chore: rename workspace setting service

api/v1/auth.go

@@ -62,7 +62,7 @@ func (s *APIV1Service) SignIn(c echo.Context) error {
 	ctx := c.Request().Context()
 	signin := &SignIn{}
 
-	disablePasswordLoginSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	disablePasswordLoginSystemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: SystemSettingDisablePasswordLoginName.String(),
 	})
 	if err != nil {
@@ -186,7 +186,7 @@ func (s *APIV1Service) SignInSSO(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Incorrect login credentials, please try again")
 	}
 	if user == nil {
-		allowSignUpSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+		allowSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 			Name: SystemSettingAllowSignUpName.String(),
 		})
 		if err != nil {
@@ -303,7 +303,7 @@ func (s *APIV1Service) SignUp(c echo.Context) error {
 		// Change the default role to host if there is no host user.
 		userCreate.Role = store.RoleHost
 	} else {
-		allowSignUpSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+		allowSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 			Name: SystemSettingAllowSignUpName.String(),
 		})
 		if err != nil {
@@ -321,7 +321,7 @@ func (s *APIV1Service) SignUp(c echo.Context) error {
 			return echo.NewHTTPError(http.StatusUnauthorized, "signup is disabled").SetInternal(err)
 		}
 
-		disablePasswordLoginSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+		disablePasswordLoginSystemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 			Name: SystemSettingDisablePasswordLoginName.String(),
 		})
 		if err != nil {

api/v1/memo.go

@@ -277,7 +277,7 @@ func (s *APIV1Service) CreateMemo(c echo.Context) error {
 	}
 
 	// Find disable public memos system setting.
-	disablePublicMemosSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	disablePublicMemosSystemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: SystemSettingDisablePublicMemosName.String(),
 	})
 	if err != nil {
@@ -714,7 +714,7 @@ func (s *APIV1Service) UpdateMemo(c echo.Context) error {
 		visibility := store.Visibility(patchMemoRequest.Visibility.String())
 		updateMemoMessage.Visibility = &visibility
 		// Find disable public memos system setting.
-		disablePublicMemosSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+		disablePublicMemosSystemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 			Name: SystemSettingDisablePublicMemosName.String(),
 		})
 		if err != nil {
@@ -905,7 +905,7 @@ func (s *APIV1Service) convertMemoFromStore(ctx context.Context, memo *store.Mem
 }
 
 func (s *APIV1Service) getMemoDisplayWithUpdatedTsSettingValue(ctx context.Context) (bool, error) {
-	memoDisplayWithUpdatedTsSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	memoDisplayWithUpdatedTsSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: SystemSettingMemoDisplayWithUpdatedTsName.String(),
 	})
 	if err != nil {

api/v1/resource.go

@@ -186,7 +186,7 @@ func (s *APIV1Service) UploadResource(c echo.Context) error {
 	}
 
 	// This is the backend default max upload size limit.
-	maxUploadSetting := s.Store.GetSystemSettingValueWithDefault(ctx, SystemSettingMaxUploadSizeMiBName.String(), "32")
+	maxUploadSetting := s.Store.GetWorkspaceSettingWithDefaultValue(ctx, SystemSettingMaxUploadSizeMiBName.String(), "32")
 	var settingMaxUploadSizeBytes int
 	if settingMaxUploadSizeMiB, err := strconv.Atoi(maxUploadSetting); err == nil {
 		settingMaxUploadSizeBytes = settingMaxUploadSizeMiB * MebiByte
@@ -390,7 +390,7 @@ func convertResourceFromStore(resource *store.Resource) *Resource {
 // 2. *LocalStorage*: `create.InternalPath`.
 // 3. Others( external service): `create.ExternalLink`.
 func SaveResourceBlob(ctx context.Context, s *store.Store, create *store.Resource, r io.Reader) error {
-	systemSettingStorageServiceID, err := s.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingStorageServiceIDName.String()})
+	systemSettingStorageServiceID, err := s.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{Name: SystemSettingStorageServiceIDName.String()})
 	if err != nil {
 		return errors.Wrap(err, "Failed to find SystemSettingStorageServiceIDName")
 	}
@@ -413,7 +413,7 @@ func SaveResourceBlob(ctx context.Context, s *store.Store, create *store.Resourc
 		return nil
 	} else if storageServiceID == LocalStorage {
 		// `LocalStorage` means save blob into local disk
-		systemSettingLocalStoragePath, err := s.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingLocalStoragePathName.String()})
+		systemSettingLocalStoragePath, err := s.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{Name: SystemSettingLocalStoragePathName.String()})
 		if err != nil {
 			return errors.Wrap(err, "Failed to find SystemSettingLocalStoragePathName")
 		}

api/v1/storage.go

@@ -209,7 +209,7 @@ func (s *APIV1Service) DeleteStorage(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("storageId"))).SetInternal(err)
 	}
 
-	systemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{Name: SystemSettingStorageServiceIDName.String()})
+	systemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{Name: SystemSettingStorageServiceIDName.String()})
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find storage").SetInternal(err)
 	}

api/v1/system.go

@@ -97,7 +97,7 @@ func (s *APIV1Service) GetSystemStatus(c echo.Context) error {
 		systemStatus.Host = &User{ID: hostUser.ID}
 	}
 
-	systemSettingList, err := s.Store.ListSystemSettings(ctx, &store.FindSystemSetting{})
+	systemSettingList, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting list").SetInternal(err)
 	}

api/v1/system_setting.go

@@ -110,7 +110,7 @@ func (s *APIV1Service) GetSystemSettingList(c echo.Context) error {
 		return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
 	}
 
-	list, err := s.Store.ListSystemSettings(ctx, &store.FindSystemSetting{})
+	list, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
 	if err != nil {
 		return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find system setting list").SetInternal(err)
 	}
@@ -174,7 +174,7 @@ func (s *APIV1Service) CreateSystemSetting(c echo.Context) error {
 		}
 	}
 
