Context, in *SignOutRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
+	// CreateSession authenticates a user and creates a new session.
+	// Returns the authenticated user information upon successful authentication.
+	CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*User, error)
+	// RegisterUser creates a new user account with username and password.
+	// Returns the newly created user information upon successful registration.
+	RegisterUser(ctx context.Context, in *RegisterUserRequest, opts ...grpc.CallOption) (*User, error)
+	// DeleteSession terminates the current user session.
+	// This is an idempotent operation that invalidates the user's authentication.
+	DeleteSession(ctx context.Context, in *DeleteSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
 }
 
 type authServiceClient struct {
@@ -58,30 +62,30 @@ func (c *authServiceClient) GetAuthStatus(ctx context.Context, in *GetAuthStatus
 	return out, nil
 }
 
-func (c *authServiceClient) SignIn(ctx context.Context, in *SignInRequest, opts ...grpc.CallOption) (*User, error) {
+func (c *authServiceClient) CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*User, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(User)
-	err := c.cc.Invoke(ctx, AuthService_SignIn_FullMethodName, in, out, cOpts...)
+	err := c.cc.Invoke(ctx, AuthService_CreateSession_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *authServiceClient) SignUp(ctx context.Context, in *SignUpRequest, opts ...grpc.CallOption) (*User, error) {
+func (c *authServiceClient) RegisterUser(ctx context.Context, in *RegisterUserRequest, opts ...grpc.CallOption) (*User, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(User)
-	err := c.cc.Invoke(ctx, AuthService_SignUp_FullMethodName, in, out, cOpts...)
+	err := c.cc.Invoke(ctx, AuthService_RegisterUser_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *authServiceClient) SignOut(ctx context.Context, in *SignOutRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
+func (c *authServiceClient) DeleteSession(ctx context.Context, in *DeleteSessionRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) {
 	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(emptypb.Empty)
-	err := c.cc.Invoke(ctx, AuthService_SignOut_FullMethodName, in, out, cOpts...)
+	err := c.cc.Invoke(ctx, AuthService_DeleteSession_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -92,14 +96,18 @@ func (c *authServiceClient) SignOut(ctx context.Context, in *SignOutRequest, opt
 // All implementations must embed UnimplementedAuthServiceServer
 // for forward compatibility.
 type AuthServiceServer interface {
-	// GetAuthStatus returns the current auth status of the user.
+	// GetAuthStatus returns the current authentication status of the user.
+	// This method is idempotent and safe, suitable for checking authentication state.
 	GetAuthStatus(context.Context, *GetAuthStatusRequest) (*User, error)
-	// SignIn signs in the user.
-	SignIn(context.Context, *SignInRequest) (*User, error)
-	// SignUp signs up the user with the given username and password.
-	SignUp(context.Context, *SignUpRequest) (*User, error)
-	// SignOut signs out the user.
-	SignOut(context.Context, *SignOutRequest) (*emptypb.Empty, error)
+	// CreateSession authenticates a user and creates a new session.
+	// Returns the authenticated user information upon successful authentication.
+	CreateSession(context.Context, *CreateSessionRequest) (*User, error)
+	// RegisterUser creates a new user account with username and password.
+	// Returns the newly created user information upon successful registration.
+	RegisterUser(context.Context, *RegisterUserRequest) (*User, error)
+	// DeleteSession terminates the current user session.
+	// This is an idempotent operation that invalidates the user's authentication.
+	DeleteSession(context.Context, *DeleteSessionRequest) (*emptypb.Empty, error)
 	mustEmbedUnimplementedAuthServiceServer()
 }
 
@@ -113,14 +121,14 @@ type UnimplementedAuthServiceServer struct{}
 func (UnimplementedAuthServiceServer) GetAuthStatus(context.Context, *GetAuthStatusRequest) (*User, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetAuthStatus not implemented")
 }
-func (UnimplementedAuthServiceServer) SignIn(context.Context, *SignInRequest) (*User, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SignIn not implemented")
+func (UnimplementedAuthServiceServer) CreateSession(context.Context, *CreateSessionRequest) (*User, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateSession not implemented")
 }
-func (UnimplementedAuthServiceServer) SignUp(context.Context, *SignUpRequest) (*User, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SignUp not implemented")
+func (UnimplementedAuthServiceServer) RegisterUser(context.Context, *RegisterUserRequest) (*User, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RegisterUser not implemented")
 }
-func (UnimplementedAuthServiceServer) SignOut(context.Context, *SignOutRequest) (*emptypb.Empty, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method SignOut not implemented")
+func (UnimplementedAuthServiceServer) DeleteSession(context.Context, *DeleteSessionRequest) (*emptypb.Empty, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteSession not implemented")
 }
 func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
 func (UnimplementedAuthServiceServer) testEmbeddedByValue()                     {}
@@ -161,56 +169,56 @@ func _AuthService_GetAuthStatus_Handler(srv interface{}, ctx context.Context, de
 	return interceptor(ctx, in, info, handler)
 }
 
-func _AuthService_SignIn_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SignInRequest)
+func _AuthService_CreateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateSessionRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServiceServer).SignIn(ctx, in)
+		return srv.(AuthServiceServer).CreateSession(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: AuthService_SignIn_FullMethodName,
+		FullMethod: AuthService_CreateSession_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServiceServer).SignIn(ctx, req.(*SignInRequest))
+		return srv.(AuthServiceServer).CreateSession(ctx, req.(*CreateSessionRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _AuthService_SignUp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SignUpRequest)
+func _AuthService_RegisterUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RegisterUserRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServiceServer).SignUp(ctx, in)
+		return srv.(AuthServiceServer).RegisterUser(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: AuthService_SignUp_FullMethodName,
+		FullMethod: AuthService_RegisterUser_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServiceServer).SignUp(ctx, req.(*SignUpRequest))
+		return srv.(AuthServiceServer).RegisterUser(ctx, req.(*RegisterUserRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _AuthService_SignOut_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(SignOutRequest)
+func _AuthService_DeleteSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteSessionRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(AuthServiceServer).SignOut(ctx, in)
+		return srv.(AuthServiceServer).DeleteSession(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: AuthService_SignOut_FullMethodName,
+		FullMethod: AuthService_DeleteSession_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(AuthServiceServer).SignOut(ctx, req.(*SignOutRequest))
+		return srv.(AuthServiceServer).DeleteSession(ctx, req.(*DeleteSessionRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -227,16 +235,16 @@ var AuthService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _AuthService_GetAuthStatus_Handler,
 		},
 		{
-			MethodName: "SignIn",
-			Handler:    _AuthService_SignIn_Handler,
+			MethodName: "CreateSession",
+			Handler:    _AuthService_CreateSession_Handler,
 		},
 		{
-			MethodName: "SignUp",
-			Handler:    _AuthService_SignUp_Handler,
+			MethodName: "RegisterUser",
+			Handler:    _AuthService_RegisterUser_Handler,
 		},
 		{
-			MethodName: "SignOut",
-			Handler:    _AuthService_SignOut_Handler,
+			MethodName: "DeleteSession",
+			Handler:    _AuthService_DeleteSession_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},

