token: update structure

This commit:

  * moves Token message to service package;

  * updates token structure (new verb field, some renaming);

  * replaces VerificationHeader header with Token in object package;

  * removes no longer used VerificationHeader message.

object/service.proto

@@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";
 
 import "refs/types.proto";
 import "object/types.proto";
-import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -83,7 +82,7 @@ message PutRequest {
         // Object with at least container id and owner id fields
         Object Object       = 1;
         // Token with session public key and user's signature
-        session.Token Token = 2;
+        service.Token Token = 2;
         // Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
         uint32 CopiesNumber = 3;
     }
@@ -113,7 +112,7 @@ message DeleteRequest {
     // OwnerID is a wallet address
     bytes OwnerID                            = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
     // Token with session public key and user's signature
-    session.Token Token                      = 3;
+    service.Token Token                      = 3;
     // RequestMetaHeader contains information about request meta headers (should be embedded into message)
     service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
     // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)

object/types.proto

@@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
 option csharp_namespace = "NeoFS.API.Object";
 
 import "refs/types.proto";
-import "session/types.proto";
+import "service/verify.proto";
 import "storagegroup/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 
@@ -36,8 +36,8 @@ message Header {
         Transform Transform                    = 4;
         // Tombstone header that set up in deleted objects
         Tombstone Tombstone                    = 5;
-        // Verify header that contains session public key and user's signature
-        session.VerificationHeader Verify      = 6;
+        // Token header contains token of the session within which the object was created
+        service.Token Token                    = 6;
         // HomoHash is a homomorphic hash of original object payload
         bytes HomoHash                         = 7 [(gogoproto.customtype) = "Hash"];
         // PayloadChecksum of actual object's payload

proto-docs/object.md

@@ -149,7 +149,7 @@ calculated for XORed data.
 | ----- | ---- | ----- | ----------- |
 | Address | [refs.Address](#refs.Address) |  | Address of object (container id + object id) |
 | OwnerID | [bytes](#bytes) |  | OwnerID is a wallet address |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token with session public key and user's signature |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -296,7 +296,7 @@ in distributed system.
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Object | [Object](#object.Object) |  | Object with at least container id and owner id fields |
-| Token | [session.Token](#session.Token) |  | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token with session public key and user's signature |
 | CopiesNumber | [uint32](#uint32) |  | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
 
 
@@ -378,7 +378,7 @@ in distributed system.
 | UserHeader | [UserHeader](#object.UserHeader) |  | UserHeader is a set of KV headers defined by user |
 | Transform | [Transform](#object.Transform) |  | Transform defines transform operation (e.g. payload split) |
 | Tombstone | [Tombstone](#object.Tombstone) |  | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) |  | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) |  | Token header that contains session token |
 | HomoHash | [bytes](#bytes) |  | HomoHash is a homomorphic hash of original object payload |
 | PayloadChecksum | [bytes](#bytes) |  | PayloadChecksum of actual object's payload |
 | Integrity | [IntegrityHeader](#object.IntegrityHeader) |  | Integrity header with checksum of all above headers in the object |

proto-docs/service.md

@@ -15,6 +15,8 @@
   - Messages
     - [RequestVerificationHeader](#service.RequestVerificationHeader)
     - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+    - [Token](#service.Token)
+    - [Token.Info](#service.Token.Info)
     
 
 - [Scalar Value Types](#scalar-value-types)
@@ -82,6 +84,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
+| Token | [Token](#service.Token) |  | Token is a token of the session within which the request is sent |
 
 
 <a name="service.RequestVerificationHeader.Signature"></a>
@@ -95,8 +98,54 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
 | Sign | [bytes](#bytes) |  | Sign is signature of the request or session key. |
 | Peer | [bytes](#bytes) |  | Peer is compressed public key used for signature. |
 
