diff --git a/object/service.proto b/object/service.proto
index b5042e2..2b4e932 100644
--- a/object/service.proto
+++ b/object/service.proto
@@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object";
import "refs/types.proto";
import "object/types.proto";
-import "session/types.proto";
import "service/meta.proto";
import "service/verify.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -58,8 +57,6 @@ service Service {
message GetRequest {
// Address of object (container id + object id)
refs.Address Address = 1 [(gogoproto.nullable) = false];
- // Raw is the request flag of a physically stored representation of an object
- bool Raw = 2;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -83,7 +80,7 @@ message PutRequest {
// Object with at least container id and owner id fields
Object Object = 1;
// Token with session public key and user's signature
- session.Token Token = 2;
+ service.Token Token = 2;
// Number of the object copies to store within the RPC call (zero is processed according to the placement rules)
uint32 CopiesNumber = 3;
}
@@ -113,7 +110,7 @@ message DeleteRequest {
// OwnerID is a wallet address
bytes OwnerID = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"];
// Token with session public key and user's signature
- session.Token Token = 3;
+ service.Token Token = 3;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
@@ -132,8 +129,6 @@ message HeadRequest {
refs.Address Address = 1 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
// FullHeaders can be set true for extended headers in the object
bool FullHeaders = 2;
- // Raw is the request flag of a physically stored representation of an object
- bool Raw = 3;
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message)
diff --git a/object/types.proto b/object/types.proto
index f21bf74..21ab981 100644
--- a/object/types.proto
+++ b/object/types.proto
@@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object";
option csharp_namespace = "NeoFS.API.Object";
import "refs/types.proto";
-import "session/types.proto";
+import "service/verify.proto";
import "storagegroup/types.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -36,8 +36,8 @@ message Header {
Transform Transform = 4;
// Tombstone header that set up in deleted objects
Tombstone Tombstone = 5;
- // Verify header that contains session public key and user's signature
- session.VerificationHeader Verify = 6;
+ // Token header contains token of the session within which the object was created
+ service.Token Token = 6;
// HomoHash is a homomorphic hash of original object payload
bytes HomoHash = 7 [(gogoproto.customtype) = "Hash"];
// PayloadChecksum of actual object's payload
diff --git a/proto-docs/object.md b/proto-docs/object.md
index 4ec32fc..842f008 100644
--- a/proto-docs/object.md
+++ b/proto-docs/object.md
@@ -149,7 +149,7 @@ calculated for XORed data.
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
| OwnerID | [bytes](#bytes) | | OwnerID is a wallet address |
-| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) | | Token with session public key and user's signature |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -228,7 +228,6 @@ in distributed system.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
-| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -256,7 +255,6 @@ in distributed system.
| ----- | ---- | ----- | ----------- |
| Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) |
| FullHeaders | [bool](#bool) | | FullHeaders can be set true for extended headers in the object |
-| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -296,7 +294,7 @@ in distributed system.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Object | [Object](#object.Object) | | Object with at least container id and owner id fields |
-| Token | [session.Token](#session.Token) | | Token with session public key and user's signature |
+| Token | [service.Token](#service.Token) | | Token with session public key and user's signature |
| CopiesNumber | [uint32](#uint32) | | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) |
@@ -378,7 +376,7 @@ in distributed system.
| UserHeader | [UserHeader](#object.UserHeader) | | UserHeader is a set of KV headers defined by user |
| Transform | [Transform](#object.Transform) | | Transform defines transform operation (e.g. payload split) |
| Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects |
-| Verify | [session.VerificationHeader](#session.VerificationHeader) | | Verify header that contains session public key and user's signature |
+| Token | [service.Token](#service.Token) | | Token header that contains session token |
| HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload |
| PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload |
| Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object |
diff --git a/proto-docs/service.md b/proto-docs/service.md
index 2b6b33e..6af3468 100644
--- a/proto-docs/service.md
+++ b/proto-docs/service.md
@@ -14,8 +14,9 @@
- Messages
- [RequestVerificationHeader](#service.RequestVerificationHeader)
- - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign)
- [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature)
+ - [Token](#service.Token)
+ - [Token.Info](#service.Token.Info)
- [Scalar Value Types](#scalar-value-types)
@@ -43,6 +44,7 @@ RequestMetaHeader contains information about request meta headers
| TTL | [uint32](#uint32) | | TTL must be larger than zero, it decreased in every NeoFS Node |
| Epoch | [uint64](#uint64) | | Epoch for user can be empty, because node sets epoch to the actual value |
| Version | [uint32](#uint32) | | Version defines protocol version TODO: not used for now, should be implemented in future |
+| Raw | [bool](#bool) | | Raw determines whether the request is raw or not |
@@ -82,18 +84,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node |
-
-
-
-
-### Message RequestVerificationHeader.Sign