proto/gen/api/v1/markdown_service.pb.go

@@ -214,6 +214,7 @@ func (ListNode_Kind) EnumDescriptor() ([]byte, []int) {
 
 type ParseMarkdownRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The markdown content to parse.
 	Markdown      string `protobuf:"bytes,1,opt,name=markdown,proto3" json:"markdown,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -258,6 +259,7 @@ func (x *ParseMarkdownRequest) GetMarkdown() string {
 
 type ParseMarkdownResponse struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The parsed markdown nodes.
 	Nodes         []*Node `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -302,6 +304,7 @@ func (x *ParseMarkdownResponse) GetNodes() []*Node {
 
 type RestoreMarkdownNodesRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The nodes to restore to markdown content.
 	Nodes         []*Node `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -346,6 +349,7 @@ func (x *RestoreMarkdownNodesRequest) GetNodes() []*Node {
 
 type RestoreMarkdownNodesResponse struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The restored markdown content.
 	Markdown      string `protobuf:"bytes,1,opt,name=markdown,proto3" json:"markdown,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -390,6 +394,7 @@ func (x *RestoreMarkdownNodesResponse) GetMarkdown() string {
 
 type StringifyMarkdownNodesRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The nodes to stringify to plain text.
 	Nodes         []*Node `protobuf:"bytes,1,rep,name=nodes,proto3" json:"nodes,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -434,6 +439,7 @@ func (x *StringifyMarkdownNodesRequest) GetNodes() []*Node {
 
 type StringifyMarkdownNodesResponse struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The plain text content.
 	PlainText     string `protobuf:"bytes,1,opt,name=plain_text,json=plainText,proto3" json:"plain_text,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -478,6 +484,7 @@ func (x *StringifyMarkdownNodesResponse) GetPlainText() string {
 
 type GetLinkMetadataRequest struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The link URL to get metadata for.
 	Link          string `protobuf:"bytes,1,opt,name=link,proto3" json:"link,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -522,8 +529,11 @@ func (x *GetLinkMetadataRequest) GetLink() string {
 
 type LinkMetadata struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The title of the linked page.
 	Title string `protobuf:"bytes,1,opt,name=title,proto3" json:"title,omitempty"`
+	// The description of the linked page.
 	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
+	// The URL of the preview image for the linked page.
 	Image         string `protobuf:"bytes,3,opt,name=image,proto3" json:"image,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -1762,7 +1772,9 @@ func (x *TableNode) GetRows() []*TableNode_Row {
 
 type EmbeddedContentNode struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The resource name of the embedded content.
 	ResourceName string `protobuf:"bytes,1,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
+	// Additional parameters for the embedded content.
 	Params        string `protobuf:"bytes,2,opt,name=params,proto3" json:"params,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -2522,7 +2534,9 @@ func (x *SuperscriptNode) GetContent() string {
 
 type ReferencedContentNode struct {
 	state protoimpl.MessageState `protogen:"open.v1"`
+	// The resource name of the referenced content.
 	ResourceName string `protobuf:"bytes,1,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
+	// Additional parameters for the referenced content.
 	Params        string `protobuf:"bytes,2,opt,name=params,proto3" json:"params,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -2716,22 +2730,22 @@ var File_api_v1_markdown_service_proto protoreflect.FileDescriptor
 
 const file_api_v1_markdown_service_proto_rawDesc = "" +
 	"\n" +
-	"\x1dapi/v1/markdown_service.proto\x12\fmemos.api.v1\x1a\x1cgoogle/api/annotations.proto\"2\n" +
-	"\x14ParseMarkdownRequest\x12\x1a\n" +
-	"\bmarkdown\x18\x01 \x01(\tR\bmarkdown\"A\n" +
+	"\x1dapi/v1/markdown_service.proto\x12\fmemos.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x1fgoogle/api/field_behavior.proto\"7\n" +
+	"\x14ParseMarkdownRequest\x12\x1f\n" +
+	"\bmarkdown\x18\x01 \x01(\tB\x03\xe0A\x02R\bmarkdown\"A\n" +
 	"\x15ParseMarkdownResponse\x12(\n" +
-	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeR\x05nodes\"G\n" +
-	"\x1bRestoreMarkdownNodesRequest\x12(\n" +
-	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeR\x05nodes\":\n" +
+	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeR\x05nodes\"L\n" +
+	"\x1bRestoreMarkdownNodesRequest\x12-\n" +
+	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeB\x03\xe0A\x02R\x05nodes\":\n" +
 	"\x1cRestoreMarkdownNodesResponse\x12\x1a\n" +
-	"\bmarkdown\x18\x01 \x01(\tR\bmarkdown\"I\n" +
-	"\x1dStringifyMarkdownNodesRequest\x12(\n" +
-	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeR\x05nodes\"?\n" +
+	"\bmarkdown\x18\x01 \x01(\tR\bmarkdown\"N\n" +
+	"\x1dStringifyMarkdownNodesRequest\x12-\n" +
+	"\x05nodes\x18\x01 \x03(\v2\x12.memos.api.v1.NodeB\x03\xe0A\x02R\x05nodes\"?\n" +
 	"\x1eStringifyMarkdownNodesResponse\x12\x1d\n" +
 	"\n" +
-	"plain_text\x18\x01 \x01(\tR\tplainText\",\n" +
-	"\x16GetLinkMetadataRequest\x12\x12\n" +
-	"\x04link\x18\x01 \x01(\tR\x04link\"\\\n" +
+	"plain_text\x18\x01 \x01(\tR\tplainText\"1\n" +
+	"\x16GetLinkMetadataRequest\x12\x17\n" +
+	"\x04link\x18\x01 \x01(\tB\x03\xe0A\x02R\x04link\"\\\n" +
 	"\fLinkMetadata\x12\x14\n" +
 	"\x05title\x18\x01 \x01(\tR\x05title\x12 \n" +
 	"\vdescription\x18\x02 \x01(\tR\vdescription\x12\x14\n" +
@@ -2907,12 +2921,12 @@ const file_api_v1_markdown_service_proto_rawDesc = "" +
 	"\vSUPERSCRIPT\x10A\x12\x16\n" +
 	"\x12REFERENCED_CONTENT\x10B\x12\v\n" +
 	"\aSPOILER\x10C\x12\x10\n" +
-	"\fHTML_ELEMENT\x10D2\xc7\x04\n" +
+	"\fHTML_ELEMENT\x10D2\xc1\x04\n" +
 	"\x0fMarkdownService\x12{\n" +
-	"\rParseMarkdown\x12\".memos.api.v1.ParseMarkdownRequest\x1a#.memos.api.v1.ParseMarkdownResponse\"!\x82\xd3\xe4\x93\x02\x1b:\x01*\"\x16/api/v1/markdown:parse\x12\x97\x01\n" +
-	"\x14RestoreMarkdownNodes\x12).memos.api.v1.RestoreMarkdownNodesRequest\x1a*.memos.api.v1.RestoreMarkdownNodesResponse\"(\x82\xd3\xe4\x93\x02\":\x01*\"\x1d/api/v1/markdown/node:restore\x12\x9f\x01\n" +
-	"\x16StringifyMarkdownNodes\x12+.memos.api.v1.StringifyMarkdownNodesRequest\x1a,.memos.api.v1.StringifyMarkdownNodesResponse\"*\x82\xd3\xe4\x93\x02$:\x01*\"\x1f/api/v1/markdown/node:stringify\x12{\n" +
-	"\x0fGetLinkMetadata\x12$.memos.api.v1.GetLinkMetadataRequest\x1a\x1a.memos.api.v1.LinkMetadata\"&\x82\xd3\xe4\x93\x02 \x12\x1e/api/v1/markdown/link:metadataB\xac\x01\n" +
+	"\rParseMarkdown\x12\".memos.api.v1.ParseMarkdownRequest\x1a#.memos.api.v1.ParseMarkdownResponse\"!\x82\xd3\xe4\x93\x02\x1b:\x01*\"\x16/api/v1/markdown:parse\x12\x92\x01\n" +
+	"\x14RestoreMarkdownNodes\x12).memos.api.v1.RestoreMarkdownNodesRequest\x1a*.memos.api.v1.RestoreMarkdownNodesResponse\"#\x82\xd3\xe4\x93\x02\x1d:\x01*\"\x18/api/v1/markdown:restore\x12\x9a\x01\n" +
+	"\x16StringifyMarkdownNodes\x12+.memos.api.v1.StringifyMarkdownNodesRequest\x1a,.memos.api.v1.StringifyMarkdownNodesResponse\"%\x82\xd3\xe4\x93\x02\x1f:\x01*\"\x1a/api/v1/markdown:stringify\x12\x7f\n" +
+	"\x0fGetLinkMetadata\x12$.memos.api.v1.GetLinkMetadataRequest\x1a\x1a.memos.api.v1.LinkMetadata\"*\x82\xd3\xe4\x93\x02$\x12\"/api/v1/markdown/links:getMetadataB\xac\x01\n" +
 	"\x10com.memos.api.v1B\x14MarkdownServiceProtoP\x01Z0github.com/usememos/memos/proto/gen/api/v1;apiv1\xa2\x02\x03MAX\xaa\x02\fMemos.Api.V1\xca\x02\fMemos\\Api\\V1\xe2\x02\x18Memos\\Api\\V1\\GPBMetadata\xea\x02\x0eMemos::Api::V1b\x06proto3"
 