+
+<a name="service.Token"></a>
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| info | [Token.Info](#service.Token.Info) |  | Info is a grouped information about token |
+| Signature | [bytes](#bytes) |  | Signature is a signature of session token information |
+
+
+<a name="service.Token.Info"></a>
+
+### Message Token.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
+| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
+| verb | [Token.Info.Verb](#service.Token.Info.Verb) |  | Verb is a type of request for which the token is issued |
+| Address | [refs.Address](#refs.Address) |  | Address is an object address for which token is issued |
+| Created | [uint64](#uint64) |  | Created is an initial epoch of token lifetime |
+| ValidUntil | [uint64](#uint64) |  | ValidUntil is a last epoch of token lifetime |
+| SessionKey | [bytes](#bytes) |  | SessionKey is a public key of session key |
+
  <!-- end messages -->
 
+
+<a name="service.Token.Info.Verb"></a>
+
+### Token.Info.Verb
+Verb is an enumeration of session request types
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Put | 0 | Put refers to object.Put RPC call |
+| Get | 1 | Get refers to object.Get RPC call |
+| Head | 2 | Head refers to object.Head RPC call |
+| Search | 3 | Search refers to object.Search RPC call |
+| Delete | 4 | Delete refers to object.Delete RPC call |
+| Range | 5 | Range refers to object.GetRange RPC call |
+| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
+
+
  <!-- end enums -->
 
 

proto-docs/session.md

@@ -12,13 +12,6 @@
     - [CreateResponse](#session.CreateResponse)
     
 
-- [session/types.proto](#session/types.proto)
-
-  - Messages
-    - [Token](#session.Token)
-    - [VerificationHeader](#session.VerificationHeader)
-    
-
 - [Scalar Value Types](#scalar-value-types)
 
 
@@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) |  | Signed Init message response (Unsigned) from server with user private key |
+| Init | [service.Token](#service.Token) |  | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Signed | [service.Token](#service.Token) |  | Signed Init message response (Unsigned) from server with user private key |
 | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) |  | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
 | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) |  | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
 
@@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
 
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) |  | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
-
- <!-- end messages -->
-
- <!-- end enums -->
-
-
-
-<a name="session/types.proto"></a>
-<p align="right"><a href="#top">Top</a></p>
-
-## session/types.proto
-
-
- <!-- end services -->
-
-
-<a name="session.Token"></a>
-
-### Message Token
-User token granting rights for object manipulation
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Header | [VerificationHeader](#session.VerificationHeader) |  | Header carries verification data of session key |
-| OwnerID | [bytes](#bytes) |  | OwnerID is an owner of manipulation object |
-| FirstEpoch | [uint64](#uint64) |  | FirstEpoch is an initial epoch of token lifetime |
-| LastEpoch | [uint64](#uint64) |  | LastEpoch is a last epoch of token lifetime |
-| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
-| Signature | [bytes](#bytes) |  | Signature is a token signature, signed by owner of manipulation object |
-| ID | [bytes](#bytes) |  | ID is a token identifier. valid UUIDv4 represented in bytes |
-| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
-
-
-<a name="session.VerificationHeader"></a>
-
-### Message VerificationHeader
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| PublicKey | [bytes](#bytes) |  | PublicKey is a session public key |
-| KeySignature | [bytes](#bytes) |  | KeySignature is a session public key signature. Signed by trusted side |
+| Unsigned | [service.Token](#service.Token) |  | Unsigned token with token ID and session public key generated on server side |
+| Result | [service.Token](#service.Token) |  | Result is a resulting token which can be used for object placing through an trusted intermediary |
 
  <!-- end messages -->
 

service/verify.proto

@@ -3,6 +3,7 @@ package service;
 option go_package = "github.com/nspcc-dev/neofs-api-go/service";
 option csharp_namespace = "NeoFS.API.Service";
 
+import "refs/types.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
 
 option (gogoproto.stable_marshaler_all) = true;
@@ -19,4 +20,65 @@ message RequestVerificationHeader {
 