-	systemSetting, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+	systemSetting, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 		Name:        systemSettingUpsert.Name.String(),
 		Value:       systemSettingUpsert.Value,
 		Description: systemSettingUpsert.Description,
@@ -289,7 +289,7 @@ func (upsert UpsertSystemSettingRequest) Validate() error {
 	return nil
 }
 
-func convertSystemSettingFromStore(systemSetting *store.SystemSetting) *SystemSetting {
+func convertSystemSettingFromStore(systemSetting *store.WorkspaceSetting) *SystemSetting {
 	return &SystemSetting{
 		Name:        SystemSettingName(systemSetting.Name),
 		Value:       systemSetting.Value,

api/v2/apidocs.swagger.yaml

@@ -18,8 +18,101 @@ consumes:
 produces:
   - application/json
 paths:
+  /api/v2/auth/signin:
+    post:
+      summary: SignIn signs in the user with the given username and password.
+      operationId: AuthService_SignIn
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v2SignInResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/googlerpcStatus'
+      parameters:
+        - name: username
+          in: query
+          required: false
+          type: string
+        - name: password
+          in: query
+          required: false
+          type: string
+      tags:
+        - AuthService
+  /api/v2/auth/signin/sso:
+    post:
+      summary: SignInWithSSO signs in the user with the given SSO code.
+      operationId: AuthService_SignInWithSSO
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v2SignInWithSSOResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/googlerpcStatus'
+      parameters:
+        - name: idpId
+          in: query
+          required: false
+          type: integer
+          format: int32
+        - name: code
+          in: query
+          required: false
+          type: string
+        - name: redirectUri
+          in: query
+          required: false
+          type: string
+      tags:
+        - AuthService
+  /api/v2/auth/signout:
+    post:
+      summary: SignOut signs out the user.
+      operationId: AuthService_SignOut
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v2SignOutResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/googlerpcStatus'
+      tags:
+        - AuthService
+  /api/v2/auth/signup:
+    post:
+      summary: SignUp signs up the user with the given username and password.
+      operationId: AuthService_SignUp
+      responses:
+        "200":
+          description: A successful response.
+          schema:
+            $ref: '#/definitions/v2SignUpResponse'
+        default:
+          description: An unexpected error response.
+          schema:
+            $ref: '#/definitions/googlerpcStatus'
+      parameters:
+        - name: username
+          in: query
+          required: false
+          type: string
+        - name: password
+          in: query
+          required: false
+          type: string
+      tags:
+        - AuthService
   /api/v2/auth/status:
     post:
+      summary: GetAuthStatus returns the current auth status of the user.
       operationId: AuthService_GetAuthStatus
       responses:
         "200":
@@ -1922,6 +2015,23 @@ definitions:
     type: object
   v2SetMemoResourcesResponse:
     type: object
+  v2SignInResponse:
+    type: object
+    properties:
+      user:
+        $ref: '#/definitions/v2User'
+  v2SignInWithSSOResponse:
+    type: object
+    properties:
+      user:
+        $ref: '#/definitions/v2User'
+  v2SignOutResponse:
+    type: object
+  v2SignUpResponse:
+    type: object
+    properties:
+      user:
+        $ref: '#/definitions/v2User'
   v2StrikethroughNode:
     type: object
     properties:

api/v2/memo_service.go

@@ -666,7 +666,7 @@ func (s *APIV2Service) convertMemoFromStore(ctx context.Context, memo *store.Mem
 }
 
 func (s *APIV2Service) getMemoDisplayWithUpdatedTsSettingValue(ctx context.Context) (bool, error) {
-	memoDisplayWithUpdatedTsSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	memoDisplayWithUpdatedTsSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: apiv1.SystemSettingMemoDisplayWithUpdatedTsName.String(),
 	})
 	if err != nil {
@@ -684,7 +684,7 @@ func (s *APIV2Service) getMemoDisplayWithUpdatedTsSettingValue(ctx context.Conte
 }
 
 func (s *APIV2Service) getDisablePublicMemosSystemSettingValue(ctx context.Context) (bool, error) {
-	disablePublicMemosSystemSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	disablePublicMemosSystemSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: apiv1.SystemSettingDisablePublicMemosName.String(),
 	})
 	if err != nil {

api/v2/workspace_service.go

@@ -37,7 +37,7 @@ func (s *APIV2Service) UpdateWorkspaceProfile(ctx context.Context, request *apiv
 	// Update system settings.
 	for _, field := range request.UpdateMask.Paths {
 		if field == "allow_registration" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+			_, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 				Name:  "allow-signup",
 				Value: strconv.FormatBool(request.WorkspaceProfile.AllowRegistration),
 			})
@@ -45,7 +45,7 @@ func (s *APIV2Service) UpdateWorkspaceProfile(ctx context.Context, request *apiv
 				return nil, status.Errorf(codes.Internal, "failed to update allow_registration system setting: %v", err)
 			}
 		} else if field == "disable_password_login" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+			_, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 				Name:  "disable-password-login",
 				Value: strconv.FormatBool(request.WorkspaceProfile.DisablePasswordLogin),
 			})
@@ -53,7 +53,7 @@ func (s *APIV2Service) UpdateWorkspaceProfile(ctx context.Context, request *apiv
 				return nil, status.Errorf(codes.Internal, "failed to update disable_password_login system setting: %v", err)
 			}
 		} else if field == "additional_script" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+			_, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 				Name:  "additional-script",
 				Value: request.WorkspaceProfile.AdditionalScript,
 			})
@@ -61,7 +61,7 @@ func (s *APIV2Service) UpdateWorkspaceProfile(ctx context.Context, request *apiv
 				return nil, status.Errorf(codes.Internal, "failed to update additional_script system setting: %v", err)
 			}
 		} else if field == "additional_style" {
-			_, err := s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+			_, err := s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 				Name:  "additional-style",
 				Value: request.WorkspaceProfile.AdditionalStyle,
 			})

