Merge pull request #9 from nspcc-dev/request-headers-body-changes

Changes for updated session token
2020-04-27 12:29:22 +03:00 · 2020-04-27 12:29:22 +03:00 · 78af092531
commit 78af092531
parent e411a89c52 da3cb02936
9 changed files with 133 additions and 135 deletions
--- a/object/service.proto
+++ b/object/service.proto
@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";

 import "refs/types.proto";
 import "object/types.proto";
-import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@ -58,8 +57,6 @@ service Service {
 message GetRequest {
    // Address of object (container id + object id)
    refs.Address Address                     = 1 [(gogoproto.nullable) = false];
-    // Raw is the request flag of a physically stored representation of an object
-    bool Raw                                 = 2;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -83,7 +80,7 @@ message PutRequest {
        // Object with at least container id and owner id fields
        Object Object       = 1;
        // Token with session public key and user's signature
-        session.Token Token = 2;
+        service.Token Token = 2;
        // Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
        uint32 CopiesNumber = 3;
    }
@ -113,7 +110,7 @@ message DeleteRequest {
    // OwnerID is a wallet address
    bytes OwnerID                            = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
    // Token with session public key and user's signature
-    session.Token Token                      = 3;
+    service.Token Token                      = 3;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@ -132,8 +129,6 @@ message HeadRequest {
    refs.Address Address                     = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
    // FullHeaders can be set true for extended headers in the object
    bool FullHeaders                         = 2;
-    // Raw is the request flag of a physically stored representation of an object
-    bool Raw                                 = 3;
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
    // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
--- a/object/types.proto
+++ b/object/types.proto
@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
 option csharp_namespace = "NeoFS.API.Object";

 import "refs/types.proto";
-import "session/types.proto";
+import "service/verify.proto";
 import "storagegroup/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";

@ -36,8 +36,8 @@ message Header {
        Transform Transform                    = 4;
        // Tombstone header that set up in deleted objects
        Tombstone Tombstone                    = 5;
-        // Verify header that contains session public key and user's signature
-        session.VerificationHeader Verify      = 6;
+        // Token header contains token of the session within which the object was created
+        service.Token Token                    = 6;
        // HomoHash is a homomorphic hash of original object payload
        bytes HomoHash                         = 7 [(gogoproto.customtype) = "Hash"];
        // PayloadChecksum of actual object's payload
--- a/proto-docs/object.md
+++ b/proto-docs/object.md
@ -149,7 +149,7 @@ calculated for XORed data.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token with session public key and user's signature |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -228,7 +228,6 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
-| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -256,7 +255,6 @@ in distributed system.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | FullHeaders | [bool](#bool) |  | FullHeaders can be set true for extended headers in the object |
-| Raw | [bool](#bool) |  | Raw is the request flag of a physically stored representation of an object |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -296,7 +294,7 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Object | [Object](#object.Object) |  | Object with at least container id and owner id fields |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token with session public key and user's signature |
 | CopiesNumber | [uint32](#uint32) |  | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |


@ -378,7 +376,7 @@ in distributed system.
 | UserHeader | [UserHeader](#object.UserHeader) |  | UserHeader is a set of KV headers defined by user |
 | Transform | [Transform](#object.Transform) |  | Transform defines transform operation (e.g. payload split) |
 | Tombstone | [Tombstone](#object.Tombstone) |  | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) |  | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token header that contains session token |
 | HomoHash | [bytes](#bytes) |  | HomoHash is a homomorphic hash of original object payload |
 | PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
 | Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |
--- a/proto-docs/service.md
+++ b/proto-docs/service.md
@ -14,8 +14,9 @@

  - Messages
    - [RequestVerificationHeader](#service.RequestVerificationHeader)
-    - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
    - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+    - [Token](#service.Token)
+    - [Token.Info](#service.Token.Info)
    

 - [Scalar Value Types](#scalar-value-types)
@ -43,6 +44,7 @@ RequestMetaHeader contains information about request meta headers
 | TTL | [uint32](#uint32) |  | TTL must be larger than zero, it decreased in every NeoFS Node |
 | Epoch | [uint64](#uint64) |  | Epoch for user can be empty, because node sets epoch to the actual value |
 | Version | [uint32](#uint32) |  | Version defines protocol version TODO: not used for now, should be implemented in future |
+| Raw | [bool](#bool) |  | Raw determines whether the request is raw or not |