     // Signatures is a set of signatures of every passed NeoFS Node
     repeated Signature Signatures = 1;
+
+    // Token is a token of the session within which the request is sent
+    Token Token = 2;
 }
+
+// User token granting rights for object manipulation
+message Token {
+    message Info {
+        // ID is a token identifier. valid UUIDv4 represented in bytes
+        bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+
+        // OwnerID is an owner of manipulation object
+        bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+        // Verb is an enumeration of session request types
+        enum Verb {
+            // Put refers to object.Put RPC call
+            Put = 0;
+            // Get refers to object.Get RPC call
+            Get = 1;
+            // Head refers to object.Head RPC call
+            Head = 2;
+            // Search refers to object.Search RPC call
+            Search = 3;
+            // Delete refers to object.Delete RPC call
+            Delete = 4;
+            // Range refers to object.GetRange RPC call
+            Range = 5;
+            // RangeHash refers to object.GetRangeHash RPC call
+            RangeHash = 6;
+        }
+
+        // Verb is a type of request for which the token is issued
+        Verb verb = 3 [(gogoproto.customname) = "Verb"];
+
+        // Address is an object address for which token is issued
+        refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
+
+        // Created is an initial epoch of token lifetime
+        uint64 Created = 5;
+
+        // ValidUntil is a last epoch of token lifetime
+        uint64 ValidUntil = 6;
+
+        // SessionKey is a public key of session key
+        bytes SessionKey = 7;
+    }
+
+    // Info is a grouped information about token
+    Info info = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (gogoproto.customname) = "Info"];
+
+    // Signature is a signature of session token information
+    bytes Signature = 8;
+}
+
+// TODO: for variable token types and version redefine message
+// Example:
+// message Token {
+//     TokenType TokenType = 1;
+//     uint32 Version = 2;
+//     bytes Data = 3;
+// }

session/service.proto

@@ -3,7 +3,6 @@ package session;
 option go_package = "github.com/nspcc-dev/neofs-api-go/session";
 option csharp_namespace = "NeoFS.API.Session";
 
-import "session/types.proto";
 import "service/meta.proto";
 import "service/verify.proto";
 import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -33,9 +32,9 @@ message CreateRequest {
         // owner of manipulation object;
         // ID of manipulation object;
         // token lifetime bounds.
-        session.Token Init = 1;
+        service.Token Init = 1;
         // Signed Init message response (Unsigned) from server with user private key
-        session.Token Signed = 2;
+        service.Token Signed = 2;
     }
     // RequestMetaHeader contains information about request meta headers (should be embedded into message)
     service.RequestMetaHeader Meta           = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
@@ -46,8 +45,8 @@ message CreateRequest {
 message CreateResponse {
     oneof Message {
         // Unsigned token with token ID and session public key generated on server side
-        session.Token Unsigned = 1;
+        service.Token Unsigned = 1;
         // Result is a resulting token which can be used for object placing through an trusted intermediary
-        session.Token Result = 2;
+        service.Token Result = 2;
     }
 }

session/types.proto

@@ -1,35 +0,0 @@
-syntax = "proto3";
-package session;
-option go_package = "github.com/nspcc-dev/neofs-api-go/session";
-option csharp_namespace = "NeoFS.API.Session";
-
-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
-
-option (gogoproto.stable_marshaler_all) = true;
-
-message VerificationHeader {
-    // PublicKey is a session public key
-    bytes PublicKey = 1;
-    // KeySignature is a session public key signature. Signed by trusted side
-    bytes KeySignature = 2;
-}
-
-// User token granting rights for object manipulation
-message Token {
-    // Header carries verification data of session key
-    VerificationHeader Header = 1 [(gogoproto.nullable) = false];
-    // OwnerID is an owner of manipulation object
-    bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
-    // FirstEpoch is an initial epoch of token lifetime
-    uint64 FirstEpoch = 3;
-    // LastEpoch is a last epoch of token lifetime
-    uint64 LastEpoch = 4;
-    // ObjectID is an object identifier of manipulation object
-    repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
-    // Signature is a token signature, signed by owner of manipulation object
-    bytes Signature = 6;
-    // ID is a token identifier. valid UUIDv4 represented in bytes
-    bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
-    // PublicKeys associated with owner
-    repeated bytes PublicKeys = 8;
-}