internal/jobs/presign_link.go

@@ -97,7 +97,7 @@ func signExternalLinks(ctx context.Context, dataStore *store.Store) error {
 // Returns error only in case of internal problems (ie: database or configuration issues).
 // May return nil client and nil error.
 func findObjectStorage(ctx context.Context, dataStore *store.Store) (*s3.Client, error) {
-	systemSettingStorageServiceID, err := dataStore.GetSystemSetting(ctx, &store.FindSystemSetting{Name: apiv1.SystemSettingStorageServiceIDName.String()})
+	systemSettingStorageServiceID, err := dataStore.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{Name: apiv1.SystemSettingStorageServiceIDName.String()})
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to find SystemSettingStorageServiceIDName")
 	}

proto/api/v2/auth_service.proto

@@ -8,9 +8,26 @@ import "google/api/annotations.proto";
 option go_package = "gen/api/v2";
 
 service AuthService {
+  // GetAuthStatus returns the current auth status of the user.
   rpc GetAuthStatus(GetAuthStatusRequest) returns (GetAuthStatusResponse) {
     option (google.api.http) = {post: "/api/v2/auth/status"};
   }
+  // SignIn signs in the user with the given username and password.
+  rpc SignIn(SignInRequest) returns (SignInResponse) {
+    option (google.api.http) = {post: "/api/v2/auth/signin"};
+  }
+  // SignInWithSSO signs in the user with the given SSO code.
+  rpc SignInWithSSO(SignInWithSSORequest) returns (SignInWithSSOResponse) {
+    option (google.api.http) = {post: "/api/v2/auth/signin/sso"};
+  }
+  // SignUp signs up the user with the given username and password.
+  rpc SignUp(SignUpRequest) returns (SignUpResponse) {
+    option (google.api.http) = {post: "/api/v2/auth/signup"};
+  }
+  // SignOut signs out the user.
+  rpc SignOut(SignOutRequest) returns (SignOutResponse) {
+    option (google.api.http) = {post: "/api/v2/auth/signout"};
+  }
 }
 
 message GetAuthStatusRequest {}
@@ -18,3 +35,35 @@ message GetAuthStatusRequest {}
 message GetAuthStatusResponse {
   User user = 1;
 }
+
+message SignInRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message SignInResponse {
+  User user = 1;
+}
+
+message SignInWithSSORequest {
+  int32 idp_id = 1;
+  string code = 2;
+  string redirect_uri = 3;
+}
+
+message SignInWithSSOResponse {
+  User user = 1;
+}
+
+message SignUpRequest {
+  string username = 1;
+  string password = 2;
+}
+
+message SignUpResponse {
+  User user = 1;
+}
+
+message SignOutRequest {}
+
+message SignOutResponse {}

proto/gen/api/v2/README.md

@@ -50,6 +50,14 @@
 - [api/v2/auth_service.proto](#api_v2_auth_service-proto)
     - [GetAuthStatusRequest](#memos-api-v2-GetAuthStatusRequest)
     - [GetAuthStatusResponse](#memos-api-v2-GetAuthStatusResponse)
+    - [SignInRequest](#memos-api-v2-SignInRequest)
+    - [SignInResponse](#memos-api-v2-SignInResponse)
+    - [SignInWithSSORequest](#memos-api-v2-SignInWithSSORequest)
+    - [SignInWithSSOResponse](#memos-api-v2-SignInWithSSOResponse)
+    - [SignOutRequest](#memos-api-v2-SignOutRequest)
+    - [SignOutResponse](#memos-api-v2-SignOutResponse)
+    - [SignUpRequest](#memos-api-v2-SignUpRequest)
+    - [SignUpResponse](#memos-api-v2-SignUpResponse)
   
     - [AuthService](#memos-api-v2-AuthService)
   
@@ -804,6 +812,120 @@ Used internally for obfuscating the page token.
 
 
 
+
+<a name="memos-api-v2-SignInRequest"></a>
+
+### SignInRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| username | [string](#string) |  |  |
+| password | [string](#string) |  |  |
+
+
+
+
+
+
+<a name="memos-api-v2-SignInResponse"></a>
+
+### SignInResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| user | [User](#memos-api-v2-User) |  |  |
+
+
+
+
+
+
+<a name="memos-api-v2-SignInWithSSORequest"></a>
+
+### SignInWithSSORequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| idp_id | [int32](#int32) |  |  |
+| code | [string](#string) |  |  |
+| redirect_uri | [string](#string) |  |  |
+
+
+
+
+
+
+<a name="memos-api-v2-SignInWithSSOResponse"></a>
+
+### SignInWithSSOResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| user | [User](#memos-api-v2-User) |  |  |
+
+
+
+
+
+
+<a name="memos-api-v2-SignOutRequest"></a>
+
+### SignOutRequest
+
+
+
+
+
+
+
+<a name="memos-api-v2-SignOutResponse"></a>
+
+### SignOutResponse
+
+
+
+
+
+
+
+<a name="memos-api-v2-SignUpRequest"></a>
+
+### SignUpRequest
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| username | [string](#string) |  |  |
+| password | [string](#string) |  |  |
+
+
+
+
+
+
+<a name="memos-api-v2-SignUpResponse"></a>
+
+### SignUpResponse
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| user | [User](#memos-api-v2-User) |  |  |
+
+
+
+
+
  
 
  
@@ -818,7 +940,11 @@ Used internally for obfuscating the page token.
 
 | Method Name | Request Type | Response Type | Description |
 | ----------- | ------------ | ------------- | ------------|
-| GetAuthStatus | [GetAuthStatusRequest](#memos-api-v2-GetAuthStatusRequest) | [GetAuthStatusResponse](#memos-api-v2-GetAuthStatusResponse) |  |
+| GetAuthStatus | [GetAuthStatusRequest](#memos-api-v2-GetAuthStatusRequest) | [GetAuthStatusResponse](#memos-api-v2-GetAuthStatusResponse) | GetAuthStatus returns the current auth status of the user. |
+| SignIn | [SignInRequest](#memos-api-v2-SignInRequest) | [SignInResponse](#memos-api-v2-SignInResponse) | SignIn signs in the user with the given username and password. |
+| SignInWithSSO | [SignInWithSSORequest](#memos-api-v2-SignInWithSSORequest) | [SignInWithSSOResponse](#memos-api-v2-SignInWithSSOResponse) | SignInWithSSO signs in the user with the given SSO code. |
+| SignUp | [SignUpRequest](#memos-api-v2-SignUpRequest) | [SignUpResponse](#memos-api-v2-SignUpResponse) | SignUp signs up the user with the given username and password. |
+| SignOut | [SignOutRequest](#memos-api-v2-SignOutRequest) | [SignOutResponse](#memos-api-v2-SignOutResponse) | SignOut signs out the user. |
 