 <a name="service.ResponseMetaHeader"></a>
@ -82,18 +84,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
-
-
-<a name="service.RequestVerificationHeader.Sign"></a>
-
-### Message RequestVerificationHeader.Sign
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
-| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
+| Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |


 <a name="service.RequestVerificationHeader.Signature"></a>
@ -104,11 +95,57 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces

 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Sign is a signature and public key of the request. |
-| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) |  | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+| Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
+| Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
+
+
+<a name="service.Token"></a>
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| info | [Token.Info](#service.Token.Info) |  | Info is a grouped information about token |
+| Signature | [bytes](#bytes) |  | Signature is a signature of session token information |
+
+
+<a name="service.Token.Info"></a>
+
+### Message Token.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
+| verb | [Token.Info.Verb](#service.Token.Info.Verb) |  | Verb is a type of request for which the token is issued |
+| Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
+| Created | [uint64](#uint64) |  | Created is an initial epoch of token lifetime |
+| ValidUntil | [uint64](#uint64) |  | ValidUntil is a last epoch of token lifetime |
+| SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |

 <!-- end messages -->

+
+<a name="service.Token.Info.Verb"></a>
+
+### Token.Info.Verb
+Verb is an enumeration of session request types
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Put | 0 | Put refers to object.Put RPC call |
+| Get | 1 | Get refers to object.Get RPC call |
+| Head | 2 | Head refers to object.Head RPC call |
+| Search | 3 | Search refers to object.Search RPC call |
+| Delete | 4 | Delete refers to object.Delete RPC call |
+| Range | 5 | Range refers to object.GetRange RPC call |
+| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
+
+
 <!-- end enums -->


--- a/proto-docs/session.md
+++ b/proto-docs/session.md
@ -12,13 +12,6 @@
    - [CreateResponse](#session.CreateResponse)
    

- [session/types.proto](#session/types.proto)
-
-  - Messages
-    - [Token](#session.Token)
-    - [VerificationHeader](#session.VerificationHeader)
-    
-
 - [Scalar Value Types](#scalar-value-types)


@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream

 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Init | [service.Token](#service.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Signed | [service.Token](#service.Token) |  | Signed Init message response (Unsigned) from server with user private key |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |

@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream

 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) |  | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
-
- <!-- end messages -->
-
- <!-- end enums -->
-
-
-
-<a name="session/types.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
-
-## session/types.proto
-
-
- <!-- end services -->
-
-
-<a name="session.Token"></a>
-
-### Message Token
-User token granting rights for object manipulation
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Header | [VerificationHeader](#session.VerificationHeader) |  | Header carries verification data of session key |
-| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
-| FirstEpoch | [uint64](#uint64) |  | FirstEpoch is an initial epoch of token lifetime |
-| LastEpoch | [uint64](#uint64) |  | LastEpoch is a last epoch of token lifetime |
-| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
-| Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
-| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
-| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
-
-
-<a name="session.VerificationHeader"></a>
-
-### Message VerificationHeader
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| PublicKey | [bytes](#bytes) |  | PublicKey is a session public key |
-| KeySignature | [bytes](#bytes) |  | KeySignature is a session public key signature. Signed by trusted side |
+| Unsigned | [service.Token](#service.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| Result | [service.Token](#service.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |

 <!-- end messages -->

--- a/service/meta.proto
+++ b/service/meta.proto
@ -17,6 +17,8 @@ message RequestMetaHeader {
    // Version defines protocol version
    // TODO: not used for now, should be implemented in future
    uint32 Version = 3;
+    // Raw determines whether the request is raw or not
+    bool Raw       = 4;
 }

 // ResponseMetaHeader contains meta information based on request processing by server
--- a/service/verify.proto
+++ b/service/verify.proto
@ -3,6 +3,7 @@ package service;
 option go_package = "github.com/nspcc-dev/neofs-api-go/service";
 option csharp_namespace = "NeoFS.API.Service";

+import "refs/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";

 option (gogoproto.stable_marshaler_all) = true;
@ -10,22 +11,74 @@ option (gogoproto.stable_marshaler_all) = true;
 // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
 // (should be embedded into message).
 message RequestVerificationHeader {
-    message Sign {
+    message Signature {
        // Sign is signature of the request or session key.
        bytes Sign = 1;
        // Peer is compressed public key used for signature.
        bytes Peer = 2;
    }

