forked from TrueCloudLab/frostfs-api
token: update structure
This commit: * moves Token message to service package; * updates token structure (new verb field, some renaming); * replaces VerificationHeader header with Token in object package; * removes no longer used VerificationHeader message.
This commit is contained in:
parent
b84fab4d24
commit
6b68940643
8 changed files with 127 additions and 104 deletions
|
@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";
|
|||
|
||||
import "refs/types.proto";
|
||||
import "object/types.proto";
|
||||
import "session/types.proto";
|
||||
import "service/meta.proto";
|
||||
import "service/verify.proto";
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
|
@ -83,7 +82,7 @@ message PutRequest {
|
|||
// Object with at least container id and owner id fields
|
||||
Object Object = 1;
|
||||
// Token with session public key and user's signature
|
||||
session.Token Token = 2;
|
||||
service.Token Token = 2;
|
||||
// Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
|
||||
uint32 CopiesNumber = 3;
|
||||
}
|
||||
|
@ -113,7 +112,7 @@ message DeleteRequest {
|
|||
// OwnerID is a wallet address
|
||||
bytes OwnerID = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
|
||||
// Token with session public key and user's signature
|
||||
session.Token Token = 3;
|
||||
service.Token Token = 3;
|
||||
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
|
||||
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
|
||||
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
|
||||
|
|
|
@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
|
|||
option csharp_namespace = "NeoFS.API.Object";
|
||||
|
||||
import "refs/types.proto";
|
||||
import "session/types.proto";
|
||||
import "service/verify.proto";
|
||||
import "storagegroup/types.proto";
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
|
||||
|
@ -36,8 +36,8 @@ message Header {
|
|||
Transform Transform = 4;
|
||||
// Tombstone header that set up in deleted objects
|
||||
Tombstone Tombstone = 5;
|
||||
// Verify header that contains session public key and user's signature
|
||||
session.VerificationHeader Verify = 6;
|
||||
// Token header contains token of the session within which the object was created
|
||||
service.Token Token = 6;
|
||||
// HomoHash is a homomorphic hash of original object payload
|
||||
bytes HomoHash = 7 [(gogoproto.customtype) = "Hash"];
|
||||
// PayloadChecksum of actual object's payload
|
||||
|
|
|
@ -149,7 +149,7 @@ calculated for XORed data.
|
|||
| ----- | ---- | ----- | ----------- |
|
||||
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
|
||||
| OwnerID | [bytes](#bytes) | | OwnerID is a wallet address |
|
||||
| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
|
||||
| Token | [service.Token](#service.Token) | | Token with session public key and user's signature |
|
||||
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
|
||||
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
|
||||
|
||||
|
@ -296,7 +296,7 @@ in distributed system.
|
|||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| Object | [Object](#object.Object) | | Object with at least container id and owner id fields |
|
||||
| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
|
||||
| Token | [service.Token](#service.Token) | | Token with session public key and user's signature |
|
||||
| CopiesNumber | [uint32](#uint32) | | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
|
||||
|
||||
|
||||
|
@ -378,7 +378,7 @@ in distributed system.
|
|||
| UserHeader | [UserHeader](#object.UserHeader) | | UserHeader is a set of KV headers defined by user |
|
||||
| Transform | [Transform](#object.Transform) | | Transform defines transform operation (e.g. payload split) |
|
||||
| Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects |
|
||||
| Verify | [session.VerificationHeader](#session.VerificationHeader) | | Verify header that contains session public key and user's signature |
|
||||
| Token | [service.Token](#service.Token) | | Token header that contains session token |
|
||||
| HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload |
|
||||
| PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload |
|
||||
| Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object |
|
||||
|
|
|
@ -15,6 +15,8 @@
|
|||
- Messages
|
||||
- [RequestVerificationHeader](#service.RequestVerificationHeader)
|
||||
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
|
||||
- [Token](#service.Token)
|
||||
- [Token.Info](#service.Token.Info)
|
||||
|
||||
|
||||
- [Scalar Value Types](#scalar-value-types)
|
||||
|
@ -82,6 +84,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
|
|||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
|
||||
| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent |
|
||||
|
||||
|
||||
<a name="service.RequestVerificationHeader.Signature"></a>
|
||||
|
@ -95,8 +98,54 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
|
|||
| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. |
|
||||
| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. |
|
||||
|
||||
|
||||
<a name="service.Token"></a>
|
||||
|
||||
