diff --git a/object/service.proto b/object/service.proto index b5042e2..1cf9043 100644 --- a/object/service.proto +++ b/object/service.proto @@ -5,7 +5,6 @@ option csharp_namespace = "NeoFS.API.Object"; import "refs/types.proto"; import "object/types.proto"; -import "session/types.proto"; import "service/meta.proto"; import "service/verify.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; @@ -83,7 +82,7 @@ message PutRequest { // Object with at least container id and owner id fields Object Object = 1; // Token with session public key and user's signature - session.Token Token = 2; + service.Token Token = 2; // Number of the object copies to store within the RPC call (zero is processed according to the placement rules) uint32 CopiesNumber = 3; } @@ -113,7 +112,7 @@ message DeleteRequest { // OwnerID is a wallet address bytes OwnerID = 2 [(gogoproto.nullable) = false, (gogoproto.customtype) = "OwnerID"]; // Token with session public key and user's signature - session.Token Token = 3; + service.Token Token = 3; // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; // RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) diff --git a/object/types.proto b/object/types.proto index f21bf74..21ab981 100644 --- a/object/types.proto +++ b/object/types.proto @@ -4,7 +4,7 @@ option go_package = "github.com/nspcc-dev/neofs-api-go/object"; option csharp_namespace = "NeoFS.API.Object"; import "refs/types.proto"; -import "session/types.proto"; +import "service/verify.proto"; import "storagegroup/types.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; @@ -36,8 +36,8 @@ message Header { Transform Transform = 4; // Tombstone header that set up in deleted objects Tombstone Tombstone = 5; - // Verify header that contains session public key and user's signature - session.VerificationHeader Verify = 6; + // Token header contains token of the session within which the object was created + service.Token Token = 6; // HomoHash is a homomorphic hash of original object payload bytes HomoHash = 7 [(gogoproto.customtype) = "Hash"]; // PayloadChecksum of actual object's payload diff --git a/proto-docs/object.md b/proto-docs/object.md index 4ec32fc..7e6069b 100644 --- a/proto-docs/object.md +++ b/proto-docs/object.md @@ -149,7 +149,7 @@ calculated for XORed data. | ----- | ---- | ----- | ----------- | | Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) | | OwnerID | [bytes](#bytes) | | OwnerID is a wallet address | -| Token | [session.Token](#session.Token) | | Token with session public key and user's signature | +| Token | [service.Token](#service.Token) | | Token with session public key and user's signature | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -296,7 +296,7 @@ in distributed system. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | Object | [Object](#object.Object) | | Object with at least container id and owner id fields | -| Token | [session.Token](#session.Token) | | Token with session public key and user's signature | +| Token | [service.Token](#service.Token) | | Token with session public key and user's signature | | CopiesNumber | [uint32](#uint32) | | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) | @@ -378,7 +378,7 @@ in distributed system. | UserHeader | [UserHeader](#object.UserHeader) | | UserHeader is a set of KV headers defined by user | | Transform | [Transform](#object.Transform) | | Transform defines transform operation (e.g. payload split) | | Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects | -| Verify | [session.VerificationHeader](#session.VerificationHeader) | | Verify header that contains session public key and user's signature | +| Token | [service.Token](#service.Token) | | Token header that contains session token | | HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload | | PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload | | Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object | diff --git a/proto-docs/service.md b/proto-docs/service.md index 1d98503..6af3468 100644 --- a/proto-docs/service.md +++ b/proto-docs/service.md @@ -15,6 +15,8 @@ - Messages - [RequestVerificationHeader](#service.RequestVerificationHeader) - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) + - [Token](#service.Token) + - [Token.Info](#service.Token.Info) - [Scalar Value Types](#scalar-value-types) @@ -82,6 +84,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node | +| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent | @@ -95,8 +98,54 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces | Sign | [bytes](#bytes) | | Sign is signature of the request or