syntax = "proto3"; package neo.fs.v2.service; option go_package = "github.com/nspcc-dev/neofs-api-go/v2/service/grpc;service"; option csharp_namespace = "NeoFS.API.v2.Service"; import "acl/types.proto"; import "refs/types.proto"; // Extended headers for Request/Response message XHeader { // Key of the X-Header. string key = 1; // Value of the X-Header. string value = 2; } // Represents API version used by node. message Version { // Major API version. uint32 major = 1; // Minor API version. uint32 minor = 2; } // Lifetime parameters of the token. Filed names taken from rfc7519. message TokenLifetime { // Expiration Epoch uint64 exp = 1; // Not valid before Epoch uint64 nbf = 2; // Issued at Epoch uint64 iat = 3; } // Context information for Session Tokens related to ObjectService requests message ObjectSessionContext { // Object request verbs enum Verb { // Unknown verb VERB_UNSPECIFIED = 0; // Refers to object.Put RPC call PUT = 1; // Refers to object.Get RPC call GET = 2; // Refers to object.Head RPC call HEAD = 3; // Refers to object.Search RPC call SEARCH = 4; // Refers to object.Delete RPC call DELETE = 5; // Refers to object.GetRange RPC call RANGE = 6; // Refers to object.GetRangeHash RPC call RANGEHASH = 7; } // Verb is a type of request for which the token is issued Verb verb = 1; // Related Object address neo.fs.v2.refs.Address address = 2; } // NeoFS session token. message SessionToken { // Session token body message Body { // ID is a token identifier. valid UUIDv4 represented in bytes bytes id = 1; // OwnerID carries identifier of the session initiator. neo.fs.v2.refs.OwnerID owner_id = 2; // Lifetime is a lifetime of the session TokenLifetime lifetime = 3; // SessionKey is a public key of session key bytes session_key = 4; // Carries context of the session. oneof context { // ObjectService session context. ObjectSessionContext object = 5; } } // Session Token body Body body = 1; // Signature is a signature of session token information Signature signature = 2; } // BearerToken has information about request ACL rules with limited lifetime message BearerToken { // Bearer Token body message Body { // EACLTable carries table of extended ACL rules neo.fs.v2.acl.EACLTable eacl_table = 1; // OwnerID carries identifier of the token owner neo.fs.v2.refs.OwnerID owner_id = 2; // Token expiration and valid time period parameters TokenLifetime lifetime = 3; } // Bearer Token body Body body = 1; // Signature of BearerToken body Signature signature = 2; } // Information about the request message RequestMetaHeader { // Client API version. Version version = 1; // Client local epoch number. Set to 0 if unknown. uint64 epoch = 2; // Maximum number of nodes in the request route. uint32 ttl = 3; // Request X-Headers. repeated XHeader x_headers = 4; // Token is a token of the session within which the request is sent SessionToken session_token = 5; // Bearer is a Bearer token of the request BearerToken bearer_token = 6; // RequestMetaHeader of the origin request. RequestMetaHeader origin = 7; } // Information about the response message ResponseMetaHeader { // Server API version. Version version = 1; // Server local epoch number. uint64 epoch = 2; // Maximum number of nodes in the response route. uint32 ttl = 3; // Response X-Headers. repeated XHeader x_headers = 4; // Carries response meta header of the origin response. ResponseMetaHeader origin = 5; } // Signature of something in NeoFS message Signature { // Public key used for signing. bytes key = 1; // Signature bytes sign = 2; } // Verification info for request signed by all intermediate nodes message RequestVerificationHeader { // Request Body signature. Should be generated once by request initiator. Signature body_signature = 1; // Request Meta signature is added and signed by any intermediate node Signature meta_signature = 2; // Sign previous hops Signature origin_signature = 3; // Chain of previous hops signatures RequestVerificationHeader origin = 4; } // Verification info for response signed by all intermediate nodes message ResponseVerificationHeader { // Response Body signature. Should be generated once by answering node. Signature body_signature = 1; // Response Meta signature is added and signed by any intermediate node Signature meta_signature = 2; // Sign previous hops Signature origin_signature = 3; // Chain of previous hops signatures ResponseVerificationHeader origin = 4; }