-    message Signature {
-        // Sign is a signature and public key of the request.
-        Sign Sign   = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
-        // Origin used for requests, when trusted node changes it and re-sign with session key.
-        // If session key used for signature request, then Origin should contain
-        // public key of user and signed session key.
-        Sign Origin = 2;
-    }
-
    // Signatures is a set of signatures of every passed NeoFS Node
    repeated Signature Signatures = 1;
+
+    // Token is a token of the session within which the request is sent
+    Token Token = 2;
 }
+
+// User token granting rights for object manipulation
+message Token {
+    message Info {
+        // ID is a token identifier. valid UUIDv4 represented in bytes
+        bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+
+        // OwnerID is an owner of manipulation object
+        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+        // Verb is an enumeration of session request types
+        enum Verb {
+            // Put refers to object.Put RPC call
+            Put = 0;
+            // Get refers to object.Get RPC call
+            Get = 1;
+            // Head refers to object.Head RPC call
+            Head = 2;
+            // Search refers to object.Search RPC call
+            Search = 3;
+            // Delete refers to object.Delete RPC call
+            Delete = 4;
+            // Range refers to object.GetRange RPC call
+            Range = 5;
+            // RangeHash refers to object.GetRangeHash RPC call
+            RangeHash = 6;
+        }
+
+        // Verb is a type of request for which the token is issued
+        Verb verb = 3 [(gogoproto.customname) = "Verb"];
+
+        // Address is an object address for which token is issued
+        refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
+
+        // Created is an initial epoch of token lifetime
+        uint64 Created = 5;
+
+        // ValidUntil is a last epoch of token lifetime
+        uint64 ValidUntil = 6;
+
+        // SessionKey is a public key of session key
+        bytes SessionKey = 7;
+    }
+
+    // Info is a grouped information about token
+    Info info = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (gogoproto.customname) = "Info"];
+
+    // Signature is a signature of session token information
+    bytes Signature = 8;
+}
+
+// TODO: for variable token types and version redefine message
+// Example:
+// message Token {
+//     TokenType TokenType = 1;
+//     uint32 Version = 2;
+//     bytes Data = 3;
+// }
--- a/session/service.proto
+++ b/session/service.proto
@ -3,7 +3,6 @@ package session;
 option go_package = "github.com/nspcc-dev/neofs-api-go/session";
 option csharp_namespace = "NeoFS.API.Session";

-import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@ -33,9 +32,9 @@ message CreateRequest {
        // owner of manipulation object;
        // ID of manipulation object;
        // token lifetime bounds.
-        session.Token Init = 1;
+        service.Token Init = 1;
        // Signed Init message response (Unsigned) from server with user private key
-        session.Token Signed = 2;
+        service.Token Signed = 2;
    }
    // RequestMetaHeader contains information about request meta headers (should be embedded into message)
    service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
@ -46,8 +45,8 @@ message CreateRequest {
 message CreateResponse {
    oneof Message {
        // Unsigned token with token ID and session public key generated on server side
-        session.Token Unsigned = 1;
+        service.Token Unsigned = 1;
        // Result is a resulting token which can be used for object placing through an trusted intermediary
-        session.Token Result = 2;
+        service.Token Result = 2;
    }
 }
--- a/session/types.proto
+++ b/session/types.proto
@ -1,35 +0,0 @@
-syntax = "proto3";
-package session;
-option go_package = "github.com/nspcc-dev/neofs-api-go/session";
-option csharp_namespace = "NeoFS.API.Session";
-
-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
-
-option (gogoproto.stable_marshaler_all) = true;
-
-message VerificationHeader {
-    // PublicKey is a session public key
-    bytes PublicKey = 1;
-    // KeySignature is a session public key signature. Signed by trusted side
-    bytes KeySignature = 2;
-}
-
-// User token granting rights for object manipulation
-message Token {
-    // Header carries verification data of session key
-    VerificationHeader Header = 1 [(gogoproto.nullable) = false];
-    // OwnerID is an owner of manipulation object
-    bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
-    // FirstEpoch is an initial epoch of token lifetime
-    uint64 FirstEpoch = 3;
-    // LastEpoch is a last epoch of token lifetime
-    uint64 LastEpoch = 4;
-    // ObjectID is an object identifier of manipulation object
-    repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
-    // Signature is a token signature, signed by owner of manipulation object
-    bytes Signature = 6;
-    // ID is a token identifier. valid UUIDv4 represented in bytes
-    bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
-    // PublicKeys associated with owner
-    repeated bytes PublicKeys = 8;
-}