  
 

proto/gen/api/v2/auth_service_grpc.pb.go

@@ -20,13 +20,26 @@ const _ = grpc.SupportPackageIsVersion7
 
 const (
 	AuthService_GetAuthStatus_FullMethodName = "/memos.api.v2.AuthService/GetAuthStatus"
+	AuthService_SignIn_FullMethodName        = "/memos.api.v2.AuthService/SignIn"
+	AuthService_SignInWithSSO_FullMethodName = "/memos.api.v2.AuthService/SignInWithSSO"
+	AuthService_SignUp_FullMethodName        = "/memos.api.v2.AuthService/SignUp"
+	AuthService_SignOut_FullMethodName       = "/memos.api.v2.AuthService/SignOut"
 )
 
 // AuthServiceClient is the client API for AuthService service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type AuthServiceClient interface {
+	// GetAuthStatus returns the current auth status of the user.
 	GetAuthStatus(ctx context.Context, in *GetAuthStatusRequest, opts ...grpc.CallOption) (*GetAuthStatusResponse, error)
+	// SignIn signs in the user with the given username and password.
+	SignIn(ctx context.Context, in *SignInRequest, opts ...grpc.CallOption) (*SignInResponse, error)
+	// SignInWithSSO signs in the user with the given SSO code.
+	SignInWithSSO(ctx context.Context, in *SignInWithSSORequest, opts ...grpc.CallOption) (*SignInWithSSOResponse, error)
+	// SignUp signs up the user with the given username and password.
+	SignUp(ctx context.Context, in *SignUpRequest, opts ...grpc.CallOption) (*SignUpResponse, error)
+	// SignOut signs out the user.
+	SignOut(ctx context.Context, in *SignOutRequest, opts ...grpc.CallOption) (*SignOutResponse, error)
 }
 
 type authServiceClient struct {
@@ -46,11 +59,56 @@ func (c *authServiceClient) GetAuthStatus(ctx context.Context, in *GetAuthStatus
 	return out, nil
 }
 
+func (c *authServiceClient) SignIn(ctx context.Context, in *SignInRequest, opts ...grpc.CallOption) (*SignInResponse, error) {
+	out := new(SignInResponse)
+	err := c.cc.Invoke(ctx, AuthService_SignIn_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SignInWithSSO(ctx context.Context, in *SignInWithSSORequest, opts ...grpc.CallOption) (*SignInWithSSOResponse, error) {
+	out := new(SignInWithSSOResponse)
+	err := c.cc.Invoke(ctx, AuthService_SignInWithSSO_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SignUp(ctx context.Context, in *SignUpRequest, opts ...grpc.CallOption) (*SignUpResponse, error) {
+	out := new(SignUpResponse)
+	err := c.cc.Invoke(ctx, AuthService_SignUp_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authServiceClient) SignOut(ctx context.Context, in *SignOutRequest, opts ...grpc.CallOption) (*SignOutResponse, error) {
+	out := new(SignOutResponse)
+	err := c.cc.Invoke(ctx, AuthService_SignOut_FullMethodName, in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // AuthServiceServer is the server API for AuthService service.
 // All implementations must embed UnimplementedAuthServiceServer
 // for forward compatibility
 type AuthServiceServer interface {
+	// GetAuthStatus returns the current auth status of the user.
 	GetAuthStatus(context.Context, *GetAuthStatusRequest) (*GetAuthStatusResponse, error)
+	// SignIn signs in the user with the given username and password.
+	SignIn(context.Context, *SignInRequest) (*SignInResponse, error)
+	// SignInWithSSO signs in the user with the given SSO code.
+	SignInWithSSO(context.Context, *SignInWithSSORequest) (*SignInWithSSOResponse, error)
+	// SignUp signs up the user with the given username and password.
+	SignUp(context.Context, *SignUpRequest) (*SignUpResponse, error)
+	// SignOut signs out the user.
+	SignOut(context.Context, *SignOutRequest) (*SignOutResponse, error)
 	mustEmbedUnimplementedAuthServiceServer()
 }
 
@@ -61,6 +119,18 @@ type UnimplementedAuthServiceServer struct {
 func (UnimplementedAuthServiceServer) GetAuthStatus(context.Context, *GetAuthStatusRequest) (*GetAuthStatusResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetAuthStatus not implemented")
 }
+func (UnimplementedAuthServiceServer) SignIn(context.Context, *SignInRequest) (*SignInResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SignIn not implemented")
+}
+func (UnimplementedAuthServiceServer) SignInWithSSO(context.Context, *SignInWithSSORequest) (*SignInWithSSOResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SignInWithSSO not implemented")
+}
+func (UnimplementedAuthServiceServer) SignUp(context.Context, *SignUpRequest) (*SignUpResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SignUp not implemented")
+}
+func (UnimplementedAuthServiceServer) SignOut(context.Context, *SignOutRequest) (*SignOutResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method SignOut not implemented")
+}
 func (UnimplementedAuthServiceServer) mustEmbedUnimplementedAuthServiceServer() {}
 
 // UnsafeAuthServiceServer may be embedded to opt out of forward compatibility for this service.
@@ -92,6 +162,78 @@ func _AuthService_GetAuthStatus_Handler(srv interface{}, ctx context.Context, de
 	return interceptor(ctx, in, info, handler)
 }
 
