syntax = "proto3"; package neo.fs.v2.session; option go_package = "github.com/nspcc-dev/neofs-api-go/v2/session/grpc;session"; option csharp_namespace = "NeoFS.API.v2.Session"; import "refs/types.proto"; import "acl/types.proto"; // Context information for Session Tokens related to ObjectService requests message ObjectSessionContext { // Object request verbs enum Verb { // Unknown verb VERB_UNSPECIFIED = 0; // Refers to object.Put RPC call PUT = 1; // Refers to object.Get RPC call GET = 2; // Refers to object.Head RPC call HEAD = 3; // Refers to object.Search RPC call SEARCH = 4; // Refers to object.Delete RPC call DELETE = 5; // Refers to object.GetRange RPC call RANGE = 6; // Refers to object.GetRangeHash RPC call RANGEHASH = 7; } // Type of request for which the token is issued Verb verb = 1; // Related Object address neo.fs.v2.refs.Address address = 2; } // NeoFS Session Token. message SessionToken { // Session Token body message Body { // Token identifier is a valid UUIDv4 in binary form bytes id = 1; // Identifier of the session initiator neo.fs.v2.refs.OwnerID owner_id = 2; // Lifetime parameters of the token. Filed names taken from rfc7519. message TokenLifetime { // Expiration Epoch uint64 exp = 1; // Not valid before Epoch uint64 nbf = 2; // Issued at Epoch uint64 iat = 3; } // Lifetime of the session TokenLifetime lifetime = 3; // Public key used in session bytes session_key = 4; // Session Context information oneof context { // ObjectService session context ObjectSessionContext object = 5; } } // Session Token contains the proof of trust between peers to be attached in // requests for further verification. Please see corresponding section of // NeoFS Technical Specification for details. Body body = 1; // Signature of `SessionToken` information neo.fs.v2.refs.Signature signature = 2; } // Extended headers for Request/Response. message XHeader { // Key of the X-Header string key = 1; // Value of the X-Header string value = 2; } // Meta information attached to the request. When forwarded between peers, // request meta headers are folded in matryoshka style. message RequestMetaHeader { // Peer's API version used neo.fs.v2.refs.Version version = 1; // Peer's local epoch number. Set to 0 if unknown. uint64 epoch = 2; // Maximum number of intermediate nodes in the request route uint32 ttl = 3; // Request X-Headers repeated XHeader x_headers = 4; // Session token within which the request is sent SessionToken session_token = 5; // `BearerToken` with eACL overrides for the request neo.fs.v2.acl.BearerToken bearer_token = 6; // `RequestMetaHeader` of the origin request RequestMetaHeader origin = 7; } // Information about the response message ResponseMetaHeader { // Peer's API version used neo.fs.v2.refs.Version version = 1; // Peer's local epoch number uint64 epoch = 2; // Maximum number of intermediate nodes in the request route uint32 ttl = 3; // Response X-Headers repeated XHeader x_headers = 4; // `ResponseMetaHeader` of the origin request ResponseMetaHeader origin = 5; } // Verification info for request signed by all intermediate nodes. message RequestVerificationHeader { // Request Body signature. Should be generated once by request initiator. neo.fs.v2.refs.Signature body_signature = 1; // Request Meta signature is added and signed by each intermediate node neo.fs.v2.refs.Signature meta_signature = 2; // Signature of previous hops neo.fs.v2.refs.Signature origin_signature = 3; // Chain of previous hops signatures RequestVerificationHeader origin = 4; } // Verification info for response signed by all intermediate nodes message ResponseVerificationHeader { // Response Body signature. Should be generated once by answering node. neo.fs.v2.refs.Signature body_signature = 1; // Response Meta signature is added and signed by each intermediate node neo.fs.v2.refs.Signature meta_signature = 2; // Signature of previous hops neo.fs.v2.refs.Signature origin_signature = 3; // Chain of previous hops signatures ResponseVerificationHeader origin = 4; }