DefGuard · wojcik91 · Mar 24, 2026 · Mar 24, 2026 · Mar 24, 2026 · Mar 24, 2026
diff --git a/crates/defguard/src/main.rs b/crates/defguard/src/main.rs
@@ -258,7 +258,6 @@ async fn main() -> Result<(), anyhow::Error> {
             pool.clone(),
             grpc_cert,
             grpc_key,
-            failed_logins.clone(),
         ) => error!("gRPC server returned early: {res:?}"),
         res = run_web_server(
             worker_state,

diff --git a/crates/defguard_core/src/grpc/auth.rs b/crates/defguard_core/src/grpc/auth.rs
diff --git a/crates/defguard_core/src/grpc/mod.rs b/crates/defguard_core/src/grpc/mod.rs
@@ -24,7 +24,6 @@ use sqlx::PgPool;
 use tokio::sync::{broadcast::Sender, mpsc::UnboundedSender};
 
 use crate::{
-    auth::failed_login::FailedLoginMap,
     db::AppEvent,
     enterprise::{
         db::models::{
@@ -33,10 +32,9 @@ use crate::{
         },
         is_business_license_active, is_enterprise_license_active,
     },
-    grpc::{auth::AuthServer, interceptor::JwtInterceptor, worker::WorkerServer},
+    grpc::{interceptor::JwtInterceptor, worker::WorkerServer},
 };
 
-mod auth;
 pub mod client_version;
 pub mod interceptor;
 pub mod proxy;
@@ -52,8 +50,8 @@ pub mod proto {
 }
 
 use defguard_proto::{
-    auth::auth_service_server::AuthServiceServer, enterprise::firewall::FirewallConfig,
-    gateway::Peer, worker::worker_service_server::WorkerServiceServer,
+    enterprise::firewall::FirewallConfig, gateway::Peer,
+    worker::worker_service_server::WorkerServiceServer,
 };
 use tonic::transport::{Identity, Server, ServerTlsConfig, server::Router};
 
@@ -71,7 +69,6 @@ pub async fn run_grpc_server(
     pool: PgPool,
     grpc_cert: Option<String>,
     grpc_key: Option<String>,
-    failed_logins: Arc<Mutex<FailedLoginMap>>,
 ) -> Result<(), anyhow::Error> {
     // Build gRPC services
     let server = if let (Some(cert), Some(key)) = (grpc_cert, grpc_key) {
@@ -81,7 +78,7 @@ pub async fn run_grpc_server(
         Server::builder()
     };
 
-    let router = build_grpc_service_router(server, pool, worker_state, failed_logins).await?;
+    let router = build_grpc_service_router(server, pool, worker_state).await?;
 
     // Run gRPC server
     let addr = SocketAddr::new(
@@ -100,19 +97,15 @@ pub async fn build_grpc_service_router(
     server: Server,
     pool: PgPool,
     worker_state: Arc<Mutex<WorkerState>>,
-    failed_logins: Arc<Mutex<FailedLoginMap>>,
-    // incompatible_components: Arc<RwLock<IncompatibleComponents>>,
 ) -> Result<Router, anyhow::Error> {
-    let auth_service = AuthServiceServer::new(AuthServer::new(pool.clone(), failed_logins));
-
     let worker_service = WorkerServiceServer::with_interceptor(
         WorkerServer::new(pool.clone(), worker_state),
         JwtInterceptor::new(ClaimsType::YubiBridge),
     );
 
     let (health_reporter, health_service) = tonic_health::server::health_reporter();
     health_reporter
-        .set_serving::<AuthServiceServer<AuthServer>>()
+        .set_serving::<WorkerServiceServer<WorkerServer>>()
         .await;
     health_reporter
         .set_serving::<WorkerServiceServer<WorkerServer>>()
@@ -122,8 +115,7 @@ pub async fn build_grpc_service_router(
         .http2_keepalive_interval(Some(TEN_SECS))
         .tcp_keepalive(Some(TEN_SECS))
         .add_service(health_service)
-        .add_service(auth_service);
-    let router = router.add_service(worker_service);
+        .add_service(worker_service);
 
     Ok(router)
 }

diff --git a/crates/defguard_core/tests/integration/grpc/common/mod.rs b/crates/defguard_core/tests/integration/grpc/common/mod.rs
@@ -11,7 +11,6 @@ use defguard_common::{
     },
 };
 use defguard_core::{
-    auth::failed_login::FailedLoginMap,
     db::AppEvent,
     grpc::{AUTHORIZATION_HEADER, WorkerState, build_grpc_service_router},
 };
@@ -118,15 +117,10 @@ pub(crate) async fn make_grpc_test_server(pool: &PgPool) -> TestGrpcServer {
 
     let (app_event_tx, app_event_rx) = unbounded_channel::<AppEvent>();
     let worker_state = Arc::new(Mutex::new(WorkerState::new(app_event_tx)));
-    let failed_logins = Arc::new(Mutex::new(FailedLoginMap::new()));
-    let grpc_router = build_grpc_service_router(
-        Server::builder(),
-        pool.clone(),
-        worker_state.clone(),
-        failed_logins,
-    )
-    .await
-    .expect("failed to build gRPC router");
+    let grpc_router =
+        build_grpc_service_router(Server::builder(), pool.clone(), worker_state.clone())
+            .await
+            .expect("failed to build gRPC router");
 
     TestGrpcServer::new(
         server_stream,

diff --git a/crates/defguard_proto/build.rs b/crates/defguard_proto/build.rs
@@ -4,8 +4,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .skip_debug([
             "ActivateUserRequest",
             "AuthInfoResponse",
-            "AuthenticateRequest",
-            "AuthenticateResponse",
             "ClientMfaFinishResponse",
             "CodeMfaSetupStartResponse",
             "CodeMfaSetupFinishResponse",
@@ -19,7 +17,6 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
         .protoc_arg("--experimental_allow_proto3_optional")
         .compile_protos(
             &[
-                "../../proto/core/auth.proto",
                 "../../proto/core/proxy.proto",
                 "../../proto/worker/worker.proto",
                 "../../proto/wireguard/gateway.proto",

diff --git a/crates/defguard_proto/src/lib.rs b/crates/defguard_proto/src/lib.rs
@@ -6,9 +6,6 @@ pub mod proxy {
 pub mod gateway {
     tonic::include_proto!("gateway");
 }
-pub mod auth {
-    tonic::include_proto!("auth");
-}
 pub mod worker {
     tonic::include_proto!("worker");
 }

diff --git a/proto b/proto