+func _AuthService_SignIn_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SignInRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SignIn(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SignIn_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SignIn(ctx, req.(*SignInRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SignInWithSSO_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SignInWithSSORequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SignInWithSSO(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SignInWithSSO_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SignInWithSSO(ctx, req.(*SignInWithSSORequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SignUp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SignUpRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SignUp(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SignUp_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SignUp(ctx, req.(*SignUpRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _AuthService_SignOut_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SignOutRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServiceServer).SignOut(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: AuthService_SignOut_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServiceServer).SignOut(ctx, req.(*SignOutRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // AuthService_ServiceDesc is the grpc.ServiceDesc for AuthService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -103,6 +245,22 @@ var AuthService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetAuthStatus",
 			Handler:    _AuthService_GetAuthStatus_Handler,
 		},
+		{
+			MethodName: "SignIn",
+			Handler:    _AuthService_SignIn_Handler,
+		},
+		{
+			MethodName: "SignInWithSSO",
+			Handler:    _AuthService_SignInWithSSO_Handler,
+		},
+		{
+			MethodName: "SignUp",
+			Handler:    _AuthService_SignUp_Handler,
+		},
+		{
+			MethodName: "SignOut",
+			Handler:    _AuthService_SignOut_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "api/v2/auth_service.proto",

proto/gen/store/README.md

@@ -27,7 +27,7 @@
     - [Webhook](#memos-store-Webhook)
   
 - [store/workspace_setting.proto](#store_workspace_setting-proto)
-    - [WorkspaceProfileSetting](#memos-store-WorkspaceProfileSetting)
+    - [WorkspaceGeneralSetting](#memos-store-WorkspaceGeneralSetting)
   
     - [WorkspaceSettingKey](#memos-store-WorkspaceSettingKey)
   
@@ -300,9 +300,9 @@
 
 
 
-<a name="memos-store-WorkspaceProfileSetting"></a>
+<a name="memos-store-WorkspaceGeneralSetting"></a>
 
-### WorkspaceProfileSetting
+### WorkspaceGeneralSetting
 
 
 
@@ -310,6 +310,7 @@
 | ----- | ---- | ----- | ----------- |
 | instance_url | [string](#string) |  |  |
 | disallow_signup | [bool](#bool) |  |  |
+| disallow_password_login | [bool](#bool) |  |  |
 
 
 
@@ -326,7 +327,7 @@
 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | WORKSPACE_SETTING_KEY_UNSPECIFIED | 0 |  |
-| WORKSPACE_SETTING_PROFILE | 1 |  |
+| WORKSPACE_SETTING_GENERAL | 1 |  |
 
 
  

proto/gen/store/workspace_setting.pb.go

@@ -24,18 +24,18 @@ type WorkspaceSettingKey int32
 
 const (
 	WorkspaceSettingKey_WORKSPACE_SETTING_KEY_UNSPECIFIED WorkspaceSettingKey = 0
-	WorkspaceSettingKey_WORKSPACE_SETTING_PROFILE         WorkspaceSettingKey = 1
+	WorkspaceSettingKey_WORKSPACE_SETTING_GENERAL         WorkspaceSettingKey = 1
 )
 
 // Enum value maps for WorkspaceSettingKey.
 var (
 	WorkspaceSettingKey_name = map[int32]string{
 		0: "WORKSPACE_SETTING_KEY_UNSPECIFIED",
-		1: "WORKSPACE_SETTING_PROFILE",
+		1: "WORKSPACE_SETTING_GENERAL",
 	}
 	WorkspaceSettingKey_value = map[string]int32{
 		"WORKSPACE_SETTING_KEY_UNSPECIFIED": 0,
-		"WORKSPACE_SETTING_PROFILE":         1,
+		"WORKSPACE_SETTING_GENERAL":         1,
 	}
 )
 
@@ -66,17 +66,18 @@ func (WorkspaceSettingKey) EnumDescriptor() ([]byte, []int) {
 	return file_store_workspace_setting_proto_rawDescGZIP(), []int{0}
 }
 
-type WorkspaceProfileSetting struct {
+type WorkspaceGeneralSetting struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	InstanceUrl    string `protobuf:"bytes,1,opt,name=instance_url,json=instanceUrl,proto3" json:"instance_url,omitempty"`
-	DisallowSignup bool   `protobuf:"varint,2,opt,name=disallow_signup,json=disallowSignup,proto3" json:"disallow_signup,omitempty"`
+	InstanceUrl           string `protobuf:"bytes,1,opt,name=instance_url,json=instanceUrl,proto3" json:"instance_url,omitempty"`
+	DisallowSignup        bool   `protobuf:"varint,2,opt,name=disallow_signup,json=disallowSignup,proto3" json:"disallow_signup,omitempty"`
+	DisallowPasswordLogin bool   `protobuf:"varint,3,opt,name=disallow_password_login,json=disallowPasswordLogin,proto3" json:"disallow_password_login,omitempty"`
 }
 
-func (x *WorkspaceProfileSetting) Reset() {
-	*x = WorkspaceProfileSetting{}
+func (x *WorkspaceGeneralSetting) Reset() {
+	*x = WorkspaceGeneralSetting{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_store_workspace_setting_proto_msgTypes[0]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -84,13 +85,13 @@ func (x *WorkspaceProfileSetting) Reset() {
 	}
 }
 
-func (x *WorkspaceProfileSetting) String() string {
+func (x *WorkspaceGeneralSetting) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*WorkspaceProfileSetting) ProtoMessage() {}
+func (*WorkspaceGeneralSetting) ProtoMessage() {}
 
-func (x *WorkspaceProfileSetting) ProtoReflect() protoreflect.Message {
+func (x *WorkspaceGeneralSetting) ProtoReflect() protoreflect.Message {
 	mi := &file_store_workspace_setting_proto_msgTypes[0]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -102,54 +103,65 @@ func (x *WorkspaceProfileSetting) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use WorkspaceProfileSetting.ProtoReflect.Descriptor instead.
-func (*WorkspaceProfileSetting) Descriptor() ([]byte, []int) {
+// Deprecated: Use WorkspaceGeneralSetting.ProtoReflect.Descriptor instead.
+func (*WorkspaceGeneralSetting) Descriptor() ([]byte, []int) {
 	return file_store_workspace_setting_proto_rawDescGZIP(), []int{0}
 }
 