 var (

proto/gen/api/v1/markdown_service.pb.gw.go

@@ -172,7 +172,7 @@ func RegisterMarkdownServiceHandlerServer(ctx context.Context, mux *runtime.Serv
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/RestoreMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown/node:restore"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/RestoreMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown:restore"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -192,7 +192,7 @@ func RegisterMarkdownServiceHandlerServer(ctx context.Context, mux *runtime.Serv
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/StringifyMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown/node:stringify"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/StringifyMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown:stringify"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -212,7 +212,7 @@ func RegisterMarkdownServiceHandlerServer(ctx context.Context, mux *runtime.Serv
 		var stream runtime.ServerTransportStream
 		ctx = grpc.NewContextWithServerTransportStream(ctx, &stream)
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/GetLinkMetadata", runtime.WithHTTPPathPattern("/api/v1/markdown/link:metadata"))
+		annotatedContext, err := runtime.AnnotateIncomingContext(ctx, mux, req, "/memos.api.v1.MarkdownService/GetLinkMetadata", runtime.WithHTTPPathPattern("/api/v1/markdown/links:getMetadata"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -287,7 +287,7 @@ func RegisterMarkdownServiceHandlerClient(ctx context.Context, mux *runtime.Serv
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/RestoreMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown/node:restore"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/RestoreMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown:restore"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -304,7 +304,7 @@ func RegisterMarkdownServiceHandlerClient(ctx context.Context, mux *runtime.Serv
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/StringifyMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown/node:stringify"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/StringifyMarkdownNodes", runtime.WithHTTPPathPattern("/api/v1/markdown:stringify"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -321,7 +321,7 @@ func RegisterMarkdownServiceHandlerClient(ctx context.Context, mux *runtime.Serv
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/GetLinkMetadata", runtime.WithHTTPPathPattern("/api/v1/markdown/link:metadata"))
+		annotatedContext, err := runtime.AnnotateContext(ctx, mux, req, "/memos.api.v1.MarkdownService/GetLinkMetadata", runtime.WithHTTPPathPattern("/api/v1/markdown/links:getMetadata"))
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
@@ -339,9 +339,9 @@ func RegisterMarkdownServiceHandlerClient(ctx context.Context, mux *runtime.Serv
 
 var (
 	pattern_MarkdownService_ParseMarkdown_0          = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "markdown"}, "parse"))
-	pattern_MarkdownService_RestoreMarkdownNodes_0   = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "markdown", "node"}, "restore"))
-	pattern_MarkdownService_StringifyMarkdownNodes_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "markdown", "node"}, "stringify"))
-	pattern_MarkdownService_GetLinkMetadata_0        = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "markdown", "link"}, "metadata"))
+	pattern_MarkdownService_RestoreMarkdownNodes_0   = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "markdown"}, "restore"))
+	pattern_MarkdownService_StringifyMarkdownNodes_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "markdown"}, "stringify"))
+	pattern_MarkdownService_GetLinkMetadata_0        = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"api", "v1", "markdown", "links"}, "getMetadata"))
 )
 
 var (

proto/gen/api/v1/markdown_service_grpc.pb.go

@@ -30,12 +30,16 @@ const (
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type MarkdownServiceClient interface {
 	// ParseMarkdown parses the given markdown content and returns a list of nodes.
+	// This is a utility method that transforms markdown text into structured nodes.
 	ParseMarkdown(ctx context.Context, in *ParseMarkdownRequest, opts ...grpc.CallOption) (*ParseMarkdownResponse, error)
 	// RestoreMarkdownNodes restores the given nodes to markdown content.
+	// This is the inverse operation of ParseMarkdown.
 	RestoreMarkdownNodes(ctx context.Context, in *RestoreMarkdownNodesRequest, opts ...grpc.CallOption) (*RestoreMarkdownNodesResponse, error)
 	// StringifyMarkdownNodes stringify the given nodes to plain text content.
+	// This removes all markdown formatting and returns plain text.
 	StringifyMarkdownNodes(ctx context.Context, in *StringifyMarkdownNodesRequest, opts ...grpc.CallOption) (*StringifyMarkdownNodesResponse, error)
 	// GetLinkMetadata returns metadata for a given link.
+	// This is useful for generating link previews.
 	GetLinkMetadata(ctx context.Context, in *GetLinkMetadataRequest, opts ...grpc.CallOption) (*LinkMetadata, error)
 }
 