session key. | | Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. | + + + +### Message Token +User token granting rights for object manipulation + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| info | [Token.Info](#service.Token.Info) | | Info is a grouped information about token | +| Signature | [bytes](#bytes) | | Signature is a signature of session token information | + + + + +### Message Token.Info + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes | +| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object | +| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued | +| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued | +| Created | [uint64](#uint64) | | Created is an initial epoch of token lifetime | +| ValidUntil | [uint64](#uint64) | | ValidUntil is a last epoch of token lifetime | +| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key | + + + + +### Token.Info.Verb +Verb is an enumeration of session request types + +| Name | Number | Description | +| ---- | ------ | ----------- | +| Put | 0 | Put refers to object.Put RPC call | +| Get | 1 | Get refers to object.Get RPC call | +| Head | 2 | Head refers to object.Head RPC call | +| Search | 3 | Search refers to object.Search RPC call | +| Delete | 4 | Delete refers to object.Delete RPC call | +| Range | 5 | Range refers to object.GetRange RPC call | +| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call | + + diff --git a/proto-docs/session.md b/proto-docs/session.md index ba615c3..4a537e6 100644 --- a/proto-docs/session.md +++ b/proto-docs/session.md @@ -12,13 +12,6 @@ - [CreateResponse](#session.CreateResponse) -- [session/types.proto](#session/types.proto) - - - Messages - - [Token](#session.Token) - - [VerificationHeader](#session.VerificationHeader) - - - [Scalar Value Types](#scalar-value-types) @@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| Init | [Token](#session.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. | -| Signed | [Token](#session.Token) | | Signed Init message response (Unsigned) from server with user private key | +| Init | [service.Token](#service.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. | +| Signed | [service.Token](#service.Token) | | Signed Init message response (Unsigned) from server with user private key | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| Unsigned | [Token](#session.Token) | | Unsigned token with token ID and session public key generated on server side | -| Result | [Token](#session.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary | - - - - - - - - -

Top

- -## session/types.proto - - - - - - - -### Message Token -User token granting rights for object manipulation - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| Header | [VerificationHeader](#session.VerificationHeader) | | Header carries verification data of session key | -| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object | -| FirstEpoch | [uint64](#uint64) | | FirstEpoch is an initial epoch of token lifetime | -| LastEpoch | [uint64](#uint64) | | LastEpoch is a last epoch of token lifetime | -| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object | -| Signature | [bytes](#bytes) | | Signature is a token signature, signed by owner of manipulation object | -| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes | -| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner | - - - - -### Message VerificationHeader - - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| PublicKey | [bytes](#bytes) | | PublicKey is a session public key | -| KeySignature | [bytes](#bytes) | | KeySignature is a session public key signature. Signed by trusted side | +| Unsigned | [service.Token](#service.Token) | | Unsigned token with token ID and session public key generated on server side | +| Result | [service.Token](#service.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary | diff --git a/service/verify.proto b/service/verify.proto index 37a3c86..97cc7fa 100644 --- a/service/verify.proto +++ b/service/verify.proto @@ -3,6 +3,7 @@ package service; option go_package = "github.com/nspcc-dev/neofs-api-go/service"; option csharp_namespace = "NeoFS.API.Service"; +import "refs/types.