-func (x *WorkspaceProfileSetting) GetInstanceUrl() string {
+func (x *WorkspaceGeneralSetting) GetInstanceUrl() string {
 	if x != nil {
 		return x.InstanceUrl
 	}
 	return ""
 }
 
-func (x *WorkspaceProfileSetting) GetDisallowSignup() bool {
+func (x *WorkspaceGeneralSetting) GetDisallowSignup() bool {
 	if x != nil {
 		return x.DisallowSignup
 	}
 	return false
 }
 
+func (x *WorkspaceGeneralSetting) GetDisallowPasswordLogin() bool {
+	if x != nil {
+		return x.DisallowPasswordLogin
+	}
+	return false
+}
+
 var File_store_workspace_setting_proto protoreflect.FileDescriptor
 
 var file_store_workspace_setting_proto_rawDesc = []byte{
 	0x0a, 0x1d, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63,
 	0x65, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12,
-	0x0b, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x22, 0x65, 0x0a, 0x17,
-	0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65,
-	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61,
-	0x6e, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69,
-	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69,
-	0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x70, 0x18, 0x02, 0x20,
-	0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x69, 0x67,
-	0x6e, 0x75, 0x70, 0x2a, 0x5b, 0x0a, 0x13, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65,
-	0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x0a, 0x21, 0x57, 0x4f,
+	0x0b, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x22, 0x9d, 0x01, 0x0a,
+	0x17, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x64,
+	0x69, 0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x75, 0x70, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x53, 0x69,
+	0x67, 0x6e, 0x75, 0x70, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x69, 0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77,
+	0x5f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x64, 0x69, 0x73, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x50,
+	0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x2a, 0x5b, 0x0a, 0x13,
+	0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67,
+	0x4b, 0x65, 0x79, 0x12, 0x25, 0x0a, 0x21, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x50, 0x41, 0x43, 0x45,
+	0x5f, 0x53, 0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x55, 0x4e, 0x53,
+	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x57, 0x4f,
 	0x52, 0x4b, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x53, 0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f,
-	0x4b, 0x45, 0x59, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
-	0x00, 0x12, 0x1d, 0x0a, 0x19, 0x57, 0x4f, 0x52, 0x4b, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x53,
-	0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x52, 0x4f, 0x46, 0x49, 0x4c, 0x45, 0x10, 0x01,
-	0x42, 0xa0, 0x01, 0x0a, 0x0f, 0x63, 0x6f, 0x6d, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x73,
-	0x74, 0x6f, 0x72, 0x65, 0x42, 0x15, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x53,
-	0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x73, 0x65, 0x6d, 0x65, 0x6d,
-	0x6f, 0x73, 0x2f, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67,
-	0x65, 0x6e, 0x2f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0xa2, 0x02, 0x03, 0x4d, 0x53, 0x58, 0xaa, 0x02,
-	0x0b, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0xca, 0x02, 0x0b, 0x4d,
-	0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x53, 0x74, 0x6f, 0x72, 0x65, 0xe2, 0x02, 0x17, 0x4d, 0x65, 0x6d,
-	0x6f, 0x73, 0x5c, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
-	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0c, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x53, 0x74,
-	0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, 0x4c, 0x10, 0x01, 0x42, 0xa0, 0x01, 0x0a, 0x0f, 0x63, 0x6f,
+	0x6d, 0x2e, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2e, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x42, 0x15, 0x57,
+	0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x75, 0x73, 0x65, 0x6d, 0x65, 0x6d, 0x6f, 0x73, 0x2f, 0x6d, 0x65, 0x6d, 0x6f,
+	0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x73, 0x74, 0x6f, 0x72,
+	0x65, 0xa2, 0x02, 0x03, 0x4d, 0x53, 0x58, 0xaa, 0x02, 0x0b, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x2e,
+	0x53, 0x74, 0x6f, 0x72, 0x65, 0xca, 0x02, 0x0b, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x53, 0x74,
+	0x6f, 0x72, 0x65, 0xe2, 0x02, 0x17, 0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x5c, 0x53, 0x74, 0x6f, 0x72,
+	0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x0c,
+	0x4d, 0x65, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -168,7 +180,7 @@ var file_store_workspace_setting_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
 var file_store_workspace_setting_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
 var file_store_workspace_setting_proto_goTypes = []interface{}{
 	(WorkspaceSettingKey)(0),        // 0: memos.store.WorkspaceSettingKey
-	(*WorkspaceProfileSetting)(nil), // 1: memos.store.WorkspaceProfileSetting
+	(*WorkspaceGeneralSetting)(nil), // 1: memos.store.WorkspaceGeneralSetting
 }
 var file_store_workspace_setting_proto_depIdxs = []int32{
 	0, // [0:0] is the sub-list for method output_type
@@ -185,7 +197,7 @@ func file_store_workspace_setting_proto_init() {
 	}
 	if !protoimpl.UnsafeEnabled {
 		file_store_workspace_setting_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WorkspaceProfileSetting); i {
+			switch v := v.(*WorkspaceGeneralSetting); i {
 			case 0:
 				return &v.state
 			case 1:

proto/store/workspace_setting.proto

@@ -6,11 +6,13 @@ option go_package = "gen/store";
 
 enum WorkspaceSettingKey {
   WORKSPACE_SETTING_KEY_UNSPECIFIED = 0;
-  WORKSPACE_SETTING_PROFILE = 1;
+  WORKSPACE_SETTING_GENERAL = 1;
 }
 