@@ -92,12 +96,16 @@ func (c *markdownServiceClient) GetLinkMetadata(ctx context.Context, in *GetLink
 // for forward compatibility.
 type MarkdownServiceServer interface {
 	// ParseMarkdown parses the given markdown content and returns a list of nodes.
+	// This is a utility method that transforms markdown text into structured nodes.
 	ParseMarkdown(context.Context, *ParseMarkdownRequest) (*ParseMarkdownResponse, error)
 	// RestoreMarkdownNodes restores the given nodes to markdown content.
+	// This is the inverse operation of ParseMarkdown.
 	RestoreMarkdownNodes(context.Context, *RestoreMarkdownNodesRequest) (*RestoreMarkdownNodesResponse, error)
 	// StringifyMarkdownNodes stringify the given nodes to plain text content.
+	// This removes all markdown formatting and returns plain text.
 	StringifyMarkdownNodes(context.Context, *StringifyMarkdownNodesRequest) (*StringifyMarkdownNodesResponse, error)
 	// GetLinkMetadata returns metadata for a given link.
+	// This is useful for generating link previews.
 	GetLinkMetadata(context.Context, *GetLinkMetadataRequest) (*LinkMetadata, error)
 	mustEmbedUnimplementedMarkdownServiceServer()
 }

proto/gen/apidocs.swagger.yaml

@@ -131,10 +131,12 @@ paths:
           type: string
       tags:
         - AttachmentService
-  /api/v1/auth/signin:
+  /api/v1/auth/sessions:
     post:
-      summary: SignIn signs in the user.
-      operationId: AuthService_SignIn
+      summary: |-
+        CreateSession authenticates a user and creates a new session.
+        Returns the authenticated user information upon successful authentication.
+      operationId: AuthService_CreateSession
       responses:
         "200":
           description: A successful response.
@@ -145,43 +147,19 @@ paths:
           schema:
             $ref: '#/definitions/googlerpcStatus'
       parameters:
-        - name: passwordCredentials.username
-          description: The username to sign in with.
-          in: query
-          required: false
-          type: string
-        - name: passwordCredentials.password
-          description: The password to sign in with.
-          in: query
-          required: false
-          type: string
-        - name: ssoCredentials.idpId
-          description: The ID of the SSO provider.
-          in: query
-          required: false
-          type: integer
-          format: int32
-        - name: ssoCredentials.code
-          description: The code to sign in with.
-          in: query
-          required: false
-          type: string
-        - name: ssoCredentials.redirectUri
-          description: The redirect URI.
-          in: query
-          required: false
-          type: string
-        - name: neverExpire
-          description: Whether the session should never expire.
-          in: query
-          required: false
-          type: boolean
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1CreateSessionRequest'
       tags:
         - AuthService
-  /api/v1/auth/signout:
-    post:
-      summary: SignOut signs out the user.
-      operationId: AuthService_SignOut
+  /api/v1/auth/sessions/current:
+    delete:
+      summary: |-
+        DeleteSession terminates the current user session.
+        This is an idempotent operation that invalidates the user's authentication.
+      operationId: AuthService_DeleteSession
       responses:
         "200":
           description: A successful response.
@@ -194,10 +172,12 @@ paths:
             $ref: '#/definitions/googlerpcStatus'
       tags:
         - AuthService
-  /api/v1/auth/signup:
-    post:
-      summary: SignUp signs up the user with the given username and password.
-      operationId: AuthService_SignUp
+  /api/v1/auth/status:
+    get:
+      summary: |-
+        GetAuthStatus returns the current authentication status of the user.
+        This method is idempotent and safe, suitable for checking authentication state.
+      operationId: AuthService_GetAuthStatus
       responses:
         "200":
           description: A successful response.
@@ -207,23 +187,14 @@ paths:
           description: An unexpected error response.
           schema:
             $ref: '#/definitions/googlerpcStatus'
-      parameters:
-        - name: username
-          description: The username to sign up with.
-          in: query
-          required: false
-          type: string
-        - name: password
-          description: The password to sign up with.
-          in: query
-          required: false
-          type: string
       tags:
         - AuthService
-  /api/v1/auth/status:
+  /api/v1/auth/users:
     post:
-      summary: GetAuthStatus returns the current auth status of the user.
-      operationId: AuthService_GetAuthStatus
+      summary: |-
+        RegisterUser creates a new user account with username and password.
+        Returns the newly created user information upon successful registration.
+      operationId: AuthService_RegisterUser
       responses:
         "200":
           description: A successful response.
@@ -233,6 +204,12 @@ paths:
           description: An unexpected error response.
           schema:
             $ref: '#/definitions/googlerpcStatus'
+      parameters:
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1RegisterUserRequest'
       tags:
         - AuthService
   /api/v1/identityProviders:
@@ -292,9 +269,11 @@ paths:
           type: string
       tags:
         - IdentityProviderService
-  /api/v1/markdown/link:metadata:
+  /api/v1/markdown/links:getMetadata:
     get:
-      summary: GetLinkMetadata returns metadata for a given link.
+      summary: |-
+        GetLinkMetadata returns metadata for a given link.
+        This is useful for generating link previews.
       operationId: MarkdownService_GetLinkMetadata
       responses:
         "200":
@@ -307,20 +286,23 @@ paths:
             $ref: '#/definitions/googlerpcStatus'
       parameters:
         - name: link
+          description: The link URL to get metadata for.
           in: query
-          required: false
+          required: true
           type: string
       tags:
         - MarkdownService
-  /api/v1/markdown/node:restore:
+  /api/v1/markdown:parse:
     post:
-      summary: RestoreMarkdownNodes restores the given nodes to markdown content.
-      operationId: MarkdownService_RestoreMarkdownNodes
+      summary: |-
+        ParseMarkdown parses the given markdown content and returns a list of nodes.
+        This is a utility method that transforms markdown text into structured nodes.
+      operationId: MarkdownService_ParseMarkdown
       responses:
         "200":
           description: A successful response.
           schema:
-            $ref: '#/definitions/v1RestoreMarkdownNodesResponse'
+            $ref: '#/definitions/v1ParseMarkdownResponse'
         default:
           description: An unexpected error response.
           schema:
@@ -330,18 +312,20 @@ paths:
           in: body
           required: true
           schema:
-            $ref: '#/definitions/v1RestoreMarkdownNodesRequest'
+            $ref: '#/definitions/v1ParseMarkdownRequest'
       tags:
         - MarkdownService
-  /api/v1/markdown/node:stringify:
+  /api/v1/markdown:restore:
     post:
-      summary: StringifyMarkdownNodes stringify the given nodes to plain text content.
-      operationId: MarkdownService_StringifyMarkdownNodes
+      summary: |-
+        RestoreMarkdownNodes restores the given nodes to markdown content.
+        This is the inverse operation of ParseMarkdown.
+      operationId: MarkdownService_RestoreMarkdownNodes
       responses:
         "200":
           description: A successful response.
           schema:
-            $ref: '#/definitions/v1StringifyMarkdownNodesResponse'
+            $ref: '#/definitions/v1RestoreMarkdownNodesResponse'
         default:
           description: An unexpected error response.
           schema:
@@ -351,18 +335,20 @@ paths:
           in: body
           required: true
           schema:
-            $ref: '#/definitions/v1StringifyMarkdownNodesRequest'
+            $ref: '#/definitions/v1RestoreMarkdownNodesRequest'
       tags:
         - MarkdownService
-  /api/v1/markdown:parse:
+  /api/v1/markdown:stringify:
     post:
-      summary: ParseMarkdown parses the given markdown content and returns a list of nodes.
-      operationId: MarkdownService_ParseMarkdown
+      summary: |-
+        StringifyMarkdownNodes stringify the given nodes to plain text content.
+        This removes all markdown formatting and returns plain text.
+      operationId: MarkdownService_StringifyMarkdownNodes
       responses:
         "200":
           description: A successful response.
           schema:
-            $ref: '#/definitions/v1ParseMarkdownResponse'
+            $ref: '#/definitions/v1StringifyMarkdownNodesResponse'
         default:
           description: An unexpected error response.
           schema:
@@ -372,7 +358,7 @@ paths:
           in: body
           required: true
           schema:
-            $ref: '#/definitions/v1ParseMarkdownRequest'
+            $ref: '#/definitions/v1StringifyMarkdownNodesRequest'
       tags:
         - MarkdownService
   /api/v1/memos:
@@ -3324,13 +3310,29 @@ definitions:
     properties:
       content:
         type: string
+  v1CreateSessionRequest:
+    type: object
+    properties:
+      passwordCredentials:
+        $ref: '#/definitions/v1PasswordCredentials'
+        description: Username and password authentication method.
+      ssoCredentials:
+        $ref: '#/definitions/v1SSOCredentials'
+        description: SSO provider authentication method.
+      neverExpire:
+        type: boolean
+        description: |-
+          Whether the session should never expire.
+          Optional field that defaults to false for security.
   v1EmbeddedContentNode:
     type: object
     properties:
       resourceName:
         type: string
+        description: The resource name of the embedded content.
       params:
         type: string
+        description: Additional parameters for the embedded content.
   v1EscapingCharacterNode:
     type: object
     properties:
@@ -3452,10 +3454,13 @@ definitions:
     properties:
       title:
         type: string
+        description: The title of the linked page.
       description:
         type: string
+        description: The description of the linked page.
       image:
         type: string
+        description: The URL of the preview image for the linked page.
   v1LinkNode:
     type: object
     properties:
@@ -3906,6 +3911,9 @@ definitions:
     properties:
       markdown:
         type: string
+        description: The markdown content to parse.
+    required:
+      - markdown
   v1ParseMarkdownResponse:
     type: object
     properties:
@@ -3914,15 +3922,23 @@ definitions:
         items:
           type: object
           $ref: '#/definitions/v1Node'
+        description: The parsed markdown nodes.
   v1PasswordCredentials:
     type: object
     properties:
       username:
         type: string
-        description: The username to sign in with.
+        description: |-
+          The username to sign in with.
+          Required field for password-based authentication.
       password:
         type: string
-        description: The password to sign in with.
+        description: |-
+          The password to sign in with.
+          Required field for password-based authentication.
+    required:
+      - username
+      - password
   v1Reaction:
     type: object
     properties:
@@ -3964,8 +3980,26 @@ definitions:
     properties:
       resourceName:
         type: string
+        description: The resource name of the referenced content.
       params:
         type: string
+        description: Additional parameters for the referenced content.
+  v1RegisterUserRequest:
+    type: object
+    properties:
+      username:
+        type: string
+        description: |-
+          The username to sign up with.
+          Required field that must be unique across the system.
+      password:
+        type: string
+        description: |-
+          The password to sign up with.
+          Required field that should meet security requirements.
+    required:
+      - username
+      - password
   v1RestoreMarkdownNodesRequest:
     type: object
     properties:
@@ -3974,24 +4008,38 @@ definitions:
         items:
           type: object
           $ref: '#/definitions/v1Node'
+        description: The nodes to restore to markdown content.
+    required:
+      - nodes
   v1RestoreMarkdownNodesResponse:
     type: object
     properties:
       markdown:
         type: string
+        description: The restored markdown content.
   v1SSOCredentials:
     type: object
     properties:
       idpId:
         type: integer
         format: int32
-        description: The ID of the SSO provider.
+        description: |-
+          The ID of the SSO provider.
+          Required field to identify the SSO provider.
       code:
         type: string
-        description: The code to sign in with.
+        description: |-
+          The authorization code from the SSO provider.
+          Required field for completing the SSO flow.
       redirectUri:
         type: string
-        description: The redirect URI.
+        description: |-
+          The redirect URI used in the SSO flow.
+          Required field for security validation.
+    required:
+      - idpId
+      - code
+      - redirectUri
   v1SearchUsersResponse:
     type: object
     properties:
@@ -4033,11 +4081,15 @@ definitions:
         items:
           type: object
           $ref: '#/definitions/v1Node'
+        description: The nodes to stringify to plain text.
+    required:
+      - nodes
   v1StringifyMarkdownNodesResponse:
     type: object
     properties:
       plainText:
         type: string
+        description: The plain text content.
   v1SubscriptNode:
     type: object
     properties:

server/router/api/v1/acl_config.go

@@ -6,10 +6,9 @@ var authenticationAllowlistMethods = map[string]bool{
 	"/memos.api.v1.IdentityProviderService/GetIdentityProvider":   true,
 	"/memos.api.v1.IdentityProviderService/ListIdentityProviders": true,
 	"/memos.api.v1.AuthService/GetAuthStatus":                     true,
-	"/memos.api.v1.AuthService/SignIn":                            true,
-	"/memos.api.v1.AuthService/SignInWithSSO":                     true,
-	"/memos.api.v1.AuthService/SignOut":                           true,
-	"/memos.api.v1.AuthService/SignUp":                            true,
+	"/memos.api.v1.AuthService/CreateSession":                     true,
+	"/memos.api.v1.AuthService/RegisterUser":                      true,
+	"/memos.api.v1.AuthService/DeleteSession":                     true,
 	"/memos.api.v1.UserService/GetUser":                           true,
 	"/memos.api.v1.UserService/GetUserAvatar":                     true,
 	"/memos.api.v1.UserService/GetUserStats":                      true,

server/router/api/v1/auth_service.go

@@ -44,7 +44,7 @@ func (s *APIV1Service) GetAuthStatus(ctx context.Context, _ *v1pb.GetAuthStatusR
 	return convertUserFromStore(user), nil
 }
 