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. |
-| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. |
+| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent |
@@ -104,11 +95,57 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Sign is a signature and public key of the request. |
-| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. |
+| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. |
+| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. |
+
+
+
+
+### Message Token
+User token granting rights for object manipulation
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| info | [Token.Info](#service.Token.Info) | | Info is a grouped information about token |
+| Signature | [bytes](#bytes) | | Signature is a signature of session token information |
+
+
+
+
+### Message Token.Info
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
+| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
+| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued |
+| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued |
+| Created | [uint64](#uint64) | | Created is an initial epoch of token lifetime |
+| ValidUntil | [uint64](#uint64) | | ValidUntil is a last epoch of token lifetime |
+| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key |
+
+
+
+### Token.Info.Verb
+Verb is an enumeration of session request types
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| Put | 0 | Put refers to object.Put RPC call |
+| Get | 1 | Get refers to object.Get RPC call |
+| Head | 2 | Head refers to object.Head RPC call |
+| Search | 3 | Search refers to object.Search RPC call |
+| Delete | 4 | Delete refers to object.Delete RPC call |
+| Range | 5 | Range refers to object.GetRange RPC call |
+| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call |
+
+
diff --git a/proto-docs/session.md b/proto-docs/session.md
index ba615c3..4a537e6 100644
--- a/proto-docs/session.md
+++ b/proto-docs/session.md
@@ -12,13 +12,6 @@
- [CreateResponse](#session.CreateResponse)
-- [session/types.proto](#session/types.proto)
-
- - Messages
- - [Token](#session.Token)
- - [VerificationHeader](#session.VerificationHeader)
-
-
- [Scalar Value Types](#scalar-value-types)
@@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Init | [Token](#session.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
-| Signed | [Token](#session.Token) | | Signed Init message response (Unsigned) from server with user private key |
+| Init | [service.Token](#service.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. |
+| Signed | [service.Token](#service.Token) | | Signed Init message response (Unsigned) from server with user private key |
| Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) |
| Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) |
@@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
-| Unsigned | [Token](#session.Token) | | Unsigned token with token ID and session public key generated on server side |
-| Result | [Token](#session.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |
-
-
-
-
-
-
-
-
-Top
-
-## session/types.proto
-
-
-
-
-
-
-
-### Message Token
-User token granting rights for object manipulation
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| Header | [VerificationHeader](#session.VerificationHeader) | | Header carries verification data of session key |
-| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object |
-| FirstEpoch | [uint64](#uint64) | | FirstEpoch is an initial epoch of token lifetime |
-| LastEpoch | [uint64](#uint64) | | LastEpoch is a last epoch of token lifetime |
-| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object |
-| Signature | [bytes](#bytes) | | Signature is a token signature, signed by owner of manipulation object |
-| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes |
-| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner |
-
-
-
-
-### Message VerificationHeader
-
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| PublicKey | [bytes](#bytes) | | PublicKey is a session public key |
-| KeySignature | [bytes](#bytes) | | KeySignature is a session public key signature. Signed by trusted side |
+| Unsigned | [service.Token](#service.Token) | | Unsigned token with token ID and session public key generated on server side |
+| Result | [service.Token](#service.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |
diff --git a/service/meta.proto b/service/meta.proto
index 99b37d3..093f118 100644
--- a/service/meta.proto
+++ b/service/meta.proto
@@ -17,6 +17,8 @@ message RequestMetaHeader {
// Version defines protocol version
// TODO: not used for now, should be implemented in future
uint32 Version = 3;
+ // Raw determines whether the request is raw or not
+ bool Raw = 4;
}
// ResponseMetaHeader contains meta information based on request processing by server
diff --git a/service/verify.proto b/service/verify.proto
index de0a69a..97cc7fa 100644
--- a/service/verify.proto
+++ b/service/verify.proto
@@ -3,6 +3,7 @@ package service;
option go_package = "github.com/nspcc-dev/neofs-api-go/service";
option csharp_namespace = "NeoFS.API.Service";
+import "refs/types.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
option (gogoproto.stable_marshaler_all) = true;
@@ -10,22 +11,74 @@ option (gogoproto.stable_marshaler_all) = true;
// RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request
// (should be embedded into message).
message RequestVerificationHeader {
- message Sign {
+ message Signature {
// Sign is signature of the request or session key.
bytes Sign = 1;
// Peer is compressed public key used for signature.
bytes Peer = 2;
}
- message Signature {
- // Sign is a signature and public key of the request.
- Sign Sign = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
- // Origin used for requests, when trusted node changes it and re-sign with session key.
