diff --git a/docs/object.md b/docs/object.md index 4ec32fc6..27e4bcf0 100644 --- a/docs/object.md +++ b/docs/object.md @@ -149,7 +149,6 @@ calculated for XORed data. | ----- | ---- | ----- | ----------- | | Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) | | OwnerID | [bytes](#bytes) | | OwnerID is a wallet address | -| Token | [session.Token](#session.Token) | | Token with session public key and user's signature | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -228,7 +227,6 @@ in distributed system. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) | -| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -256,7 +254,6 @@ in distributed system. | ----- | ---- | ----- | ----------- | | Address | [refs.Address](#refs.Address) | | Address of object (container id + object id) | | FullHeaders | [bool](#bool) | | FullHeaders can be set true for extended headers in the object | -| Raw | [bool](#bool) | | Raw is the request flag of a physically stored representation of an object | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -296,7 +293,6 @@ in distributed system. | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | Object | [Object](#object.Object) | | Object with at least container id and owner id fields | -| Token | [session.Token](#session.Token) | | Token with session public key and user's signature | | CopiesNumber | [uint32](#uint32) | | Number of the object copies to store within the RPC call (zero is processed according to the placement rules) | @@ -378,7 +374,7 @@ in distributed system. | UserHeader | [UserHeader](#object.UserHeader) | | UserHeader is a set of KV headers defined by user | | Transform | [Transform](#object.Transform) | | Transform defines transform operation (e.g. payload split) | | Tombstone | [Tombstone](#object.Tombstone) | | Tombstone header that set up in deleted objects | -| Verify | [session.VerificationHeader](#session.VerificationHeader) | | Verify header that contains session public key and user's signature | +| Token | [service.Token](#service.Token) | | Token header contains token of the session within which the object was created | | HomoHash | [bytes](#bytes) | | HomoHash is a homomorphic hash of original object payload | | PayloadChecksum | [bytes](#bytes) | | PayloadChecksum of actual object's payload | | Integrity | [IntegrityHeader](#object.IntegrityHeader) | | Integrity header with checksum of all above headers in the object | diff --git a/docs/service.md b/docs/service.md index 90e1bd2b..eef1e49f 100644 --- a/docs/service.md +++ b/docs/service.md @@ -14,8 +14,9 @@ - Messages - [RequestVerificationHeader](#service.RequestVerificationHeader) - - [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) - [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) + - [Token](#service.Token) + - [Token.Info](#service.Token.Info) - [service/verify_test.proto](#service/verify_test.proto) @@ -49,6 +50,7 @@ RequestMetaHeader contains information about request meta headers | TTL | [uint32](#uint32) | | TTL must be larger than zero, it decreased in every NeoFS Node | | Epoch | [uint64](#uint64) | | Epoch for user can be empty, because node sets epoch to the actual value | | Version | [uint32](#uint32) | | Version defines protocol version TODO: not used for now, should be implemented in future | +| Raw | [bool](#bool) | | Raw determines whether the request is raw or not | @@ -88,18 +90,7 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | | Signatures | [RequestVerificationHeader.Signature](#service.RequestVerificationHeader.Signature) | repeated | Signatures is a set of signatures of every passed NeoFS Node | - - - - -### Message RequestVerificationHeader.Sign - - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. | -| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. | +| Token | [Token](#service.Token) | | Token is a token of the session within which the request is sent | @@ -110,11 +101,57 @@ RequestVerificationHeader is a set of signatures of every NeoFS Node that proces | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| Sign | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Sign is a signature and public key of the request. | -| Origin | [RequestVerificationHeader.Sign](#service.RequestVerificationHeader.Sign) | | Origin used for requests, when trusted node changes it and re-sign with session key. If session key used for signature request, then Origin should contain public key of user and signed session key. | +| Sign | [bytes](#bytes) | | Sign is signature of the request or session key. | +| Peer | [bytes](#bytes) | | Peer is compressed public key used for signature. | + + + + +### Message Token +User token granting rights for object manipulation + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| TokenInfo | [Token.Info](#service.Token.Info) | | TokenInfo is a grouped information about token | +| Signature | [bytes](#bytes) | | Signature is a signature of session token information | + + + + +### Message Token.Info + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes | +| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object | +| verb | [Token.Info.Verb](#service.Token.Info.Verb) | | Verb is a type of request for which the token is issued | +| Address | [refs.Address](#refs.Address) | | Address is an object address for which token is issued | +| Created | [uint64](#uint64) | | Created is an initial epoch of token lifetime | +| ValidUntil | [uint64](#uint64) | | ValidUntil is a last epoch of token lifetime | +| SessionKey | [bytes](#bytes) | | SessionKey is a public key of session key | + + + +### Token.Info.Verb +Verb is an enumeration of session request types + +| Name | Number | Description | +| ---- | ------ | ----------- | +| Put | 0 | Put refers to object.Put RPC call | +| Get | 1 | Get refers to object.Get RPC call | +| Head | 2 | Head refers to object.Head RPC call | +| Search | 3 | Search refers to object.Search RPC call | +| Delete | 4 | Delete refers to object.Delete RPC call | +| Range | 5 | Range refers to object.GetRange RPC call | +| RangeHash | 6 | RangeHash refers to object.GetRangeHash RPC call | + + diff --git a/docs/session.md b/docs/session.md index ba615c36..4a537e65 100644 --- a/docs/session.md +++ b/docs/session.md @@ -12,13 +12,6 @@ - [CreateResponse](#session.CreateResponse) -- [session/types.proto](#session/types.proto) - - - Messages - - [Token](#session.Token) - - [VerificationHeader](#session.VerificationHeader) - - - [Scalar Value Types](#scalar-value-types) @@ -68,8 +61,8 @@ session key. Session is established during 4-step handshake in one gRPC stream | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| Init | [Token](#session.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. | -| Signed | [Token](#session.Token) | | Signed Init message response (Unsigned) from server with user private key | +| Init | [service.Token](#service.Token) | | Init is a message to initialize session opening. Carry: owner of manipulation object; ID of manipulation object; token lifetime bounds. | +| Signed | [service.Token](#service.Token) | | Signed Init message response (Unsigned) from server with user private key | | Meta | [service.RequestMetaHeader](#service.RequestMetaHeader) | | RequestMetaHeader contains information about request meta headers (should be embedded into message) | | Verify | [service.RequestVerificationHeader](#service.RequestVerificationHeader) | | RequestVerificationHeader is a set of signatures of every NeoFS Node that processed request (should be embedded into message) | @@ -82,52 +75,8 @@ session key. Session is established during 4-step handshake in one gRPC stream | Field | Type | Label | Description | | ----- | ---- | ----- | ----------- | -| Unsigned | [Token](#session.Token) | | Unsigned token with token ID and session public key generated on server side | -| Result | [Token](#session.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary | - - - - - - - - -
- -## session/types.proto - - - - - - - -### Message Token -User token granting rights for object manipulation - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| Header | [VerificationHeader](#session.VerificationHeader) | | Header carries verification data of session key | -| OwnerID | [bytes](#bytes) | | OwnerID is an owner of manipulation object | -| FirstEpoch | [uint64](#uint64) | | FirstEpoch is an initial epoch of token lifetime | -| LastEpoch | [uint64](#uint64) | | LastEpoch is a last epoch of token lifetime | -| ObjectID | [bytes](#bytes) | repeated | ObjectID is an object identifier of manipulation object | -| Signature | [bytes](#bytes) | | Signature is a token signature, signed by owner of manipulation object | -| ID | [bytes](#bytes) | | ID is a token identifier. valid UUIDv4 represented in bytes | -| PublicKeys | [bytes](#bytes) | repeated | PublicKeys associated with owner | - - - - -### Message VerificationHeader - - - -| Field | Type | Label | Description | -| ----- | ---- | ----- | ----------- | -| PublicKey | [bytes](#bytes) | | PublicKey is a session public key | -| KeySignature | [bytes](#bytes) | | KeySignature is a session public key signature. Signed by trusted side | +| Unsigned | [service.Token](#service.Token) | | Unsigned token with token ID and session public key generated on server side | +| Result | [service.Token](#service.Token) | | Result is a resulting token which can be used for object placing through an trusted intermediary |