-func (s *APIV1Service) SignIn(ctx context.Context, request *v1pb.SignInRequest) (*v1pb.User, error) {
+func (s *APIV1Service) CreateSession(ctx context.Context, request *v1pb.CreateSessionRequest) (*v1pb.User, error) {
 	var existingUser *store.User
 	if passwordCredentials := request.GetPasswordCredentials(); passwordCredentials != nil {
 		user, err := s.Store.GetUser(ctx, &store.FindUser{
@@ -189,7 +189,7 @@ func (s *APIV1Service) doSignIn(ctx context.Context, user *store.User, expireTim
 	return nil
 }
 
-func (s *APIV1Service) SignUp(ctx context.Context, request *v1pb.SignUpRequest) (*v1pb.User, error) {
+func (s *APIV1Service) RegisterUser(ctx context.Context, request *v1pb.RegisterUserRequest) (*v1pb.User, error) {
 	workspaceGeneralSetting, err := s.Store.GetWorkspaceGeneralSetting(ctx)
 	if err != nil {
 		return nil, status.Errorf(codes.Internal, "failed to get workspace general setting, error: %v", err)
@@ -237,7 +237,7 @@ func (s *APIV1Service) SignUp(ctx context.Context, request *v1pb.SignUpRequest)
 	return convertUserFromStore(user), nil
 }
 
-func (s *APIV1Service) SignOut(ctx context.Context, _ *v1pb.SignOutRequest) (*emptypb.Empty, error) {
+func (s *APIV1Service) DeleteSession(ctx context.Context, _ *v1pb.DeleteSessionRequest) (*emptypb.Empty, error) {
 	accessToken, ok := ctx.Value(accessTokenContextKey).(string)
 	// Try to delete the access token from the store.
 	if ok {

web/src/components/PasswordSignInForm.tsx

@@ -45,7 +45,7 @@ const PasswordSignInForm = observer(() => {
 
     try {
       actionBtnLoadingState.setLoading();
-      await authServiceClient.signIn({ passwordCredentials: { username, password }, neverExpire: remember });
+      await authServiceClient.createSession({ passwordCredentials: { username, password }, neverExpire: remember });
       await initialUserStore();
       navigateTo("/");
     } catch (error: any) {

web/src/components/UserBanner.tsx

@@ -19,7 +19,7 @@ const UserBanner = (props: Props) => {
   const currentUser = useCurrentUser();
 
   const handleSignOut = async () => {
-    await authServiceClient.signOut({});
+    await authServiceClient.deleteSession({});
     window.location.href = Routes.AUTH;
   };
 

web/src/pages/AuthCallback.tsx

@@ -46,7 +46,7 @@ const AuthCallback = observer(() => {
     const redirectUri = absolutifyLink("/auth/callback");
     (async () => {
       try {
-        await authServiceClient.signIn({
+        await authServiceClient.createSession({
           ssoCredentials: {
             idpId: identityProviderId,
             code,

web/src/pages/SignUp.tsx

@@ -47,7 +47,7 @@ const SignUp = observer(() => {
 
     try {
       actionBtnLoadingState.setLoading();
-      await authServiceClient.signUp({ username, password });
+      await authServiceClient.registerUser({ username, password });
       await initialUserStore();
       navigateTo("/");
     } catch (error: any) {

web/src/types/proto/api/v1/auth_service.ts

@@ -18,7 +18,7 @@ export interface GetAuthStatusResponse {
   user?: User | undefined;
 }
 
-export interface SignInRequest {
+export interface CreateSessionRequest {
   /** Username and password authentication method. */
   passwordCredentials?:
     | PasswordCredentials
@@ -27,34 +27,58 @@ export interface SignInRequest {
   ssoCredentials?:
     | SSOCredentials
     | undefined;
-  /** Whether the session should never expire. */
+  /**
+   * Whether the session should never expire.
+   * Optional field that defaults to false for security.
+   */
   neverExpire: boolean;
 }
 
 export interface PasswordCredentials {
-  /** The username to sign in with. */
+  /**
+   * The username to sign in with.
+   * Required field for password-based authentication.
+   */
   username: string;
-  /** The password to sign in with. */
+  /**
+   * The password to sign in with.
+   * Required field for password-based authentication.
+   */
   password: string;
 }
 
 export interface SSOCredentials {
-  /** The ID of the SSO provider. */
+  /**
+   * The ID of the SSO provider.
+   * Required field to identify the SSO provider.
+   */
   idpId: number;
-  /** The code to sign in with. */
+  /**
+   * The authorization code from the SSO provider.
+   * Required field for completing the SSO flow.
+   */
   code: string;
-  /** The redirect URI. */
+  /**
+   * The redirect URI used in the SSO flow.
+   * Required field for security validation.
+   */
   redirectUri: string;
 }
 
-export interface SignUpRequest {
-  /** The username to sign up with. */
+export interface RegisterUserRequest {
+  /**
+   * The username to sign up with.
+   * Required field that must be unique across the system.
+   */
   username: string;
-  /** The password to sign up with. */
+  /**
+   * The password to sign up with.
+   * Required field that should meet security requirements.
+   */
   password: string;
 }
 
-export interface SignOutRequest {
+export interface DeleteSessionRequest {
 }
 
 function createBaseGetAuthStatusRequest(): GetAuthStatusRequest {
@@ -137,12 +161,12 @@ export const GetAuthStatusResponse: MessageFns<GetAuthStatusResponse> = {
   },
 };
 
-function createBaseSignInRequest(): SignInRequest {
+function createBaseCreateSessionRequest(): CreateSessionRequest {
   return { passwordCredentials: undefined, ssoCredentials: undefined, neverExpire: false };
 }
 
-export const SignInRequest: MessageFns<SignInRequest> = {
-  encode(message: SignInRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
+export const CreateSessionRequest: MessageFns<CreateSessionRequest> = {
+  encode(message: CreateSessionRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
     if (message.passwordCredentials !== undefined) {
       PasswordCredentials.encode(message.passwordCredentials, writer.uint32(10).fork()).join();
     }
@@ -155,10 +179,10 @@ export const SignInRequest: MessageFns<SignInRequest> = {
     return writer;
   },
 