-message WorkspaceProfileSetting {
+message WorkspaceGeneralSetting {
   string instance_url = 1;
 
   bool disallow_signup = 2;
+
+  bool disallow_password_login = 3;
 }

server/frontend/frontend.go

@@ -81,7 +81,7 @@ func (s *FrontendService) registerRoutes(e *echo.Echo) {
 }
 
 func (s *FrontendService) registerFileRoutes(ctx context.Context, e *echo.Echo) {
-	instanceURLSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	instanceURLSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: apiv1.SystemSettingInstanceURLName.String(),
 	})
 	if err != nil || instanceURLSetting == nil {

server/integration/telegram.go

@@ -26,7 +26,7 @@ func NewTelegramHandler(store *store.Store) *TelegramHandler {
 }
 
 func (t *TelegramHandler) BotToken(ctx context.Context) string {
-	return t.store.GetSystemSettingValueWithDefault(ctx, apiv1.SystemSettingTelegramBotTokenName.String(), "")
+	return t.store.GetWorkspaceSettingWithDefaultValue(ctx, apiv1.SystemSettingTelegramBotTokenName.String(), "")
 }
 
 const (

server/server.go

@@ -135,14 +135,14 @@ func (s *Server) GetEcho() *echo.Echo {
 }
 
 func (s *Server) getSystemServerID(ctx context.Context) (string, error) {
-	serverIDSetting, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	serverIDSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: apiv1.SystemSettingServerIDName.String(),
 	})
 	if err != nil {
 		return "", err
 	}
 	if serverIDSetting == nil || serverIDSetting.Value == "" {
-		serverIDSetting, err = s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+		serverIDSetting, err = s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 			Name:  apiv1.SystemSettingServerIDName.String(),
 			Value: uuid.NewString(),
 		})
@@ -154,14 +154,14 @@ func (s *Server) getSystemServerID(ctx context.Context) (string, error) {
 }
 
 func (s *Server) getSystemSecretSessionName(ctx context.Context) (string, error) {
-	secretSessionNameValue, err := s.Store.GetSystemSetting(ctx, &store.FindSystemSetting{
+	secretSessionNameValue, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
 		Name: apiv1.SystemSettingSecretSessionName.String(),
 	})
 	if err != nil {
 		return "", err
 	}
 	if secretSessionNameValue == nil || secretSessionNameValue.Value == "" {
-		secretSessionNameValue, err = s.Store.UpsertSystemSetting(ctx, &store.SystemSetting{
+		secretSessionNameValue, err = s.Store.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 			Name:  apiv1.SystemSettingSecretSessionName.String(),
 			Value: uuid.NewString(),
 		})

store/db/mysql/system_setting.go → store/db/mysql/workspace_setting.go

@@ -7,7 +7,7 @@ import (
 	"github.com/usememos/memos/store"
 )
 
-func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSetting) (*store.SystemSetting, error) {
+func (d *DB) UpsertWorkspaceSetting(ctx context.Context, upsert *store.WorkspaceSetting) (*store.WorkspaceSetting, error) {
 	stmt := "INSERT INTO `system_setting` (`name`, `value`, `description`) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE `value` = ?, `description` = ?"
 	_, err := d.db.ExecContext(
 		ctx,
@@ -25,7 +25,7 @@ func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSettin
 	return upsert, nil
 }
 
-func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetting) ([]*store.SystemSetting, error) {
+func (d *DB) ListWorkspaceSettings(ctx context.Context, find *store.FindWorkspaceSetting) ([]*store.WorkspaceSetting, error) {
 	where, args := []string{"1 = 1"}, []any{}
 	if find.Name != "" {
 		where, args = append(where, "`name` = ?"), append(args, find.Name)
@@ -38,9 +38,9 @@ func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetti
 	}
 	defer rows.Close()
 
-	list := []*store.SystemSetting{}
+	list := []*store.WorkspaceSetting{}
 	for rows.Next() {
-		systemSettingMessage := &store.SystemSetting{}
+		systemSettingMessage := &store.WorkspaceSetting{}
 		if err := rows.Scan(
 			&systemSettingMessage.Name,
 			&systemSettingMessage.Value,

store/db/postgres/system_setting.go → store/db/postgres/workspace_setting.go

@@ -7,7 +7,7 @@ import (
 	"github.com/usememos/memos/store"
 )
 
-func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSetting) (*store.SystemSetting, error) {
+func (d *DB) UpsertWorkspaceSetting(ctx context.Context, upsert *store.WorkspaceSetting) (*store.WorkspaceSetting, error) {
 	stmt := `
 		INSERT INTO system_setting (
 			name, value, description
@@ -25,7 +25,7 @@ func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSettin
 	return upsert, nil
 }
 
-func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetting) ([]*store.SystemSetting, error) {
+func (d *DB) ListWorkspaceSettings(ctx context.Context, find *store.FindWorkspaceSetting) ([]*store.WorkspaceSetting, error) {
 	where, args := []string{"1 = 1"}, []any{}
 	if find.Name != "" {
 		where, args = append(where, "name = "+placeholder(len(args)+1)), append(args, find.Name)
@@ -45,9 +45,9 @@ func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetti
 	}
 	defer rows.Close()
 
-	list := []*store.SystemSetting{}
+	list := []*store.WorkspaceSetting{}
 	for rows.Next() {
-		systemSettingMessage := &store.SystemSetting{}
+		systemSettingMessage := &store.WorkspaceSetting{}
 		if err := rows.Scan(
 			&systemSettingMessage.Name,
 			&systemSettingMessage.Value,

store/db/sqlite/system_setting.go → store/db/sqlite/workspace_setting.go

@@ -7,7 +7,7 @@ import (
 	"github.com/usememos/memos/store"
 )
 
-func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSetting) (*store.SystemSetting, error) {
+func (d *DB) UpsertWorkspaceSetting(ctx context.Context, upsert *store.WorkspaceSetting) (*store.WorkspaceSetting, error) {
 	stmt := `
 		INSERT INTO system_setting (
 			name, value, description
@@ -25,7 +25,7 @@ func (d *DB) UpsertSystemSetting(ctx context.Context, upsert *store.SystemSettin
 	return upsert, nil
 }
 
-func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetting) ([]*store.SystemSetting, error) {
+func (d *DB) ListWorkspaceSettings(ctx context.Context, find *store.FindWorkspaceSetting) ([]*store.WorkspaceSetting, error) {
 	where, args := []string{"1 = 1"}, []any{}
 	if find.Name != "" {
 		where, args = append(where, "name = ?"), append(args, find.Name)
@@ -45,9 +45,9 @@ func (d *DB) ListSystemSettings(ctx context.Context, find *store.FindSystemSetti
 	}
 	defer rows.Close()
 