- // If session key used for signature request, then Origin should contain
- // public key of user and signed session key.
- Sign Origin = 2;
- }
-
// Signatures is a set of signatures of every passed NeoFS Node
repeated Signature Signatures = 1;
+
+ // Token is a token of the session within which the request is sent
+ Token Token = 2;
}
+
+// User token granting rights for object manipulation
+message Token {
+ message Info {
+ // ID is a token identifier. valid UUIDv4 represented in bytes
+ bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
+
+ // OwnerID is an owner of manipulation object
+ bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
+
+ // Verb is an enumeration of session request types
+ enum Verb {
+ // Put refers to object.Put RPC call
+ Put = 0;
+ // Get refers to object.Get RPC call
+ Get = 1;
+ // Head refers to object.Head RPC call
+ Head = 2;
+ // Search refers to object.Search RPC call
+ Search = 3;
+ // Delete refers to object.Delete RPC call
+ Delete = 4;
+ // Range refers to object.GetRange RPC call
+ Range = 5;
+ // RangeHash refers to object.GetRangeHash RPC call
+ RangeHash = 6;
+ }
+
+ // Verb is a type of request for which the token is issued
+ Verb verb = 3 [(gogoproto.customname) = "Verb"];
+
+ // Address is an object address for which token is issued
+ refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"];
+
+ // Created is an initial epoch of token lifetime
+ uint64 Created = 5;
+
+ // ValidUntil is a last epoch of token lifetime
+ uint64 ValidUntil = 6;
+
+ // SessionKey is a public key of session key
+ bytes SessionKey = 7;
+ }
+
+ // Info is a grouped information about token
+ Info info = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (gogoproto.customname) = "Info"];
+
+ // Signature is a signature of session token information
+ bytes Signature = 8;
+}
+
+// TODO: for variable token types and version redefine message
+// Example:
+// message Token {
+// TokenType TokenType = 1;
+// uint32 Version = 2;
+// bytes Data = 3;
+// }
diff --git a/session/service.proto b/session/service.proto
index 524213a..5c22fc3 100644
--- a/session/service.proto
+++ b/session/service.proto
@@ -3,7 +3,6 @@ package session;
option go_package = "github.com/nspcc-dev/neofs-api-go/session";
option csharp_namespace = "NeoFS.API.Session";
-import "session/types.proto";
import "service/meta.proto";
import "service/verify.proto";
import "github.com/gogo/protobuf/gogoproto/gogo.proto";
@@ -33,9 +32,9 @@ message CreateRequest {
// owner of manipulation object;
// ID of manipulation object;
// token lifetime bounds.
- session.Token Init = 1;
+ service.Token Init = 1;
// Signed Init message response (Unsigned) from server with user private key
- session.Token Signed = 2;
+ service.Token Signed = 2;
}
// RequestMetaHeader contains information about request meta headers (should be embedded into message)
service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false];
@@ -46,8 +45,8 @@ message CreateRequest {
message CreateResponse {
oneof Message {
// Unsigned token with token ID and session public key generated on server side
- session.Token Unsigned = 1;
+ service.Token Unsigned = 1;
// Result is a resulting token which can be used for object placing through an trusted intermediary
- session.Token Result = 2;
+ service.Token Result = 2;
}
}
diff --git a/session/types.proto b/session/types.proto
deleted file mode 100644
index 3ae49a3..0000000
--- a/session/types.proto
+++ /dev/null
@@ -1,35 +0,0 @@
-syntax = "proto3";
-package session;
-option go_package = "github.com/nspcc-dev/neofs-api-go/session";
-option csharp_namespace = "NeoFS.API.Session";
-
-import "github.com/gogo/protobuf/gogoproto/gogo.proto";
-
-option (gogoproto.stable_marshaler_all) = true;
-
-message VerificationHeader {
- // PublicKey is a session public key
- bytes PublicKey = 1;
- // KeySignature is a session public key signature. Signed by trusted side
- bytes KeySignature = 2;
-}
-
-// User token granting rights for object manipulation
-message Token {
- // Header carries verification data of session key
- VerificationHeader Header = 1 [(gogoproto.nullable) = false];
- // OwnerID is an owner of manipulation object
- bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false];
- // FirstEpoch is an initial epoch of token lifetime
- uint64 FirstEpoch = 3;
- // LastEpoch is a last epoch of token lifetime
- uint64 LastEpoch = 4;
- // ObjectID is an object identifier of manipulation object
- repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false];
- // Signature is a token signature, signed by owner of manipulation object
- bytes Signature = 6;
- // ID is a token identifier. valid UUIDv4 represented in bytes
- bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false];
- // PublicKeys associated with owner
- repeated bytes PublicKeys = 8;
-}