# Protocol Documentation ## Table of Contents - [session/service.proto](#session/service.proto) - Services - [SessionService](#neo.fs.v2.session.SessionService) - Messages - [CreateRequest](#neo.fs.v2.session.CreateRequest) - [CreateRequest.Body](#neo.fs.v2.session.CreateRequest.Body) - [CreateResponse](#neo.fs.v2.session.CreateResponse) - [CreateResponse.Body](#neo.fs.v2.session.CreateResponse.Body) - [session/types.proto](#session/types.proto) - Messages - [ContainerSessionContext](#neo.fs.v2.session.ContainerSessionContext) - [ObjectSessionContext](#neo.fs.v2.session.ObjectSessionContext) - [RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) - [RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) - [ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) - [ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) - [SessionToken](#neo.fs.v2.session.SessionToken) - [SessionToken.Body](#neo.fs.v2.session.SessionToken.Body) - [SessionToken.Body.TokenLifetime](#neo.fs.v2.session.SessionToken.Body.TokenLifetime) - [XHeader](#neo.fs.v2.session.XHeader) - [Scalar Value Types](#scalar-value-types)
## session/service.proto ### Service "neo.fs.v2.session.SessionService" `SessionService` allows to establish a temporary trust relationship between two peer nodes and generate a `SessionToken` as the proof of trust to be attached in requests for further verification. Please see corresponding section of NeoFS Technical Specification for details. ``` rpc Create(CreateRequest) returns (CreateResponse); ``` #### Method Create Opens a new session between two peers. Statuses: - **OK** (0, SECTION_SUCCESS): session has been successfully opened; - Common failures (SECTION_FAILURE_COMMON). | Name | Input | Output | | ---- | ----- | ------ | | Create | [CreateRequest](#neo.fs.v2.session.CreateRequest) | [CreateResponse](#neo.fs.v2.session.CreateResponse) | ### Message CreateRequest Information necessary for opening a session. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [CreateRequest.Body](#neo.fs.v2.session.CreateRequest.Body) | | Body of create session token request message. | | meta_header | [RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) | | Carries request meta information. Header data is used only to regulate message transport and does not affect request execution. | | verify_header | [RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) | | Carries request verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | ### Message CreateRequest.Body Session creation request body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | owner_id | [neo.fs.v2.refs.OwnerID](#neo.fs.v2.refs.OwnerID) | | Session initiating user's or node's key derived `OwnerID` | | expiration | [uint64](#uint64) | | Session expiration `Epoch` | ### Message CreateResponse Information about the opened session. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [CreateResponse.Body](#neo.fs.v2.session.CreateResponse.Body) | | Body of create session token response message. | | meta_header | [ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) | | Carries response meta information. Header data is used only to regulate message transport and does not affect request execution. | | verify_header | [ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) | | Carries response verification information. This header is used to authenticate the nodes of the message route and check the correctness of transmission. | ### Message CreateResponse.Body Session creation response body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | id | [bytes](#bytes) | | Identifier of a newly created session | | session_key | [bytes](#bytes) | | Public key used for session | ## session/types.proto ### Message ContainerSessionContext Context information for Session Tokens related to ContainerService requests. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | verb | [ContainerSessionContext.Verb](#neo.fs.v2.session.ContainerSessionContext.Verb) | | Type of request for which the token is issued | | wildcard | [bool](#bool) | | Spreads the action to all owner containers. If set, container_id field is ignored. | | container_id | [neo.fs.v2.refs.ContainerID](#neo.fs.v2.refs.ContainerID) | | Particular container to which the action applies. Ignored if wildcard flag is set. | ### Message ObjectSessionContext Context information for Session Tokens related to ObjectService requests | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | verb | [ObjectSessionContext.Verb](#neo.fs.v2.session.ObjectSessionContext.Verb) | | Type of request for which the token is issued | | address | [neo.fs.v2.refs.Address](#neo.fs.v2.refs.Address) | | Related Object address | ### Message RequestMetaHeader Meta information attached to the request. When forwarded between peers, request meta headers are folded in matryoshka style. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | version | [neo.fs.v2.refs.Version](#neo.fs.v2.refs.Version) | | Peer's API version used | | epoch | [uint64](#uint64) | | Peer's local epoch number. Set to 0 if unknown. | | ttl | [uint32](#uint32) | | Maximum number of intermediate nodes in the request route | | x_headers | [XHeader](#neo.fs.v2.session.XHeader) | repeated | Request X-Headers | | session_token | [SessionToken](#neo.fs.v2.session.SessionToken) | | Session token within which the request is sent | | bearer_token | [neo.fs.v2.acl.BearerToken](#neo.fs.v2.acl.BearerToken) | | `BearerToken` with eACL overrides for the request | | origin | [RequestMetaHeader](#neo.fs.v2.session.RequestMetaHeader) | | `RequestMetaHeader` of the origin request | ### Message RequestVerificationHeader Verification info for request signed by all intermediate nodes. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Request Body signature. Should be generated once by request initiator. | | meta_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Request Meta signature is added and signed by each intermediate node | | origin_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of previous hops | | origin | [RequestVerificationHeader](#neo.fs.v2.session.RequestVerificationHeader) | | Chain of previous hops signatures | ### Message ResponseMetaHeader Information about the response | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | version | [neo.fs.v2.refs.Version](#neo.fs.v2.refs.Version) | | Peer's API version used | | epoch | [uint64](#uint64) | | Peer's local epoch number | | ttl | [uint32](#uint32) | | Maximum number of intermediate nodes in the request route | | x_headers | [XHeader](#neo.fs.v2.session.XHeader) | repeated | Response X-Headers | | origin | [ResponseMetaHeader](#neo.fs.v2.session.ResponseMetaHeader) | | `ResponseMetaHeader` of the origin request | | status | [neo.fs.v2.status.Status](#neo.fs.v2.status.Status) | | Status return. | ### Message ResponseVerificationHeader Verification info for response signed by all intermediate nodes | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Response Body signature. Should be generated once by answering node. | | meta_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Response Meta signature is added and signed by each intermediate node | | origin_signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of previous hops | | origin | [ResponseVerificationHeader](#neo.fs.v2.session.ResponseVerificationHeader) | | Chain of previous hops signatures | ### Message SessionToken NeoFS Session Token. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | body | [SessionToken.Body](#neo.fs.v2.session.SessionToken.Body) | | Session Token contains the proof of trust between peers to be attached in requests for further verification. Please see corresponding section of NeoFS Technical Specification for details. | | signature | [neo.fs.v2.refs.Signature](#neo.fs.v2.refs.Signature) | | Signature of `SessionToken` information | ### Message SessionToken.Body Session Token body | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | id | [bytes](#bytes) | | Token identifier is a valid UUIDv4 in binary form | | owner_id | [neo.fs.v2.refs.OwnerID](#neo.fs.v2.refs.OwnerID) | | Identifier of the session initiator | | lifetime | [SessionToken.Body.TokenLifetime](#neo.fs.v2.session.SessionToken.Body.TokenLifetime) | | Lifetime of the session | | session_key | [bytes](#bytes) | | Public key used in session | | object | [ObjectSessionContext](#neo.fs.v2.session.ObjectSessionContext) | | ObjectService session context | | container | [ContainerSessionContext](#neo.fs.v2.session.ContainerSessionContext) | | ContainerService session context | ### Message SessionToken.Body.TokenLifetime Lifetime parameters of the token. Field names taken from rfc7519. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | exp | [uint64](#uint64) | | Expiration Epoch | | nbf | [uint64](#uint64) | | Not valid before Epoch | | iat | [uint64](#uint64) | | Issued at Epoch | ### Message XHeader Extended headers for Request/Response. May contain any user-defined headers to be interpreted on application level. Key name must be unique valid UTF-8 string. Value can't be empty. Requests or Responses with duplicated header names or headers with empty values will be considered invalid. There are some "well-known" headers starting with `__NEOFS__` prefix that affect system behaviour: * __NEOFS__NETMAP_EPOCH \ Netmap epoch to use for object placement calculation. The `value` is string encoded `uint64` in decimal presentation. If set to '0' or not set, the current epoch only will be used. * __NEOFS__NETMAP_LOOKUP_DEPTH \ If object can't be found using current epoch's netmap, this header limits how many past epochs back the node can lookup. The `value` is string encoded `uint64` in decimal presentation. If set to '0' or not set, the current epoch only will be used. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | key | [string](#string) | | Key of the X-Header | | value | [string](#string) | | Value of the X-Header | ### ContainerSessionContext.Verb Container request verbs | Name | Number | Description | | ---- | ------ | ----------- | | VERB_UNSPECIFIED | 0 | Unknown verb | | PUT | 1 | Refers to container.Put RPC call | | DELETE | 2 | Refers to container.Delete RPC call | | SETEACL | 3 | Refers to container.SetExtendedACL RPC call | ### ObjectSessionContext.Verb Object request verbs | Name | Number | Description | | ---- | ------ | ----------- | | VERB_UNSPECIFIED | 0 | Unknown verb | | PUT | 1 | Refers to object.Put RPC call | | GET | 2 | Refers to object.Get RPC call | | HEAD | 3 | Refers to object.Head RPC call | | SEARCH | 4 | Refers to object.Search RPC call | | DELETE | 5 | Refers to object.Delete RPC call | | RANGE | 6 | Refers to object.GetRange RPC call | | RANGEHASH | 7 | Refers to object.GetRangeHash RPC call | ## Scalar Value Types | .proto Type | Notes | C++ Type | Java Type | Python Type | | ----------- | ----- | -------- | --------- | ----------- | | double | | double | double | float | | float | | float | float | float | | int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | | int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | | uint32 | Uses variable-length encoding. | uint32 | int | int/long | | uint64 | Uses variable-length encoding. | uint64 | long | int/long | | sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | | sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | | fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | | fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | | sfixed32 | Always four bytes. | int32 | int | int | | sfixed64 | Always eight bytes. | int64 | long | int/long | | bool | | bool | boolean | boolean | | string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | | bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str |