### Message Token
|
||||
User token granting rights for object manipulation
|
||||
|
||||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| info | [Token.Info](#service.Token.Info) | | Info is a grouped information about token |
|
||||
| Signature | [bytes](#bytes) | | Signature is a signature of session token information |
|
||||
|
||||
|
||||
<a name="service.Token.Info"></a>
|
||||
|
||||
### Message Token.Info
|
||||
|
||||
|
||||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
|
||||
| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
|
||||
| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued |
|
||||
| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
|
||||
| Created | [uint64](#uint64) | | Created is an initial epoch of token lifetime |
|
||||
| ValidUntil | [uint64](#uint64) | | ValidUntil is a last epoch of token lifetime |
|
||||
| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
|
||||
|
||||
<!-- end messages -->
|
||||
|
||||
|
||||
<a name="service.Token.Info.Verb"></a>
|
||||
|
||||
### Token.Info.Verb
|
||||
Verb is an enumeration of session request types
|
||||
|
||||
| Name | Number | Description |
|
||||
| ---- | ------ | ----------- |
|
||||
| Put | 0 | Put refers to object.Put RPC call |
|
||||
| Get | 1 | Get refers to object.Get RPC call |
|
||||
| Head | 2 | Head refers to object.Head RPC call |
|
||||
| Search | 3 | Search refers to object.Search RPC call |
|
||||
| Delete | 4 | Delete refers to object.Delete RPC call |
|
||||
| Range | 5 | Range refers to object.GetRange RPC call |
|
||||
| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
|
||||
|
||||
|
||||
<!-- end enums -->
|
||||
|
||||
|
||||
|
|
|
@ -12,13 +12,6 @@
|
|||
- [CreateResponse](#session.CreateResponse)
|
||||
|
||||
|
||||
- [session/types.proto](#session/types.proto)
|
||||
|
||||
- Messages
|
||||
- [Token](#session.Token)
|
||||
- [VerificationHeader](#session.VerificationHeader)
|
||||
|
||||
|
||||
- [Scalar Value Types](#scalar-value-types)
|
||||
|
||||
|
||||
|
@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
|
|||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| Init | [Token](#session.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
|
||||
| Signed | [Token](#session.Token) | | Signed Init message response (Unsigned) from server with user private key |
|
||||
| Init | [service.Token](#service.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
|
||||
| Signed | [service.Token](#service.Token) | | Signed Init message response (Unsigned) from server with user private key |
|
||||
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
|
||||
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
|
||||
|
||||
|
@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
|
|||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| Unsigned | [Token](#session.Token) | | Unsigned token with token ID and session public key generated on server side |
|
||||
| Result | [Token](#session.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |
|
||||
|
||||
<!-- end messages -->
|
||||
|
||||
<!-- end enums -->
|
||||
|
||||
|
||||
|
||||
<a name="session/types.proto"></a>
|
||||
<p align="right"><a href="#top">Top</a></p>
|
||||
|
||||
## session/types.proto
|
||||
|
||||
|
||||
<!-- end services -->
|
||||
|
||||
|
||||
<a name="session.Token"></a>
|
||||
|
||||
### Message Token
|
||||
User token granting rights for object manipulation
|
||||
|
||||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| Header | [VerificationHeader](#session.VerificationHeader) | | Header carries verification data of session key |
|
||||
| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
|
||||
| FirstEpoch | [uint64](#uint64) | | FirstEpoch is an initial epoch of token lifetime |
|
||||
| LastEpoch | [uint64](#uint64) | | LastEpoch is a last epoch of token lifetime |
|
||||
| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
|
||||
| Signature | [bytes](#bytes) | | Signature is a token signature, signed by owner of manipulation object |
|
||||
| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
|
||||
| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
|
||||
|
||||
|
||||
<a name="session.VerificationHeader"></a>
|
||||
|
||||
### Message VerificationHeader
|
||||
|
||||
|
||||
|
||||
| Field | Type | Label | Description |
|
||||
| ----- | ---- | ----- | ----------- |
|
||||
| PublicKey | [bytes](#bytes) | | PublicKey is a session public key |
|
||||
| KeySignature | [bytes](#bytes) | | KeySignature is a session public key signature. Signed by trusted side |
|
||||
| Unsigned | [service.Token](#service.Token) | | Unsigned token with token ID and session public key generated on server side |
|
||||
| Result | [service.Token](#service.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |
|
||||
|
||||
<!-- end messages -->
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ package service;
|
|||
option go_package = "github.com/nspcc-dev/neofs-api-go/service";
|
||||
option csharp_namespace = "NeoFS.API.Service";
|
||||
|
||||
import "refs/types.proto";
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
|
||||