-	list := []*store.SystemSetting{}
+	list := []*store.WorkspaceSetting{}
 	for rows.Next() {
-		systemSettingMessage := &store.SystemSetting{}
+		systemSettingMessage := &store.WorkspaceSetting{}
 		if err := rows.Scan(
 			&systemSettingMessage.Name,
 			&systemSettingMessage.Value,

store/driver.go

@@ -49,9 +49,9 @@ type Driver interface {
 	ListMemoOrganizer(ctx context.Context, find *FindMemoOrganizer) ([]*MemoOrganizer, error)
 	DeleteMemoOrganizer(ctx context.Context, delete *DeleteMemoOrganizer) error
 
-	// SystemSetting model related methods.
-	UpsertSystemSetting(ctx context.Context, upsert *SystemSetting) (*SystemSetting, error)
-	ListSystemSettings(ctx context.Context, find *FindSystemSetting) ([]*SystemSetting, error)
+	// WorkspaceSetting model related methods.
+	UpsertWorkspaceSetting(ctx context.Context, upsert *WorkspaceSetting) (*WorkspaceSetting, error)
+	ListWorkspaceSettings(ctx context.Context, find *FindWorkspaceSetting) ([]*WorkspaceSetting, error)
 
 	// User model related methods.
 	CreateUser(ctx context.Context, create *User) (*User, error)

store/system_setting.go → store/workspace_setting.go

@@ -4,22 +4,22 @@ import (
 	"context"
 )
 
-type SystemSetting struct {
+type WorkspaceSetting struct {
 	Name        string
 	Value       string
 	Description string
 }
 
-type FindSystemSetting struct {
+type FindWorkspaceSetting struct {
 	Name string
 }
 
-func (s *Store) UpsertSystemSetting(ctx context.Context, upsert *SystemSetting) (*SystemSetting, error) {
-	return s.driver.UpsertSystemSetting(ctx, upsert)
+func (s *Store) UpsertWorkspaceSetting(ctx context.Context, upsert *WorkspaceSetting) (*WorkspaceSetting, error) {
+	return s.driver.UpsertWorkspaceSetting(ctx, upsert)
 }
 
-func (s *Store) ListSystemSettings(ctx context.Context, find *FindSystemSetting) ([]*SystemSetting, error) {
-	list, err := s.driver.ListSystemSettings(ctx, find)
+func (s *Store) ListWorkspaceSettings(ctx context.Context, find *FindWorkspaceSetting) ([]*WorkspaceSetting, error) {
+	list, err := s.driver.ListWorkspaceSettings(ctx, find)
 	if err != nil {
 		return nil, err
 	}
@@ -30,14 +30,14 @@ func (s *Store) ListSystemSettings(ctx context.Context, find *FindSystemSetting)
 	return list, nil
 }
 
-func (s *Store) GetSystemSetting(ctx context.Context, find *FindSystemSetting) (*SystemSetting, error) {
+func (s *Store) GetWorkspaceSetting(ctx context.Context, find *FindWorkspaceSetting) (*WorkspaceSetting, error) {
 	if find.Name != "" {
 		if cache, ok := s.systemSettingCache.Load(find.Name); ok {
-			return cache.(*SystemSetting), nil
+			return cache.(*WorkspaceSetting), nil
 		}
 	}
 
-	list, err := s.ListSystemSettings(ctx, find)
+	list, err := s.ListWorkspaceSettings(ctx, find)
 	if err != nil {
 		return nil, err
 	}
@@ -51,8 +51,8 @@ func (s *Store) GetSystemSetting(ctx context.Context, find *FindSystemSetting) (
 	return systemSettingMessage, nil
 }
 
-func (s *Store) GetSystemSettingValueWithDefault(ctx context.Context, settingName string, defaultValue string) string {
-	if setting, err := s.GetSystemSetting(ctx, &FindSystemSetting{
+func (s *Store) GetWorkspaceSettingWithDefaultValue(ctx context.Context, settingName string, defaultValue string) string {
+	if setting, err := s.GetWorkspaceSetting(ctx, &FindWorkspaceSetting{
 		Name: settingName,
 	}); err == nil && setting != nil {
 		return setting.Value

test/store/system_setting_test.go → test/store/workspace_setting_test.go

@@ -10,30 +10,30 @@ import (
 	"github.com/usememos/memos/store"
 )
 
-func TestSystemSettingStore(t *testing.T) {
+func TestWorkspaceSettingStore(t *testing.T) {
 	ctx := context.Background()
 	ts := NewTestingStore(ctx, t)
-	_, err := ts.UpsertSystemSetting(ctx, &store.SystemSetting{
+	_, err := ts.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 		Name:  apiv1.SystemSettingServerIDName.String(),
 		Value: "test_server_id",
 	})
 	require.NoError(t, err)
-	_, err = ts.UpsertSystemSetting(ctx, &store.SystemSetting{
+	_, err = ts.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 		Name:  apiv1.SystemSettingSecretSessionName.String(),
 		Value: "test_secret_session_name",
 	})
 	require.NoError(t, err)
-	_, err = ts.UpsertSystemSetting(ctx, &store.SystemSetting{
+	_, err = ts.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 		Name:  apiv1.SystemSettingAllowSignUpName.String(),
 		Value: "true",
 	})
 	require.NoError(t, err)
-	_, err = ts.UpsertSystemSetting(ctx, &store.SystemSetting{
+	_, err = ts.UpsertWorkspaceSetting(ctx, &store.WorkspaceSetting{
 		Name:  apiv1.SystemSettingLocalStoragePathName.String(),
 		Value: "/tmp/memos",
 	})
 	require.NoError(t, err)
-	list, err := ts.ListSystemSettings(ctx, &store.FindSystemSetting{})
+	list, err := ts.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
 	require.NoError(t, err)
 	require.Equal(t, 4, len(list))
 	ts.Close()