-  decode(input: BinaryReader | Uint8Array, length?: number): SignInRequest {
+  decode(input: BinaryReader | Uint8Array, length?: number): CreateSessionRequest {
     const reader = input instanceof BinaryReader ? input : new BinaryReader(input);
     let end = length === undefined ? reader.len : reader.pos + length;
-    const message = createBaseSignInRequest();
+    const message = createBaseCreateSessionRequest();
     while (reader.pos < end) {
       const tag = reader.uint32();
       switch (tag >>> 3) {
@@ -195,11 +219,11 @@ export const SignInRequest: MessageFns<SignInRequest> = {
     return message;
   },
 
-  create(base?: DeepPartial<SignInRequest>): SignInRequest {
-    return SignInRequest.fromPartial(base ?? {});
+  create(base?: DeepPartial<CreateSessionRequest>): CreateSessionRequest {
+    return CreateSessionRequest.fromPartial(base ?? {});
   },
-  fromPartial(object: DeepPartial<SignInRequest>): SignInRequest {
-    const message = createBaseSignInRequest();
+  fromPartial(object: DeepPartial<CreateSessionRequest>): CreateSessionRequest {
+    const message = createBaseCreateSessionRequest();
     message.passwordCredentials = (object.passwordCredentials !== undefined && object.passwordCredentials !== null)
       ? PasswordCredentials.fromPartial(object.passwordCredentials)
       : undefined;
@@ -339,12 +363,12 @@ export const SSOCredentials: MessageFns<SSOCredentials> = {
   },
 };
 
-function createBaseSignUpRequest(): SignUpRequest {
+function createBaseRegisterUserRequest(): RegisterUserRequest {
   return { username: "", password: "" };
 }
 
-export const SignUpRequest: MessageFns<SignUpRequest> = {
-  encode(message: SignUpRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
+export const RegisterUserRequest: MessageFns<RegisterUserRequest> = {
+  encode(message: RegisterUserRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
     if (message.username !== "") {
       writer.uint32(10).string(message.username);
     }
@@ -354,10 +378,10 @@ export const SignUpRequest: MessageFns<SignUpRequest> = {
     return writer;
   },
 
-  decode(input: BinaryReader | Uint8Array, length?: number): SignUpRequest {
+  decode(input: BinaryReader | Uint8Array, length?: number): RegisterUserRequest {
     const reader = input instanceof BinaryReader ? input : new BinaryReader(input);
     let end = length === undefined ? reader.len : reader.pos + length;
-    const message = createBaseSignUpRequest();
+    const message = createBaseRegisterUserRequest();
     while (reader.pos < end) {
       const tag = reader.uint32();
       switch (tag >>> 3) {
@@ -386,30 +410,30 @@ export const SignUpRequest: MessageFns<SignUpRequest> = {
     return message;
   },
 
-  create(base?: DeepPartial<SignUpRequest>): SignUpRequest {
-    return SignUpRequest.fromPartial(base ?? {});
+  create(base?: DeepPartial<RegisterUserRequest>): RegisterUserRequest {
+    return RegisterUserRequest.fromPartial(base ?? {});
   },
-  fromPartial(object: DeepPartial<SignUpRequest>): SignUpRequest {
-    const message = createBaseSignUpRequest();
+  fromPartial(object: DeepPartial<RegisterUserRequest>): RegisterUserRequest {
+    const message = createBaseRegisterUserRequest();
     message.username = object.username ?? "";
     message.password = object.password ?? "";
     return message;
   },
 };
 
-function createBaseSignOutRequest(): SignOutRequest {
+function createBaseDeleteSessionRequest(): DeleteSessionRequest {
   return {};
 }
 
-export const SignOutRequest: MessageFns<SignOutRequest> = {
-  encode(_: SignOutRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
+export const DeleteSessionRequest: MessageFns<DeleteSessionRequest> = {
+  encode(_: DeleteSessionRequest, writer: BinaryWriter = new BinaryWriter()): BinaryWriter {
     return writer;
   },
 
-  decode(input: BinaryReader | Uint8Array, length?: number): SignOutRequest {
+  decode(input: BinaryReader | Uint8Array, length?: number): DeleteSessionRequest {
     const reader = input instanceof BinaryReader ? input : new BinaryReader(input);
     let end = length === undefined ? reader.len : reader.pos + length;
-    const message = createBaseSignOutRequest();
+    const message = createBaseDeleteSessionRequest();
     while (reader.pos < end) {
       const tag = reader.uint32();
       switch (tag >>> 3) {
@@ -422,11 +446,11 @@ export const SignOutRequest: MessageFns<SignOutRequest> = {
     return message;
   },
 
-  create(base?: DeepPartial<SignOutRequest>): SignOutRequest {
-    return SignOutRequest.fromPartial(base ?? {});
+  create(base?: DeepPartial<DeleteSessionRequest>): DeleteSessionRequest {
+    return DeleteSessionRequest.fromPartial(base ?? {});
   },
-  fromPartial(_: DeepPartial<SignOutRequest>): SignOutRequest {
-    const message = createBaseSignOutRequest();
+  fromPartial(_: DeepPartial<DeleteSessionRequest>): DeleteSessionRequest {
+    const message = createBaseDeleteSessionRequest();
     return message;
   },
 };
@@ -436,7 +460,10 @@ export const AuthServiceDefinition = {
   name: "AuthService",
   fullName: "memos.api.v1.AuthService",
   methods: {
-    /** GetAuthStatus returns the current auth status of the user. */
+    /**
+     * GetAuthStatus returns the current authentication status of the user.
+     * This method is idempotent and safe, suitable for checking authentication state.
+     */
     getAuthStatus: {
       name: "GetAuthStatus",
       requestType: GetAuthStatusRequest,
@@ -448,7 +475,7 @@ export const AuthServiceDefinition = {
           578365826: [
             new Uint8Array([
               21,
-              34,
+              18,
               19,
               47,
               97,
@@ -474,10 +501,13 @@ export const AuthServiceDefinition = {
         },
       },
     },
-    /** SignIn signs in the user. */
-    signIn: {
-      name: "SignIn",
-      requestType: SignInRequest,
+    /**
+     * CreateSession authenticates a user and creates a new session.
+     * Returns the authenticated user information upon successful authentication.
+     */
+    createSession: {
+      name: "CreateSession",
+      requestType: CreateSessionRequest,
       requestStream: false,
       responseType: User,
       responseStream: false,
@@ -485,9 +515,12 @@ export const AuthServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              21,
+              26,
+              58,
+              1,
+              42,
               34,
-              19,
+              21,
               47,
               97,
               112,
@@ -502,20 +535,25 @@ export const AuthServiceDefinition = {
               104,
               47,
               115,
+              101,
+              115,
+              115,
               105,
-              103,
-              110,
-              105,
+              111,
               110,
+              115,
             ]),
           ],
         },
       },
     },
-    /** SignUp signs up the user with the given username and password. */
-    signUp: {
-      name: "SignUp",
-      requestType: SignUpRequest,
+    /**
+     * RegisterUser creates a new user account with username and password.
+     * Returns the newly created user information upon successful registration.
+     */
+    registerUser: {
+      name: "RegisterUser",
+      requestType: RegisterUserRequest,
       requestStream: false,
       responseType: User,
       responseStream: false,
@@ -523,9 +561,12 @@ export const AuthServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              21,
+              23,
+              58,
+              1,
+              42,
               34,
-              19,
+              18,
               47,
               97,
               112,
@@ -539,21 +580,23 @@ export const AuthServiceDefinition = {
               116,
               104,
               47,
-              115,
-              105,
-              103,
-              110,
               117,
-              112,
+              115,
+              101,
+              114,
+              115,
             ]),
           ],
         },
       },
     },
-    /** SignOut signs out the user. */
-    signOut: {
-      name: "SignOut",
-      requestType: SignOutRequest,
+    /**
+     * DeleteSession terminates the current user session.
+     * This is an idempotent operation that invalidates the user's authentication.
+     */
+    deleteSession: {
+      name: "DeleteSession",
+      requestType: DeleteSessionRequest,
       requestStream: false,
       responseType: Empty,
       responseStream: false,
@@ -561,9 +604,9 @@ export const AuthServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              22,
-              34,
-              20,
+              31,
+              42,
+              29,
               47,
               97,
               112,
@@ -578,11 +621,20 @@ export const AuthServiceDefinition = {
               104,
               47,
               115,
+              101,
+              115,
+              115,
               105,
-              103,
-              110,
               111,
+              110,
+              115,
+              47,
+              99,
               117,
+              114,
+              114,
+              101,
+              110,
               116,
             ]),
           ],