option (gogoproto.stable_marshaler_all) = true;
|
||||
|
@ -19,4 +20,65 @@ message RequestVerificationHeader {
|
|||
|
||||
// Signatures is a set of signatures of every passed NeoFS Node
|
||||
repeated Signature Signatures = 1;
|
||||
|
||||
// Token is a token of the session within which the request is sent
|
||||
Token Token = 2;
|
||||
}
|
||||
|
||||
// User token granting rights for object manipulation
|
||||
message Token {
|
||||
message Info {
|
||||
// ID is a token identifier. valid UUIDv4 represented in bytes
|
||||
bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
|
||||
|
||||
// OwnerID is an owner of manipulation object
|
||||
bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
|
||||
|
||||
// Verb is an enumeration of session request types
|
||||
enum Verb {
|
||||
// Put refers to object.Put RPC call
|
||||
Put = 0;
|
||||
// Get refers to object.Get RPC call
|
||||
Get = 1;
|
||||
// Head refers to object.Head RPC call
|
||||
Head = 2;
|
||||
// Search refers to object.Search RPC call
|
||||
Search = 3;
|
||||
// Delete refers to object.Delete RPC call
|
||||
Delete = 4;
|
||||
// Range refers to object.GetRange RPC call
|
||||
Range = 5;
|
||||
// RangeHash refers to object.GetRangeHash RPC call
|
||||
RangeHash = 6;
|
||||
}
|
||||
|
||||
// Verb is a type of request for which the token is issued
|
||||
Verb verb = 3 [(gogoproto.customname) = "Verb"];
|
||||
|
||||
// Address is an object address for which token is issued
|
||||
refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
|
||||
|
||||
// Created is an initial epoch of token lifetime
|
||||
uint64 Created = 5;
|
||||
|
||||
// ValidUntil is a last epoch of token lifetime
|
||||
uint64 ValidUntil = 6;
|
||||
|
||||
// SessionKey is a public key of session key
|
||||
bytes SessionKey = 7;
|
||||
}
|
||||
|
||||
// Info is a grouped information about token
|
||||
Info info = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (gogoproto.customname) = "Info"];
|
||||
|
||||
// Signature is a signature of session token information
|
||||
bytes Signature = 8;
|
||||
}
|
||||
|
||||
// TODO: for variable token types and version redefine message
|
||||
// Example:
|
||||
// message Token {
|
||||
// TokenType TokenType = 1;
|
||||
// uint32 Version = 2;
|
||||
// bytes Data = 3;
|
||||
// }
|
||||
|
|
|
@ -3,7 +3,6 @@ package session;
|
|||
option go_package = "github.com/nspcc-dev/neofs-api-go/session";
|
||||
option csharp_namespace = "NeoFS.API.Session";
|
||||
|
||||
import "session/types.proto";
|
||||
import "service/meta.proto";
|
||||
import "service/verify.proto";
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
|
@ -33,9 +32,9 @@ message CreateRequest {
|
|||
// owner of manipulation object;
|
||||
// ID of manipulation object;
|
||||
// token lifetime bounds.
|
||||
session.Token Init = 1;
|
||||
service.Token Init = 1;
|
||||
// Signed Init message response (Unsigned) from server with user private key
|
||||
session.Token Signed = 2;
|
||||
service.Token Signed = 2;
|
||||
}
|
||||
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
|
||||
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
|
||||
|
@ -46,8 +45,8 @@ message CreateRequest {
|
|||
message CreateResponse {
|
||||
oneof Message {
|
||||
// Unsigned token with token ID and session public key generated on server side
|
||||
session.Token Unsigned = 1;
|
||||
service.Token Unsigned = 1;
|
||||
// Result is a resulting token which can be used for object placing through an trusted intermediary
|
||||
session.Token Result = 2;
|
||||
service.Token Result = 2;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
syntax = "proto3";
|
||||
package session;
|
||||
option go_package = "github.com/nspcc-dev/neofs-api-go/session";
|
||||
option csharp_namespace = "NeoFS.API.Session";
|
||||
|
||||
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
|
||||
|
||||
option (gogoproto.stable_marshaler_all) = true;
|
||||
|
||||
message VerificationHeader {
|
||||
// PublicKey is a session public key
|
||||
bytes PublicKey = 1;
|
||||
// KeySignature is a session public key signature. Signed by trusted side
|
||||
bytes KeySignature = 2;
|
||||
}
|
||||
|
||||
// User token granting rights for object manipulation
|
||||
message Token {
|
||||
// Header carries verification data of session key
|
||||
VerificationHeader Header = 1 [(gogoproto.nullable) = false];
|
||||
// OwnerID is an owner of manipulation object
|
||||
bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
|
||||
// FirstEpoch is an initial epoch of token lifetime
|
||||
uint64 FirstEpoch = 3;
|
||||
// LastEpoch is a last epoch of token lifetime
|
||||
uint64 LastEpoch = 4;
|
||||
// ObjectID is an object identifier of manipulation object
|
||||
repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
|
||||
// Signature is a token signature, signed by owner of manipulation object
|
||||
bytes Signature = 6;
|
||||
// ID is a token identifier. valid UUIDv4 represented in bytes
|
||||
bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
|
||||
// PublicKeys associated with owner
|
||||
repeated bytes PublicKeys = 8;
|
||||
}
|
Loading…
Reference in a new issue