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; option (gogoproto.stable_marshaler_all) = true; @@ -19,4 +20,65 @@ message RequestVerificationHeader { // Signatures is a set of signatures of every passed NeoFS Node repeated Signature Signatures = 1; + + // Token is a token of the session within which the request is sent + Token Token = 2; } + +// User token granting rights for object manipulation +message Token { + message Info { + // ID is a token identifier. valid UUIDv4 represented in bytes + bytes ID = 1 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false]; + + // OwnerID is an owner of manipulation object + bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; + + // Verb is an enumeration of session request types + enum Verb { + // Put refers to object.Put RPC call + Put = 0; + // Get refers to object.Get RPC call + Get = 1; + // Head refers to object.Head RPC call + Head = 2; + // Search refers to object.Search RPC call + Search = 3; + // Delete refers to object.Delete RPC call + Delete = 4; + // Range refers to object.GetRange RPC call + Range = 5; + // RangeHash refers to object.GetRangeHash RPC call + RangeHash = 6; + } + + // Verb is a type of request for which the token is issued + Verb verb = 3 [(gogoproto.customname) = "Verb"]; + + // Address is an object address for which token is issued + refs.Address Address = 4 [(gogoproto.nullable) = false, (gogoproto.customtype) = "Address"]; + + // Created is an initial epoch of token lifetime + uint64 Created = 5; + + // ValidUntil is a last epoch of token lifetime + uint64 ValidUntil = 6; + + // SessionKey is a public key of session key + bytes SessionKey = 7; + } + + // Info is a grouped information about token + Info info = 1 [(gogoproto.embed) = true, (gogoproto.nullable) = false, (gogoproto.customname) = "Info"]; + + // Signature is a signature of session token information + bytes Signature = 8; +} + +// TODO: for variable token types and version redefine message +// Example: +// message Token { +// TokenType TokenType = 1; +// uint32 Version = 2; +// bytes Data = 3; +// } diff --git a/session/service.proto b/session/service.proto index 524213a..5c22fc3 100644 --- a/session/service.proto +++ b/session/service.proto @@ -3,7 +3,6 @@ package session; option go_package = "github.com/nspcc-dev/neofs-api-go/session"; option csharp_namespace = "NeoFS.API.Session"; -import "session/types.proto"; import "service/meta.proto"; import "service/verify.proto"; import "github.com/gogo/protobuf/gogoproto/gogo.proto"; @@ -33,9 +32,9 @@ message CreateRequest { // owner of manipulation object; // ID of manipulation object; // token lifetime bounds. - session.Token Init = 1; + service.Token Init = 1; // Signed Init message response (Unsigned) from server with user private key - session.Token Signed = 2; + service.Token Signed = 2; } // RequestMetaHeader contains information about request meta headers (should be embedded into message) service.RequestMetaHeader Meta = 98 [(gogoproto.embed) = true, (gogoproto.nullable) = false]; @@ -46,8 +45,8 @@ message CreateRequest { message CreateResponse { oneof Message { // Unsigned token with token ID and session public key generated on server side - session.Token Unsigned = 1; + service.Token Unsigned = 1; // Result is a resulting token which can be used for object placing through an trusted intermediary - session.Token Result = 2; + service.Token Result = 2; } } diff --git a/session/types.proto b/session/types.proto deleted file mode 100644 index 3ae49a3..0000000 --- a/session/types.proto +++ /dev/null @@ -1,35 +0,0 @@ -syntax = "proto3"; -package session; -option go_package = "github.com/nspcc-dev/neofs-api-go/session"; -option csharp_namespace = "NeoFS.API.Session"; - -import "github.com/gogo/protobuf/gogoproto/gogo.proto"; - -option (gogoproto.stable_marshaler_all) = true; - -message VerificationHeader { - // PublicKey is a session public key - bytes PublicKey = 1; - // KeySignature is a session public key signature. Signed by trusted side - bytes KeySignature = 2; -} - -// User token granting rights for object manipulation -message Token { - // Header carries verification data of session key - VerificationHeader Header = 1 [(gogoproto.nullable) = false]; - // OwnerID is an owner of manipulation object - bytes OwnerID = 2 [(gogoproto.customtype) = "OwnerID", (gogoproto.nullable) = false]; - // FirstEpoch is an initial epoch of token lifetime - uint64 FirstEpoch = 3; - // LastEpoch is a last epoch of token lifetime - uint64 LastEpoch = 4; - // ObjectID is an object identifier of manipulation object - repeated bytes ObjectID = 5 [(gogoproto.customtype) = "ObjectID", (gogoproto.nullable) = false]; - // Signature is a token signature, signed by owner of manipulation object - bytes Signature = 6; - // ID is a token identifier. valid UUIDv4 represented in bytes - bytes ID = 7 [(gogoproto.customtype) = "TokenID", (gogoproto.nullable) = false]; - // PublicKeys associated with owner - repeated bytes PublicKeys = 8; -}