web/src/types/proto/api/v1/markdown_service.ts

@@ -225,36 +225,46 @@ export function nodeTypeToNumber(object: NodeType): number {
 }
 
 export interface ParseMarkdownRequest {
+  /** The markdown content to parse. */
   markdown: string;
 }
 
 export interface ParseMarkdownResponse {
+  /** The parsed markdown nodes. */
   nodes: Node[];
 }
 
 export interface RestoreMarkdownNodesRequest {
+  /** The nodes to restore to markdown content. */
   nodes: Node[];
 }
 
 export interface RestoreMarkdownNodesResponse {
+  /** The restored markdown content. */
   markdown: string;
 }
 
 export interface StringifyMarkdownNodesRequest {
+  /** The nodes to stringify to plain text. */
   nodes: Node[];
 }
 
 export interface StringifyMarkdownNodesResponse {
+  /** The plain text content. */
   plainText: string;
 }
 
 export interface GetLinkMetadataRequest {
+  /** The link URL to get metadata for. */
   link: string;
 }
 
 export interface LinkMetadata {
+  /** The title of the linked page. */
   title: string;
+  /** The description of the linked page. */
   description: string;
+  /** The URL of the preview image for the linked page. */
   image: string;
 }
 
@@ -407,7 +417,9 @@ export interface TableNode_Row {
 }
 
 export interface EmbeddedContentNode {
+  /** The resource name of the embedded content. */
   resourceName: string;
+  /** Additional parameters for the embedded content. */
   params: string;
 }
 
@@ -478,7 +490,9 @@ export interface SuperscriptNode {
 }
 
 export interface ReferencedContentNode {
+  /** The resource name of the referenced content. */
   resourceName: string;
+  /** Additional parameters for the referenced content. */
   params: string;
 }
 
@@ -3202,7 +3216,10 @@ export const MarkdownServiceDefinition = {
   name: "MarkdownService",
   fullName: "memos.api.v1.MarkdownService",
   methods: {
-    /** ParseMarkdown parses the given markdown content and returns a list of nodes. */
+    /**
+     * ParseMarkdown parses the given markdown content and returns a list of nodes.
+     * This is a utility method that transforms markdown text into structured nodes.
+     */
     parseMarkdown: {
       name: "ParseMarkdown",
       requestType: ParseMarkdownRequest,
@@ -3246,7 +3263,10 @@ export const MarkdownServiceDefinition = {
         },
       },
     },
-    /** RestoreMarkdownNodes restores the given nodes to markdown content. */
+    /**
+     * RestoreMarkdownNodes restores the given nodes to markdown content.
+     * This is the inverse operation of ParseMarkdown.
+     */
     restoreMarkdownNodes: {
       name: "RestoreMarkdownNodes",
       requestType: RestoreMarkdownNodesRequest,
@@ -3257,12 +3277,12 @@ export const MarkdownServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              34,
+              29,
               58,
               1,
               42,
               34,
-              29,
+              24,
               47,
               97,
               112,
@@ -3279,11 +3299,6 @@ export const MarkdownServiceDefinition = {
               111,
               119,
               110,
-              47,
-              110,
-              111,
-              100,
-              101,
               58,
               114,
               101,
@@ -3297,7 +3312,10 @@ export const MarkdownServiceDefinition = {
         },
       },
     },
-    /** StringifyMarkdownNodes stringify the given nodes to plain text content. */
+    /**
+     * StringifyMarkdownNodes stringify the given nodes to plain text content.
+     * This removes all markdown formatting and returns plain text.
+     */
     stringifyMarkdownNodes: {
       name: "StringifyMarkdownNodes",
       requestType: StringifyMarkdownNodesRequest,
@@ -3308,12 +3326,12 @@ export const MarkdownServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              36,
+              31,
               58,
               1,
               42,
               34,
-              31,
+              26,
               47,
               97,
               112,
@@ -3330,11 +3348,6 @@ export const MarkdownServiceDefinition = {
               111,
               119,
               110,
-              47,
-              110,
-              111,
-              100,
-              101,
               58,
               115,
               116,
@@ -3350,7 +3363,10 @@ export const MarkdownServiceDefinition = {
         },
       },
     },
-    /** GetLinkMetadata returns metadata for a given link. */
+    /**
+     * GetLinkMetadata returns metadata for a given link.
+     * This is useful for generating link previews.
+     */
     getLinkMetadata: {
       name: "GetLinkMetadata",
       requestType: GetLinkMetadataRequest,
@@ -3361,9 +3377,9 @@ export const MarkdownServiceDefinition = {
         _unknownFields: {
           578365826: [
             new Uint8Array([
-              32,
+              36,
               18,
-              30,
+              34,
               47,
               97,
               112,
@@ -3385,8 +3401,12 @@ export const MarkdownServiceDefinition = {
               105,
               110,
               107,
+              115,
               58,
-              109,
+              103,
+              101,
+              116,
+              77,
               101,
               116,
               97,